Votre question

Infiltration dans mon PC

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Mars 2009 11:06:50

Bonjour , hier j'ai reçu un fichier ou il y avait pleins de virus sans le savoir .... mon anti virus détecte les virus mais peut en suprimer que 2 le reste tous passe . Celui qui ma envoyer sa est un hackeur qui veut pénétré dans mon ordinateur je voudrais de l'aide SVP ou la meilleur méthode de me débarassé des virus et des infiltrations.

Voici un Scan Hijack : ( effectivement c'est tres méchant les trucs Services .... )

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:56, on 24/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CDE97130-39B4-404E-83FC-37075459EDAE} - C:\WINDOWS\system32\fccyxWoL.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zenocriminel.spaces.live.com//PhotoUpload/MsnPUp...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

--
End of file - 10685 bytes


Merci Cordialemment de m'aider .

Autres pages sur : infiltration

a c 326 8 Sécurité
a b 9 Windows
24 Mars 2009 12:50:37

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    24 Mars 2009 14:41:10

    Rebonjour , Voila j'ai DL le logiciel et voila les 2 rapports


    le premier " info " : info.txt logfile of random's system information tool 1.06 2009-03-24 14:38:14

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    BitComet 1.09-->C:\Program Files\BitComet\uninst.exe
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    FantasyTennis-->C:\Program Files\alaplaya\FantasyTennis\Uninstall.exe
    Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
    Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
    NOD32 FiX v1.9-->"C:\Program Files\Eset\unins000.exe"
    OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
    TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
    VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
    Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
    Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: ESET NOD32 antivirus system 2.70

    ======System event log======

    Computer Name: HP
    Event Code: 7026
    Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
    epfwtdir
    i8042prt

    Record Number: 48423
    Source Name: Service Control Manager
    Time Written: 20090216214323.000000+060
    Event Type: erreur
    User:

    Computer Name: HP
    Event Code: 9
    Message: Broadcom NetXtreme Gigabit Ethernet: Network controller configured for 100Mb full-duplex link.

    Record Number: 48422
    Source Name: b57w2k
    Time Written: 20090216214315.000000+060
    Event Type: Informations
    User:

    Computer Name: HP
    Event Code: 15
    Message: Broadcom NetXtreme Gigabit Ethernet: Driver initialized successfully.

    Record Number: 48421
    Source Name: b57w2k
    Time Written: 20090216214315.000000+060
    Event Type: Informations
    User:

    Computer Name: HP
    Event Code: 6005
    Message: Le service d'Enregistrement d'événement a démarré.

    Record Number: 48420
    Source Name: EventLog
    Time Written: 20090216214250.000000+060
    Event Type: Informations
    User:

    Computer Name: HP
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

    Record Number: 48419
    Source Name: EventLog
    Time Written: 20090216214250.000000+060
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: HP
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 5
    Source Name: SecurityCenter
    Time Written: 20090308084444.000000+060
    Event Type: Informations
    User:

    Computer Name: HP
    Event Code: 0
    Message:
    Record Number: 4
    Source Name: SeaPort
    Time Written: 20090308084417.000000+060
    Event Type: Informations
    User:

    Computer Name: HP
    Event Code: 1000
    Message: Application défaillante yahoom~1.exe, version 8.1.0.421, module défaillant yahoom~1.exe, version 8.1.0.421, adresse de défaillance 0x000029ef.

    Record Number: 3
    Source Name: Application Error
    Time Written: 20090307191304.000000+060
    Event Type: erreur
    User:

    Computer Name: HP
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 2
    Source Name: SecurityCenter
    Time Written: 20090307181428.000000+060
    Event Type: Informations
    User:

    Computer Name: HP
    Event Code: 0
    Message:
    Record Number: 1
    Source Name: SeaPort
    Time Written: 20090307181425.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
    "PROCESSOR_REVISION"=0409
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

    -----------------EOF-----------------


    le 2 eme " Log "

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-03-24 14:37:57
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 8 GB (22%) free of 38 GB
    Total RAM: 2039 MB (71% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:38:11, on 24/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\services.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\services.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\WINDOWS\VM303_STI.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\ESET\nod32kui.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {CDE97130-39B4-404E-83FC-37075459EDAE} - C:\WINDOWS\system32\fccyxWoL.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Search - ?p=ZNfox000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall....
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zenocriminel.spaces.live.com//PhotoUpload/MsnPUp...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

    --
    End of file - 10813 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    Yahoo! Toolbar Helper

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll [2009-01-16 656696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-17 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDE97130-39B4-404E-83FC-37075459EDAE}]
    C:\WINDOWS\system32\fccyxWoL.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-17 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-17 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
    "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
    "Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-03-08 13924864]
    "PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2005-10-04 86016]
    "PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2005-03-06 276480]
    "SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-20 525824]
    "LayoutM"=C:\WINDOWS\KLayMgr.exe [2004-08-16 45056]
    "BigDog303"=C:\WINDOWS\VM303_STI.EXE [2005-06-23 61440]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-17 136600]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
    "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
    "nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-21 949376]
    "!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "DirectX For Microsoft® Windows"=C:\WINDOWS\system32\fservice.exe [2009-03-23 350764]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
    "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
    "YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe

