Votre question

"tr vundo gen" AU SECOURS

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Mars 2009 23:29:10

BONSOIR

j&ai un "tr vundo gen", je l'ai découvert avec Antivir et j'arrive pas à le supprimer, est-ce que vous pouvez m'aider
ci-dessous le rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:13, on 20/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Philips\VOIP321\VOIP321.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
H:\Picasa3\Picasa3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\AhnRpta.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.menara.ma/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.generation-nt.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe (User 'Default user')
O4 - Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (file missing)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 10551 bytes


d'avance merci pour votre aide

Autres pages sur : vundo gen secours

a c 296 8 Sécurité
a b 9 Windows
20 Mars 2009 23:37:41

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    m
    0
    l
    21 Mars 2009 08:16:32

    salut et merci pour ta réponse;

    j'ai suivi ta procédure et voilà ci-dessous les deux rapports:

    1/ log.txt


    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Home at 2009-03-21 08:09:48
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 795 MB (3%) free of 27 GB
    Total RAM: 1014 MB (32% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:09:52, on 21/03/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Menara\dslmon.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Philips\VOIP321\VOIP321.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\AhnRpta.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\Home\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Home.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.menara.ma/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.generation-nt.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
    O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
    O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
    O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe (User 'Default user')
    O4 - Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (file missing)
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

    --
    End of file - 10621 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\PMTask.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
    IsoBuster Toolbar - C:\Program Files\IsoBuster\tbIsoB.dll [2008-06-04 1542168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-09-20 716800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E31CE47F-C268-41ba-897B-B415E613947D}]
    Microsoft Web Test Recorder 9.0 Helper - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll [2007-10-05 64088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-09-20 716800]
    {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - IsoBuster Toolbar - C:\Program Files\IsoBuster\tbIsoB.dll [2008-06-04 1542168]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "TrackPointSrv"=C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [2007-11-08 92960]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
    "ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2007-07-05 413696]
    "ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2007-07-05 126976]
    "AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-08-15 141848]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-08-15 162328]
    "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-08-15 137752]
    "TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176]
    "PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
    "BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
    "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
    "GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2002-08-19 94208]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
    "amva"=C:\WINDOWS\system32\amvo.exe [2008-10-13 101415]
    "kamsoft"=C:\WINDOWS\system32\ckvo.exe []
    "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
    "vamsoft"=C:\WINDOWS\system32\vamsoft.exe [2008-12-16 113878]
    "cdoosoft"=C:\WINDOWS\system32\olhrwef.exe [2009-03-21 110313]
    "cbvcs"=C:\WINDOWS\system32\urretnd.exe [2009-03-20 108840]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-04-27 243248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
    C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-12-20 60704]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
    C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2007-11-26 576104