    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    C:\WINDOWS\system32\fccyxWoL
    nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\oDC\oDC.exe"="C:\Program Files\oDC\oDC.exe:*:Enabled:o DC"
    "C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hlds.exe"="C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hltv.exe"="C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hltv.exe:*:Enabled:HLTV Launcher"
    "C:\PacSteam\SteamApps\zeno123456\counter-strike\hl.exe"="C:\PacSteam\SteamApps\zeno123456\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hlds.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Cracked Steam\steamapps\zeno123456\counter-strike\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Cracked Steam\steamapps\zeno123456\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hltv.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hltv.exe:*:Enabled:HLTV Launcher"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.203\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.203\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.109\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.109\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.093\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.093\StrongDC.exe:*:D isabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Bureau\stong dc\StrongDC.exe"="C:\Documents and Settings\Administrateur\Bureau\stong dc\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Program Files\Counter Strike 1.6\hl.exe"="C:\Program Files\Counter Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Counter Strike 1.6\hlds.exe"="C:\Program Files\Counter Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Counter Strike 1.6\hlds.exe"="C:\Documents and Settings\Administrateur\Bureau\Counter Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Cracked Steam\steamapps\zeno123456\half-life\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Cracked Steam\steamapps\zeno123456\half-life\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\dc\StrongDC.exe"="C:\Documents and Settings\Administrateur\Bureau\dc\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Program Files\SHOUTcast\sc_serv.exe"="C:\Program Files\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\zeno123456\counter-strike\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\zeno123456\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\counter-strike\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\dedicated server\hlds.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\dedicated server\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.907\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.907\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\condition zero\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Games\XTCS Counter-Strike 1.6 Final Release\cstrike.exe"="C:\Games\XTCS Counter-Strike 1.6 Final Release\cstrike.exe:*:Enabled:XTCS Counter-Strike 1.6 Final Release"
    "C:\Games\XTCS Counter-Strike 1.6 Final Release\hltv.exe"="C:\Games\XTCS Counter-Strike 1.6 Final Release\hltv.exe:*:Enabled:HLTV Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\VNC4\winvnc4.exe"="C:\Documents and Settings\Administrateur\Bureau\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
    "C:\Program Files\Counter-Strike\hl.exe"="C:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
    "F:\Pacific Warriors\Pacific Warriors.exe"="F:\Pacific Warriors\Pacific Warriors.exe:*:Enabled:p acific Warriors"
    "C:\Program Files\Steam\steamapps\waterman79\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\waterman79\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "E:\muzica\jocuri\Master rally (masini de teren)\MRallye.exe"="E:\muzica\jocuri\Master rally (masini de teren)\MRallye.exe:*:Enabled:MRallye"
    "E:\muzica\jocuri\Pacific Warriors\Pacific Warriors.exe"="E:\muzica\jocuri\Pacific Warriors\Pacific Warriors.exe:*:Enabled:p acific Warriors"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:o rb"
    "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:o rbTray"
    "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:o rb Stream Client"
    "C:\Program Files\Steam\steamapps\waterman79\condition zero\hl.exe"="C:\Program Files\Steam\steamapps\waterman79\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Steam\steamapps\waterman79\dedicated server\hltv.exe"="C:\Program Files\Steam\steamapps\waterman79\dedicated server\hltv.exe:*:Enabled:HLTV Launcher"
    "D:\Steam\steamapps\waterman79\counter-strike\hl.exe"="D:\Steam\steamapps\waterman79\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
    "D:\Steam\steamapps\waterman79\condition zero\hl.exe"="D:\Steam\steamapps\waterman79\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\alaplaya\ComeOnBaby\ComeOnBaby.exe"="C:\Program Files\alaplaya\ComeOnBaby\ComeOnBaby.exe:*:D isabled:ComeOnBaby"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX01.719\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX01.719\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.937\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.937\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.641\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.641\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX01.047\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX01.047\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.938\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.938\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX08.000\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX08.000\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\temp\TeamViewer3\TeamViewer.exe"="C:\Documents and Settings\Administrateur\temp\TeamViewer3\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer"
    "C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe"="C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe:*:Enabled:Ad Blocker of Tweak-XP"
    "C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:p artage de l'application RTC"
    "C:\Program Files\alaplaya\S4League\S4Client.exe"="C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:p roject S4 Client.exe"
    "C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e24c0aa-b3cc-11dd-8204-0018716a7289}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf6a6b9c-f076-11dc-bf9b-0018716a7289}]
    shell\Auto\command - G:\psfbjvedk.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL psfbjvedk.exe


    ======List of files/folders created in the last 1 months======

    2009-03-24 14:37:57 ----D---- C:\rsit
    2009-03-24 10:38:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Canneverbe_Limited
    2009-03-24 10:37:58 ----D---- C:\Program Files\CDBurnerXP
    2009-03-23 21:35:15 ----SH---- C:\WINDOWS\services.exe
    2009-03-23 15:50:34 ----A---- C:\WINDOWS\system32\lncom.exe
    2009-03-23 15:47:08 ----SH---- C:\WINDOWS\system32\fservice.exe
    2009-03-23 15:47:06 ----A---- C:\WINDOWS\system32\lncom_.exe
    2009-03-19 07:45:26 ----D---- C:\alaplaya
    2009-03-18 22:56:07 ----D---- C:\Program Files\Windows Live Safety Center
    2009-03-11 17:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-11 17:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-03-11 17:06:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
    2009-02-25 12:14:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
    2009-02-25 12:14:42 ----A---- C:\WINDOWS\imsins.BAK
    2009-02-25 12:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

    ======List of files/folders modified in the last 1 months======

    2009-03-24 14:36:21 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-24 12:06:14 ----D---- C:\WINDOWS
    2009-03-24 10:54:52 ----RD---- C:\Program Files
    2009-03-24 10:47:17 ----D---- C:\WINDOWS\Temp
    2009-03-24 10:37:32 ----D---- C:\Program Files\BitComet
    2009-03-24 10:37:16 ----D---- C:\Downloads
    2009-03-24 10:25:07 ----D---- C:\WINDOWS\system32
    2009-03-24 10:24:23 ----D---- C:\WINDOWS\system
    2009-03-23 23:38:32 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-23 16:18:51 ----D---- C:\WINDOWS\system32\drivers
    2009-03-23 15:21:25 ----HD---- C:\WINDOWS\inf
    2009-03-23 15:21:21 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-21 08:00:09 ----D---- C:\WINDOWS\Prefetch
    2009-03-20 22:33:16 ----A---- C:\YServer.txt
    2009-03-18 20:52:16 ----D---- C:\Program Files\ESET
    2009-03-18 20:46:10 ----D---- C:\Program Files\alaplaya
    2009-03-18 00:08:47 ----A---- C:\WINDOWS\WORDPAD.INI
    2009-03-14 11:57:58 ----D---- C:\WINDOWS\Debug
    2009-03-11 17:07:10 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-03-11 12:56:44 ----HD---- C:\WINDOWS\$hf_mig$
    2009-03-07 10:14:34 ----RSD---- C:\WINDOWS\Fonts
    2009-02-27 18:01:39 ----D---- C:\Program Files\Microsoft Silverlight
    2009-02-27 10:18:03 ----SHD---- C:\WINDOWS\Installer
    2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-02-25 12:15:08 ----D---- C:\WINDOWS\system32\CatRoot

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
    R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-06-10 54280]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-12-21 15424]
    R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
    R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-12-21 512096]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
    R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944]
    R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-06-10 71688]
    R2 MarxDev1;MarxDev1; C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
    R2 MarxDev2;MarxDev2; C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
    R2 MarxDev3;MarxDev3; C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
    R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
    R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-18 63232]
    R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-18 55936]
    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-08 132352]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-03-04 2538624]
    R3 MMRTKRNL;MMRTKRNL; C:\WINDOWS\system32\drivers\mmrtkrnl.sys [2001-11-05 32960]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 ZSMC303;INTEX USB PC Camera (ZC301H); C:\WINDOWS\System32\Drivers\usbVM303.sys [2005-07-14 389788]
    S1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys []
    S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46848]
    S3 ac97intc;Service d'installation du pilote audio Intel(r) 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
    S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2005-03-04 65664]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
    S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
    S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
    S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
    S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
    S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
    S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
    S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
    S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
    S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-04 11807]
    S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-04 11295]
    S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-04 11871]
    S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
    S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
    S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
    S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
    S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-04 25471]
    S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-04 22271]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-09 105472]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
    S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]
    S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-17 152984]
    R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
    R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-12-21 552064]
    R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2005-03-06 476160]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-27 72704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\Shared\hpqwmi.exe [2005-10-04 94208]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

    Voila !
    Contenus similaires
    a c 326 8 Sécurité
    a b 9 Windows
    24 Mars 2009 14:52:53

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    24 Mars 2009 15:28:29

    Rebonjour Alors j'ai fait ce que vous m'avez dit et pendant le scan j'ai eux un virus qui et apparu (win32/Porat.19 toran ) dans system32 fservice.exe

    Voila le resultats apres le scan :

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1891
    Windows 5.1.2600 Service Pack 3

    24/03/2009 15:22:49
    mbam-log-2009-03-24 (15-22-49).txt

    Type de recherche: Examen rapide
    Eléments examinés: 67830
    Temps écoulé: 5 minute(s), 10 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 14
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 5
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    C:\WINDOWS\services.exe (Trojan.Agent) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5y99ae78-58tt-11dw-be53-y67078979y} (Backdoor.ProRat) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\directx for microsoft® windows (Backdoor.ProRat) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.ProRat) -> Data: c:\windows\system32\fservice.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.ProRat) -> Data: system32\fservice.exe -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Documents and Settings\Administrateur\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\FunWebProducts\Data\Administrateur (Adware.MyWay) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\RegSweep\Log (Rogue.RegSweep) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system\sservice.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\services.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fservice.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.


    Bon apres que j'ai suprimer tous les virus il me reste 1 dans : C:/WINDOWS/service.exe MBM m'écrit si je veut redémaré l'ordinateur ? je met oui ? puis mon Nod32 appercois des virus non-stop que je ne peutpas suprimer juste je peut fermer la fenetre . sservice.exe / fservice.exe etc ....
    24 Mars 2009 16:31:45

    j'ai reboot etc....je voudrais t'anoncer aussi que ma barre de tache a disparu :D  CTRL+ALT+DEL marche pas ni clik doit dans la barre de menu :( 
    a c 326 8 Sécurité
    a b 9 Windows
    24 Mars 2009 17:08:51

    Tu peux quand même faire des manip' ?
    24 Mars 2009 17:09:19

    oui , j'ai poster le rapport , pusi j'appercois 2 nouveau logiciels que jusqua maintenant je n'avez pas vue le premier est : CSNW un truk NetWare et le 2 eme est : Windows cardSpace
    a c 326 8 Sécurité
    a b 9 Windows
    24 Mars 2009 17:12:45

  • Refais un scan RSIT et poste le rapport log.
    24 Mars 2009 17:17:52

    Voila le scan :


    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-03-24 17:15:53
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 8 GB (22%) free of 38 GB
    Total RAM: 2039 MB (73% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:16:29, on 24/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\WINDOWS\VM303_STI.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {CDE97130-39B4-404E-83FC-37075459EDAE} - C:\WINDOWS\system32\fccyxWoL.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Search - ?p=ZNfox000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall....
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zenocriminel.spaces.live.com//PhotoUpload/MsnPUp...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 11018 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    Yahoo! Toolbar Helper

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll [2009-01-16 656696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-17 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDE97130-39B4-404E-83FC-37075459EDAE}]
    C:\WINDOWS\system32\fccyxWoL.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-17 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-17 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
    "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
    "Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-03-08 13924864]
    "PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2005-10-04 86016]
    "PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2005-03-06 276480]
    "SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-20 525824]
    "LayoutM"=C:\WINDOWS\KLayMgr.exe [2004-08-16 45056]
    "BigDog303"=C:\WINDOWS\VM303_STI.EXE [2005-06-23 61440]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-17 136600]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
    "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
    "nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-21 949376]
    "!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
    "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-18 981384]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
    "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
    "YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe

    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    C:\WINDOWS\system32\fccyxWoL
    nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\oDC\oDC.exe"="C:\Program Files\oDC\oDC.exe:*:Enabled:o DC"
    "C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hlds.exe"="C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hltv.exe"="C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hltv.exe:*:Enabled:HLTV Launcher"
    "C:\PacSteam\SteamApps\zeno123456\counter-strike\hl.exe"="C:\PacSteam\SteamApps\zeno123456\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hlds.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Cracked Steam\steamapps\zeno123456\counter-strike\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Cracked Steam\steamapps\zeno123456\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hltv.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hltv.exe:*:Enabled:HLTV Launcher"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.203\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.203\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.109\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.109\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.093\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.093\StrongDC.exe:*:D isabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Bureau\stong dc\StrongDC.exe"="C:\Documents and Settings\Administrateur\Bureau\stong dc\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Program Files\Counter Strike 1.6\hl.exe"="C:\Program Files\Counter Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Counter Strike 1.6\hlds.exe"="C:\Program Files\Counter Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Counter Strike 1.6\hlds.exe"="C:\Documents and Settings\Administrateur\Bureau\Counter Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Cracked Steam\steamapps\zeno123456\half-life\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Cracked Steam\steamapps\zeno123456\half-life\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\dc\StrongDC.exe"="C:\Documents and Settings\Administrateur\Bureau\dc\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Program Files\SHOUTcast\sc_serv.exe"="C:\Program Files\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\zeno123456\counter-strike\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\zeno123456\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\counter-strike\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\dedicated server\hlds.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\dedicated server\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.907\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.907\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\condition zero\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Games\XTCS Counter-Strike 1.6 Final Release\cstrike.exe"="C:\Games\XTCS Counter-Strike 1.6 Final Release\cstrike.exe:*:Enabled:XTCS Counter-Strike 1.6 Final Release"
    "C:\Games\XTCS Counter-Strike 1.6 Final Release\hltv.exe"="C:\Games\XTCS Counter-Strike 1.6 Final Release\hltv.exe:*:Enabled:HLTV Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\VNC4\winvnc4.exe"="C:\Documents and Settings\Administrateur\Bureau\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
    "C:\Program Files\Counter-Strike\hl.exe"="C:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
    "F:\Pacific Warriors\Pacific Warriors.exe"="F:\Pacific Warriors\Pacific Warriors.exe:*:Enabled:p acific Warriors"
    "C:\Program Files\Steam\steamapps\waterman79\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\waterman79\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "E:\muzica\jocuri\Master rally (masini de teren)\MRallye.exe"="E:\muzica\jocuri\Master rally (masini de teren)\MRallye.exe:*:Enabled:MRallye"
    "E:\muzica\jocuri\Pacific Warriors\Pacific Warriors.exe"="E:\muzica\jocuri\Pacific Warriors\Pacific Warriors.exe:*:Enabled:p acific Warriors"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:o rb"
    "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:o rbTray"
    "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:o rb Stream Client"
    "C:\Program Files\Steam\steamapps\waterman79\condition zero\hl.exe"="C:\Program Files\Steam\steamapps\waterman79\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Steam\steamapps\waterman79\dedicated server\hltv.exe"="C:\Program Files\Steam\steamapps\waterman79\dedicated server\hltv.exe:*:Enabled:HLTV Launcher"
    "D:\Steam\steamapps\waterman79\counter-strike\hl.exe"="D:\Steam\steamapps\waterman79\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
    "D:\Steam\steamapps\waterman79\condition zero\hl.exe"="D:\Steam\steamapps\waterman79\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\alaplaya\ComeOnBaby\ComeOnBaby.exe"="C:\Program Files\alaplaya\ComeOnBaby\ComeOnBaby.exe:*:D isabled:ComeOnBaby"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX01.719\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX01.719\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.937\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.937\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.641\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.641\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX01.047\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX01.047\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.938\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.938\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX08.000\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX08.000\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\temp\TeamViewer3\TeamViewer.exe"="C:\Documents and Settings\Administrateur\temp\TeamViewer3\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer"
    "C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe"="C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe:*:Enabled:Ad Blocker of Tweak-XP"
    "C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:p artage de l'application RTC"
    "C:\Program Files\alaplaya\S4League\S4Client.exe"="C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:p roject S4 Client.exe"
    "C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e24c0aa-b3cc-11dd-8204-0018716a7289}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf6a6b9c-f076-11dc-bf9b-0018716a7289}]
    shell\Auto\command - G:\psfbjvedk.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL psfbjvedk.exe


    ======List of files/folders created in the last 1 months======

    2009-03-24 16:50:58 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll
    2009-03-24 16:50:53 ----A---- C:\WINDOWS\system32\vsregexp.dll
    2009-03-24 16:50:50 ----A---- C:\WINDOWS\system32\zlcommdb.dll
    2009-03-24 16:50:50 ----A---- C:\WINDOWS\system32\zlcomm.dll
    2009-03-24 16:50:45 ----A---- C:\WINDOWS\system32\zpeng25.dll
    2009-03-24 16:50:45 ----A---- C:\WINDOWS\system32\vswmi.dll
    2009-03-24 16:50:44 ----A---- C:\WINDOWS\system32\vsxml.dll
    2009-03-24 16:50:43 ----D---- C:\Program Files\Zone Labs
    2009-03-24 16:50:43 ----A---- C:\WINDOWS\system32\vspubapi.dll
    2009-03-24 16:50:43 ----A---- C:\WINDOWS\system32\vsmonapi.dll
    2009-03-24 16:50:04 ----A---- C:\WINDOWS\system32\vsutil.dll
    2009-03-24 16:50:04 ----A---- C:\WINDOWS\system32\vsinit.dll
    2009-03-24 16:50:04 ----A---- C:\WINDOWS\system32\vsdata.dll
    2009-03-24 14:37:57 ----D---- C:\rsit
    2009-03-24 10:38:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Canneverbe_Limited
    2009-03-24 10:37:58 ----D---- C:\Program Files\CDBurnerXP
    2009-03-23 15:50:34 ----A---- C:\WINDOWS\system32\lncom.exe
    2009-03-23 15:47:06 ----A---- C:\WINDOWS\system32\lncom_.exe
    2009-03-19 07:45:26 ----D---- C:\alaplaya
    2009-03-18 22:56:07 ----D---- C:\Program Files\Windows Live Safety Center
    2009-03-11 17:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-11 17:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-03-11 17:06:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
    2009-02-25 12:14:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
    2009-02-25 12:14:42 ----A---- C:\WINDOWS\imsins.BAK
    2009-02-25 12:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

    ======List of files/folders modified in the last 1 months======

    2009-03-24 17:15:55 ----D---- C:\WINDOWS\Temp
    2009-03-24 17:08:38 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-24 17:06:15 ----D---- C:\WINDOWS\Internet Logs
    2009-03-24 16:52:41 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-24 16:51:02 ----D---- C:\WINDOWS\system32\ZoneLabs
    2009-03-24 16:51:02 ----D---- C:\WINDOWS\system32
    2009-03-24 16:50:43 ----RD---- C:\Program Files
    2009-03-24 16:50:03 ----SHD---- C:\WINDOWS\Installer
    2009-03-24 16:50:03 ----D---- C:\WINDOWS\WinSxS
    2009-03-24 16:45:25 ----D---- C:\WINDOWS
    2009-03-24 16:44:53 ----D---- C:\WINDOWS\system32\drivers
    2009-03-24 15:37:48 ----D---- C:\WINDOWS\system
    2009-03-24 15:14:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-24 10:37:32 ----D---- C:\Program Files\BitComet
    2009-03-24 10:37:16 ----D---- C:\Downloads
    2009-03-23 15:21:25 ----HD---- C:\WINDOWS\inf
    2009-03-23 15:21:21 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-21 08:00:09 ----D---- C:\WINDOWS\Prefetch
    2009-03-20 22:33:16 ----A---- C:\YServer.txt
    2009-03-18 20:52:16 ----D---- C:\Program Files\ESET
    2009-03-18 20:46:10 ----D---- C:\Program Files\alaplaya
    2009-03-18 00:08:47 ----A---- C:\WINDOWS\WORDPAD.INI
    2009-03-14 11:57:58 ----D---- C:\WINDOWS\Debug
    2009-03-11 17:07:10 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-03-11 12:56:44 ----HD---- C:\WINDOWS\$hf_mig$
    2009-03-07 10:14:34 ----RSD---- C:\WINDOWS\Fonts
    2009-02-27 18:01:39 ----D---- C:\Program Files\Microsoft Silverlight
    2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-02-25 12:15:08 ----D---- C:\WINDOWS\system32\CatRoot

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
    R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-06-10 54280]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-12-21 15424]
    R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-18 353672]
    R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
    R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-12-21 512096]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
    R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944]
    R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-06-10 71688]
    R2 MarxDev1;MarxDev1; C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
    R2 MarxDev2;MarxDev2; C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
    R2 MarxDev3;MarxDev3; C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
    R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
    R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-18 63232]
    R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-18 55936]
    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-08 132352]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-03-04 2538624]
    R3 MMRTKRNL;MMRTKRNL; C:\WINDOWS\system32\drivers\mmrtkrnl.sys [2001-11-05 32960]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 ZSMC303;INTEX USB PC Camera (ZC301H); C:\WINDOWS\System32\Drivers\usbVM303.sys [2005-07-14 389788]
    S1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys []
    S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46848]
    S3 ac97intc;Service d'installation du pilote audio Intel(r) 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
    S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2005-03-04 65664]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
    S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
    S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
    S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
    S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
    S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
    S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
    S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
    S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
    S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-04 11807]
    S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-04 11295]
    S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-04 11871]
    S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
    S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
    S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
    S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
    S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-04 25471]
    S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-04 22271]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-09 105472]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
    S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]
    S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-17 152984]
    R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
    R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-12-21 552064]
    R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2005-03-06 476160]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-18 2402184]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-27 72704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\Shared\hpqwmi.exe [2005-10-04 94208]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------
    a c 326 8 Sécurité
    a b 9 Windows
    24 Mars 2009 17:19:48

    Ton gestionnaire des tâches est toujours désactivé ?

    Citation :
    C:\alaplaya

    ---> Tu connais ce dossier ?
    24 Mars 2009 17:21:14

    Oui , mon gestionnaire de tache toujours desactiver par l'administrateur il y a ecrit mais moi je sais meme pas le faire je suis 100% sure que c'est le hacker. C:\alaplaya Oui je connais c'est mno jeux de tennis exelent en réseau
    a c 326 8 Sécurité
    a b 9 Windows
    24 Mars 2009 17:29:53

    1/

  • Cherche ce fichier : C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
  • Double-clique sur ce fichier.
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    F2 - REG:system.ini: Shell=Explorer.exe

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: (no name) - {CDE97130-39B4-404E-83FC-37075459EDAE} - C:\WINDOWS\system32\fccyxWoL.dll (file missing)

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: &Search - ?p=ZNfox000

    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)


  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.


    2/

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe pour le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\WINDOWS\system32\lncom.exe
    C:\WINDOWS\system32\lncom_.exe

    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e24c0aa-b3cc-11dd-8204-0018716a7289}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf6a6b9c-f076-11dc-bf9b-0018716a7289}]
    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\lsa]
    "Authentication Packages"= hex(7):6d,73,76,31,5f,30,00,00

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    24 Mars 2009 17:44:24

    Voila le rapport :


    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    C:\WINDOWS\system32\lncom.exe moved successfully.
    C:\WINDOWS\system32\lncom_.exe moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e24c0aa-b3cc-11dd-8204-0018716a7289}\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf6a6b9c-f076-11dc-bf9b-0018716a7289}\\ deleted successfully.
    HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\lsa\\"Authentication Packages"| hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_wPDtYadzSWtEaeiCbTCU scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2D5D.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1e8.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\ZLT00d6a.TMP scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03242009_173616

    Files moved on Reboot...
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_wPDtYadzSWtEaeiCbTCU not found!
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2D5D.tmp moved successfully.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_1e8.dat not found!
    File C:\WINDOWS\temp\ZLT00d6a.TMP not found!
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\XUL.mfl moved successfully.
    a c 326 8 Sécurité
    a b 9 Windows
    24 Mars 2009 17:46:38

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe pour le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=dword:00000000

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    24 Mars 2009 17:53:00

    Voila le nouveau Scan :

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== REGISTRY ==========
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableTaskMgr"|dword:00000000 /E : value set successfully!
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF289B.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7ec.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\ZLT02feb.TMP scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03242009_174839

    Files moved on Reboot...
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF289B.tmp moved successfully.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_7ec.dat not found!
    File C:\WINDOWS\temp\ZLT02feb.TMP not found!
    a c 326 8 Sécurité
    a b 9 Windows
    24 Mars 2009 17:55:24

    Tu peux ouvrir le gestionnaire des tâches normalement.
    24 Mars 2009 17:56:23

    Oui effectivement ^^
    a c 326 8 Sécurité
    a b 9 Windows
    24 Mars 2009 17:59:11

    NOD32, tu l'as payé ?
    24 Mars 2009 18:00:46

    Non pas dutout ...
    24 Mars 2009 18:02:30

    Maintenant je peut me connecter à MSN puis a mon autre Jeux sans avoir de crainte de perdre mes Mot de passe ? :(  ou autres
    a c 326 8 Sécurité
    a b 9 Windows
    24 Mars 2009 18:07:12

    ---> Désinstalle NOD32.

  • Installe Antivir et mets-le à jour.
  • Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
  • Dans Antivir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet et poste le rapport.

    Tutoriel : Scanner le(s) disque(s) dur(s)
    24 Mars 2009 18:49:48

    Ok
    24 Mars 2009 19:16:25

    Voila le rapport de l'anti-virus :


    vira AntiVir Personal
    Date de création du fichier de rapport : mardi 24 mars 2009 18:31

    La recherche porte sur 1315647 souches de virus.

    Détenteur de la licence :Avira AntiVir PersonalEdition Classic
    Numéro de série : 0000149996-ADJIE-0001
    Plateforme : Windows XP
    Version de Windows :( Service Pack 3) [5.1.2600]
    Mode Boot : Démarré normalement
    Identifiant : Administrateur
    Nom de l'ordinateur :HP

    Informations de version :
    BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
    AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
    LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
    ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 17:13:25
    ANTIVIR2.VDF : 7.1.2.199 1008640 Bytes 22/03/2009 17:13:28
    ANTIVIR3.VDF : 7.1.2.210 64000 Bytes 24/03/2009 17:13:28
    Version du moteur: 8.2.0.120
    AEVDF.DLL : 8.1.1.0 106868 Bytes 24/03/2009 17:13:37
    AESCRIPT.DLL : 8.1.1.67 364923 Bytes 24/03/2009 17:13:36
    AESCN.DLL : 8.1.1.8 127346 Bytes 24/03/2009 17:13:34
    AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
    AEPACK.DLL : 8.1.3.10 397686 Bytes 24/03/2009 17:13:34
    AEOFFICE.DLL : 8.1.0.36 196987 Bytes 24/03/2009 17:13:33
    AEHEUR.DLL : 8.1.0.107 1663352 Bytes 24/03/2009 17:13:32
    AEHELP.DLL : 8.1.2.2 119158 Bytes 24/03/2009 17:13:30
    AEGEN.DLL : 8.1.1.30 336245 Bytes 24/03/2009 17:13:29
    AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
    AECORE.DLL : 8.1.6.6 176501 Bytes 24/03/2009 17:13:29
    AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
    AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
    RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

    Configuration pour la recherche actuelle :
    Nom de la tâche..................: Sélection manuelle
    Fichier de configuration.........: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Documentation....................: bas
    Action principale................: interactif
    Action secondaire................: ignorer
    Recherche sur les secteurs d'amorçage maître: marche
    Recherche sur les secteurs d'amorçage: marche
    Secteurs d'amorçage..............: C:, D:, E:, F:,
    Recherche dans les programmes actifs: marche
    Recherche en cours sur l'enregistrement: marche
    Recherche de Rootkits............: marche
    Fichier mode de recherche........: Sélection de fichiers intelligente
    Recherche sur les archives.......: marche
    Limiter la profondeur de récursivité: 20
    Archive Smart Extensions.........: marche
    Heuristique de macrovirus........: marche
    Heuristique fichier..............: moyen

    Début de la recherche : mardi 24 mars 2009 18:31

    La recherche d'objets cachés commence.
    '43561' objets ont été contrôlés, '0' objets cachés ont été trouvés.

    La recherche sur les processus démarrés commence :
    Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'Ymsgr_tray.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'CineTray.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'msmsgs.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'zlclient.exe' - '0' module(s) sont contrôlés
    Processus de recherche 'QTTask.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'VM303_STI.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'pdfsty.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'pthosttr.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'RTHDCPL.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'igfxpers.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'hkcmd.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'igfxtray.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'SeaPort.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'pdfsvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'NMSAccessU.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'guard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'vsmon.exe' - '0' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
    '38' processus ont été contrôlés avec '38' modules

    La recherche sur les secteurs d'amorçage maître commence :
    Secteur d'amorçage maître HD0
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD1
    [INFO] Aucun virus trouvé !

    La recherche sur les secteurs d'amorçage commence :
    Secteur d'amorçage 'C:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'D:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'E:\'
    [INFO] Aucun virus trouvé !

    La recherche sur les renvois aux fichiers exécutables (registre) commence.
    Le registre a été contrôlé ( '61' fichiers).


    La recherche sur les fichiers sélectionnés commence :

    Recherche débutant dans 'C:\'
    C:\hiberfil.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    C:\Documents and Settings\Administrateur\Application Data\yahoo!\Mail\attach\Angel.exe
    [RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/Zany.19
    [REMARQUE] Fichier supprimé.
    C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\UWB4TWNY\zapSetup_80_298_004_fr[1].exe
    [0] Type d'archive: ZIP SFX (self extracting)
    --> WINDOWS6.0-KB929547-V2-X64.MSU
    [1] Type d'archive: CAB (Microsoft)
    --> Windows6.0-KB929547-v2-x64.cab
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    C:\Documents and Settings\Administrateur\Mes documents\Angel.exe
    [RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/Zany.19
    [REMARQUE] Fichier supprimé.
    Recherche débutant dans 'D:\' <Mes-docs 1>
    Recherche débutant dans 'E:\' <Mes-docs 2>
    Recherche débutant dans 'F:\'
    Impossible d'ouvrir le chemin à contrôler F:\ !
    Erreur système [21]: Le périphérique n'est pas prêt.


    Fin de la recherche : mardi 24 mars 2009 19:08
    Temps nécessaire: 36:58 Minute(s)

    La recherche a été effectuée intégralement

    6526 Les répertoires ont été contrôlés
    467668 Des fichiers ont été contrôlés
    2 Des virus ou programmes indésirables ont été trouvés
    0 Des fichiers ont été classés comme suspects
    2 Des fichiers ont été supprimés
    0 Des virus ou programmes indésirables ont été réparés
    0 Les fichiers ont été déplacés dans la quarantaine
    0 Les fichiers ont été renommés
    2 Impossible de contrôler des fichiers
    467664 Fichiers non infectés
    9360 Les archives ont été contrôlées
    3 Avertissements
    2 Consignes
    43561 Des objets ont été contrôlés lors du Rootkitscan
    0 Des objets cachés ont été trouvés
    a c 326 8 Sécurité
    a b 9 Windows
    24 Mars 2009 21:52:12

    Ton PC va bien ?

  • Désinstalle Java 6 Update 11.

  • Mets à jour Java.

  • Refais un scan RSIT et poste le rapport log.
    25 Mars 2009 12:51:36

    Bonjour , Voila j'ai fait comme tu me la Dit

    Voisi le scan :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-03-25 12:50:38
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 13 GB (33%) free of 38 GB
    Total RAM: 2039 MB (68% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:50:55, on 25/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\WINDOWS\VM303_STI.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\ZoneLabs\UpdClient.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall....
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zenocriminel.spaces.live.com//PhotoUpload/MsnPUp...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 10659 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    Yahoo! Toolbar Helper

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll [2009-01-16 656696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-25 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-25 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
    "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
    "Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-03-08 13924864]
    "PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2005-10-04 86016]
    "PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2005-03-06 276480]
    "SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-20 525824]
    "LayoutM"=C:\WINDOWS\KLayMgr.exe [2004-08-16 45056]
    "BigDog303"=C:\WINDOWS\VM303_STI.EXE [2005-06-23 61440]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
    "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
    "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-18 981384]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-25 148888]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
    "Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
    "YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe

    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\oDC\oDC.exe"="C:\Program Files\oDC\oDC.exe:*:Enabled:o DC"
    "C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hlds.exe"="C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hltv.exe"="C:\Documents and Settings\Administrateur\Bureau\couter 1.6\hltv.exe:*:Enabled:HLTV Launcher"
    "C:\PacSteam\SteamApps\zeno123456\counter-strike\hl.exe"="C:\PacSteam\SteamApps\zeno123456\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hlds.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Cracked Steam\steamapps\zeno123456\counter-strike\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Cracked Steam\steamapps\zeno123456\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hltv.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\couter 1.6\hltv.exe:*:Enabled:HLTV Launcher"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.203\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.203\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.109\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.109\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.093\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.093\StrongDC.exe:*:D isabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Bureau\stong dc\StrongDC.exe"="C:\Documents and Settings\Administrateur\Bureau\stong dc\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Program Files\Counter Strike 1.6\hl.exe"="C:\Program Files\Counter Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Counter Strike 1.6\hlds.exe"="C:\Program Files\Counter Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Counter Strike 1.6\hlds.exe"="C:\Documents and Settings\Administrateur\Bureau\Counter Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Cracked Steam\steamapps\zeno123456\half-life\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Cracked Steam\steamapps\zeno123456\half-life\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\dc\StrongDC.exe"="C:\Documents and Settings\Administrateur\Bureau\dc\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Program Files\SHOUTcast\sc_serv.exe"="C:\Program Files\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\zeno123456\counter-strike\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\zeno123456\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\counter-strike\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\dedicated server\hlds.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\dedicated server\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.907\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.907\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\condition zero\hl.exe"="C:\Documents and Settings\Administrateur\Bureau\Zeno\Cracked Steam\steamapps\waterman79\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Games\XTCS Counter-Strike 1.6 Final Release\cstrike.exe"="C:\Games\XTCS Counter-Strike 1.6 Final Release\cstrike.exe:*:Enabled:XTCS Counter-Strike 1.6 Final Release"
    "C:\Games\XTCS Counter-Strike 1.6 Final Release\hltv.exe"="C:\Games\XTCS Counter-Strike 1.6 Final Release\hltv.exe:*:Enabled:HLTV Launcher"
    "C:\Documents and Settings\Administrateur\Bureau\VNC4\winvnc4.exe"="C:\Documents and Settings\Administrateur\Bureau\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
    "C:\Program Files\Counter-Strike\hl.exe"="C:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
    "F:\Pacific Warriors\Pacific Warriors.exe"="F:\Pacific Warriors\Pacific Warriors.exe:*:Enabled:p acific Warriors"
    "C:\Program Files\Steam\steamapps\waterman79\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\waterman79\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "E:\muzica\jocuri\Master rally (masini de teren)\MRallye.exe"="E:\muzica\jocuri\Master rally (masini de teren)\MRallye.exe:*:Enabled:MRallye"
    "E:\muzica\jocuri\Pacific Warriors\Pacific Warriors.exe"="E:\muzica\jocuri\Pacific Warriors\Pacific Warriors.exe:*:Enabled:p acific Warriors"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:o rb"
    "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:o rbTray"
    "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:o rb Stream Client"
    "C:\Program Files\Steam\steamapps\waterman79\condition zero\hl.exe"="C:\Program Files\Steam\steamapps\waterman79\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Steam\steamapps\waterman79\dedicated server\hltv.exe"="C:\Program Files\Steam\steamapps\waterman79\dedicated server\hltv.exe:*:Enabled:HLTV Launcher"
    "D:\Steam\steamapps\waterman79\counter-strike\hl.exe"="D:\Steam\steamapps\waterman79\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
    "D:\Steam\steamapps\waterman79\condition zero\hl.exe"="D:\Steam\steamapps\waterman79\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\alaplaya\ComeOnBaby\ComeOnBaby.exe"="C:\Program Files\alaplaya\ComeOnBaby\ComeOnBaby.exe:*:D isabled:ComeOnBaby"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX01.719\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX01.719\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.937\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.937\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.641\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.641\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX01.047\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX01.047\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.938\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.938\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
    "C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX08.000\StrongDC.exe"="C:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX08.000\StrongDC.exe:*:Enabled:StrongDC++"
    "C:\Documents and Settings\Administrateur\temp\TeamViewer3\TeamViewer.exe"="C:\Documents and Settings\Administrateur\temp\TeamViewer3\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer"
    "C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe"="C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe:*:Enabled:Ad Blocker of Tweak-XP"
    "C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:p artage de l'application RTC"
    "C:\Program Files\alaplaya\S4League\S4Client.exe"="C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:p roject S4 Client.exe"
    "C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

    ======List of files/folders created in the last 1 months======

    2009-03-25 12:50:06 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-03-25 12:50:06 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-03-25 12:50:06 ----A---- C:\WINDOWS\system32\java.exe
    2009-03-24 18:12:10 ----D---- C:\Program Files\Avira
    2009-03-24 18:12:10 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-03-24 17:36:16 ----D---- C:\_OTMoveIt
    2009-03-24 16:50:58 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll
    2009-03-24 16:50:53 ----A---- C:\WINDOWS\system32\vsregexp.dll
    2009-03-24 16:50:50 ----A---- C:\WINDOWS\system32\zlcommdb.dll
    2009-03-24 16:50:50 ----A---- C:\WINDOWS\system32\zlcomm.dll
    2009-03-24 16:50:45 ----A---- C:\WINDOWS\system32\zpeng25.dll
    2009-03-24 16:50:45 ----A---- C:\WINDOWS\system32\vswmi.dll
    2009-03-24 16:50:44 ----A---- C:\WINDOWS\system32\vsxml.dll
    2009-03-24 16:50:43 ----D---- C:\Program Files\Zone Labs
    2009-03-24 16:50:43 ----A---- C:\WINDOWS\system32\vspubapi.dll
    2009-03-24 16:50:43 ----A---- C:\WINDOWS\system32\vsmonapi.dll
    2009-03-24 16:50:04 ----A---- C:\WINDOWS\system32\vsutil.dll
    2009-03-24 16:50:04 ----A---- C:\WINDOWS\system32\vsinit.dll
    2009-03-24 16:50:04 ----A---- C:\WINDOWS\system32\vsdata.dll
    2009-03-24 14:37:57 ----D---- C:\rsit
    2009-03-24 10:38:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Canneverbe_Limited
    2009-03-24 10:37:58 ----D---- C:\Program Files\CDBurnerXP
    2009-03-19 07:45:26 ----D---- C:\alaplaya
    2009-03-18 22:56:07 ----D---- C:\Program Files\Windows Live Safety Center
    2009-03-11 17:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-11 17:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-03-11 17:06:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$

    ======List of files/folders modified in the last 1 months======

    2009-03-25 12:50:16 ----SHD---- C:\WINDOWS\Installer
    2009-03-25 12:50:09 ----D---- C:\WINDOWS\Temp
    2009-03-25 12:50:06 ----D---- C:\WINDOWS\system32
    2009-03-25 12:49:49 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-03-25 12:49:44 ----D---- C:\Program Files\Java
    2009-03-25 12:46:56 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-25 12:46:48 ----D---- C:\Program Files\Grisoft
    2009-03-25 12:46:47 ----D---- C:\WINDOWS\system32\drivers
    2009-03-24 23:45:02 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-24 20:53:43 ----D---- C:\WINDOWS\Internet Logs
    2009-03-24 19:27:32 ----D---- C:\Program Files\TeamViewer
    2009-03-24 18:23:19 ----D---- C:\Program Files\ESET
    2009-03-24 18:22:25 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-24 18:12:10 ----RD---- C:\Program Files
    2009-03-24 16:51:02 ----D---- C:\WINDOWS\system32\ZoneLabs
    2009-03-24 16:50:03 ----D---- C:\WINDOWS\WinSxS
    2009-03-24 16:45:25 ----D---- C:\WINDOWS
    2009-03-24 15:37:48 ----D---- C:\WINDOWS\system
    2009-03-24 15:14:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-24 10:37:32 ----D---- C:\Program Files\BitComet
    2009-03-24 10:37:16 ----D---- C:\Downloads
    2009-03-23 15:21:25 ----HD---- C:\WINDOWS\inf
    2009-03-21 08:00:09 ----D---- C:\WINDOWS\Prefetch
    2009-03-20 22:33:16 ----A---- C:\YServer.txt
    2009-03-18 20:46:10 ----D---- C:\Program Files\alaplaya
    2009-03-18 00:08:47 ----A---- C:\WINDOWS\WORDPAD.INI
    2009-03-14 11:57:58 ----D---- C:\WINDOWS\Debug
    2009-03-11 17:07:12 ----A---- C:\WINDOWS\imsins.BAK
    2009-03-11 17:07:10 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-03-11 12:56:44 ----HD---- C:\WINDOWS\$hf_mig$
    2009-03-07 10:14:34 ----RSD---- C:\WINDOWS\Fonts
    2009-02-27 18:01:39 ----D---- C:\Program Files\Microsoft Silverlight

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-06-10 54280]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-18 353672]
    R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
    R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944]
    R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-06-10 71688]
    R2 MarxDev1;MarxDev1; C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
    R2 MarxDev2;MarxDev2; C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
    R2 MarxDev3;MarxDev3; C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
    R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
    R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-18 63232]
    R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-18 55936]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-08 132352]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-03-04 2538624]
    R3 MMRTKRNL;MMRTKRNL; C:\WINDOWS\system32\drivers\mmrtkrnl.sys [2001-11-05 32960]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 ZSMC303;INTEX USB PC Camera (ZC301H); C:\WINDOWS\System32\Drivers\usbVM303.sys [2005-07-14 389788]
    R4 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
    R4 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys []
    S1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys []
    S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46848]
    S3 ac97intc;Service d'installation du pilote audio Intel(r) 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
    S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2005-03-04 65664]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
    S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
    S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
    S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
    S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
    S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
    S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
    S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
    S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
    S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-04 11807]
    S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-04 11295]
    S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-04 11871]
    S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
    S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
    S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
    S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
    S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-04 25471]
    S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-04 22271]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-09 105472]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
    S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]
    S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]
    S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-25 152984]
    R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
    R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2005-03-06 476160]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-18 2402184]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-27 72704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\Shared\hpqwmi.exe [2005-10-04 94208]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------
    a c 326 8 Sécurité
    a b 9 Windows
    25 Mars 2009 13:59:05

    StrongDC, ça te dit quelque chose ?
    27 Mars 2009 18:05:21

    Bonsoir , excuse moi de plus avoir répondu a tes messages ... Le hackeur est dans mon pc il a désactiver le net a remis des virus il est toujours parmi nous .... je vais crée un nouveau topic pour mieux comprendre la situation .
    a c 326 8 Sécurité
    a b 9 Windows
    27 Mars 2009 18:21:41

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    27 Mars 2009 18:28:04

    Comment on fait pour desactiver Anti-vir stp ?
    a c 326 8 Sécurité
    a b 9 Windows
    27 Mars 2009 18:29:48

    Clique droit sur le parapluie et tu trouveras.
    27 Mars 2009 18:37:18

    Voila le rapport de ComboFix:

    ComboFix 09-03-26.03 - Administrateur 2009-03-27 18:32:09.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2039.1556 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\ktd32.atm
    c:\windows\system32\fvfeacni.ini
    c:\windows\system32\LoWxyccf.ini
    c:\windows\system32\LoWxyccf.ini2
    c:\windows\system32\undgjyxm.ini
    c:\windows\system32\xblapqcl.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-27 au 2009-03-27 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-24 18:12 . 2009-03-24 18:12 <REP> d-------- c:\program files\Avira
    2009-03-24 18:12 . 2009-03-24 18:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-03-24 18:09 . 2009-03-24 18:10 22,148,280 --a------ c:\windows\antivir_workstation_winu_fr_h.exe
    2009-03-24 17:36 . 2009-03-24 17:36 <REP> d-------- C:\_OTMoveIt
    2009-03-24 16:50 . 2009-03-24 16:50 <REP> d-------- c:\program files\Zone Labs
    2009-03-24 15:04 . 2009-03-24 15:13 2,876,720 --a------ c:\windows\mbam-setup.exe
    2009-03-24 14:37 . 2009-03-24 14:38 <REP> d-------- C:\rsit
    2009-03-24 10:38 . 2009-03-24 10:38 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Canneverbe_Limited
    2009-03-24 10:37 . 2009-03-24 10:38 <REP> d-------- c:\program files\CDBurnerXP
    2009-03-23 16:27 . 2009-03-23 16:42 61,955 --a------ c:\windows\p_ekran.jpg
    2009-03-18 22:56 . 2009-03-23 15:21 <REP> d-------- c:\program files\Windows Live Safety Center

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-27 16:30 --------- d-----w c:\documents and settings\Administrateur\Application Data\teamspeak2
    2009-03-27 16:30 --------- d-----w c:\documents and settings\Administrateur\Application Data\LimeWire
    2009-03-27 00:12 2,139,648 ----a-w c:\windows\Internet Logs\xDB2.tmp
    2009-03-26 22:31 2,140,160 ----a-w c:\windows\Internet Logs\xDB1.tmp
    2009-03-25 13:55 104,725 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_25_14_33_17_small.dmp.zip
    2009-03-25 13:55 103,524 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_25_14_33_15_small.dmp.zip
    2009-03-25 13:25 --------- d-----w c:\program files\BitComet
    2009-03-25 11:49 410,984 ----a-w c:\windows\system32\deploytk.dll
    2009-03-25 11:49 --------- d-----w c:\program files\Java
    2009-03-24 17:23 --------- d-----w c:\program files\ESET
    2009-03-24 14:14 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-03-18 19:46 --------- d-----w c:\program files\alaplaya
    2009-02-27 17:01 --------- d-----w c:\program files\Microsoft Silverlight
    2009-02-21 07:59 --------- d-----w c:\program files\MSBuild
    2009-02-21 07:58 --------- d-----w c:\program files\Reference Assemblies
    2009-02-21 07:50 --------- d-----w c:\program files\Windows Live
    2009-02-21 07:43 --------- d-----w c:\program files\Steam
    2009-02-20 22:02 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org
    2009-02-20 22:00 --------- d-----w c:\program files\OpenOffice.org 3
    2009-02-20 22:00 --------- d-----w c:\program files\JRE
    2009-02-20 14:49 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
    2009-02-18 22:10 46,472 ----a-w c:\windows\system32\vsutil_loc040c.dll
    2009-02-18 22:10 1,221,512 ----a-w c:\windows\system32\zpeng25.dll
    2009-02-13 15:47 --------- d-----w c:\program files\Services en ligne
    2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
    2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys
    2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
    2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
    2009-01-30 19:29 --------- d-----w c:\documents and settings\Administrateur\Application Data\skypePM
    2009-01-30 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
    2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
    2008-12-21 22:47 44 ---h--w c:\program files\e9aacc36.tmp
    2008-09-01 12:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090120080902\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
    "PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
    "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2005-03-06 276480]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-18 981384]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\hdashcut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-03-08 c:\windows\RTHDCPL.EXE]
    "LayoutM"="KLayMgr.exe" [2004-08-16 c:\windows\KLayMgr.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Sonic CinePlayer Quick Launch.lnk - c:\program files\Fichiers communs\Sonic Shared\CineTray.exe [2005-10-15 114688]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Steam\\steamapps\\waterman79\\counter-strike\\hl.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Tweak-XP Pro 4\\AdBlocker.exe"=
    "c:\\WINDOWS\\system32\\rtcshare.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5900:TCP"= 5900:TCP:*:D isabled:vnc5900
    "5800:TCP"= 5800:TCP:*:D isabled:vnc5800
    "18063:TCP"= 18063:TCP:BitComet 18063 TCP
    "18063:UDP"= 18063:UDP:BitComet 18063 UDP

    R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2008-05-31 8864]
    R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2008-05-31 8864]
    R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2008-05-31 8864]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-02-12 476160]
    R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    HKCU-Run-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
    HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


    .
    ------- Examen supplémentaire -------
    .
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\kdk8md47.default\
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-27 18:33:47
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
    "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    Heure de fin: 2009-03-27 18:36:08
    ComboFix-quarantined-files.txt 2009-03-27 17:35:58

    Avant-CF: 23 649 300 480 octets libres
    Après-CF: 23,825,666,048 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    167 --- E O F --- 2009-03-14 11:00:20
    a c 326 8 Sécurité
    a b 9 Windows
    27 Mars 2009 19:01:35

    Comment tu sais qu'il y a un hacker ?
    27 Mars 2009 19:05:04

    hmmm ... je sais que c'est un hacker trés expérimenter je le connai .... mais je penser pas qu'il aller me faire un coup comme sa ... en plus de ça je sais qu'il veut mes Mot de passe de partout surtout mon jeux et Mon MSN >_<
    27 Mars 2009 19:07:45

    Bon passant de ça ... je m'inquiete plutot de mon pc que de ça . Dans ma barre de tache je vois toujours winlogon.exe , Services.exe jqs.exe , smss.exe qui auparavant n'était pas la . Et dans mon panneau de config. je vois 2 nouvelle choses : CSNW Winddows card Space
    a c 326 8 Sécurité
    a b 9 Windows
    27 Mars 2009 19:32:56

    Citation :
    winlogon.exe , Services.exe jqs.exe , smss.exe

    ---> Fichiers de Microsoft et de Java.
    27 Mars 2009 19:37:19

    Hmmmm tu peut me rassurer qu'il ny a personne dans mon ordinateur ? et comment le protéger contre les attaqes virus , et qu'il entre dans mon PC ? ( parce que jusqua maintenant mon internet marcher pas ... )
    a c 326 8 Sécurité
    a b 9 Windows
    27 Mars 2009 19:53:49

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Fais un scan en ligne ici : http://webscanner.kaspersky.fr/ (Avec Internet Explorer)

  • En bas à droite, clique sur Démarrer Online-scanner.

  • Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte.

  • Accepte les Contrôles ActiveX.

  • Choisis Poste de travail pour le scan.

  • Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport.

  • Pour t'aider à utiliser le scan en ligne : Tutoriel

    Note : Si tu reçois le message La licence de Kaspersky On-line Scanner est périmée, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
    27 Mars 2009 20:09:32

    Pour le scan online sa marche pas. :(  Connection a distance Blabla et sa marche pas ...
    a c 326 8 Sécurité
    a b 9 Windows
    27 Mars 2009 20:19:57

    Tu sais faire une capture d'écran ?
    27 Mars 2009 20:39:15

    Biensure att
    27 Mars 2009 20:43:13

    euuhh chez imageshack j'arive pas a upload
    27 Mars 2009 21:56:59

    Voila ^^
    a c 326 8 Sécurité
    a b 9 Windows
    27 Mars 2009 22:26:30

    C'est écrit "Travail hors connexion" donc sans Internet.
    27 Mars 2009 22:28:54

    Hmmm Comment je fait pour le mettre en ligne ?
    a c 326 8 Sécurité
    a b 9 Windows
    27 Mars 2009 22:34:14

    Fichier > Avant dernière ligne
    27 Mars 2009 22:39:45

    Quand je clik pour désactiver Le truc hors ligne ba sa me le remet !
    a c 326 8 Sécurité
    a b 9 Windows
    27 Mars 2009 22:55:44

    Tu sélectionnes ta connexion puis tu cliques sur Connexion.
    28 Mars 2009 08:33:50

    le probleme est que j'ai que des connection a distance a choisir aucune ne marche . Ma connection n'est pas parmi les 3 :( 
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS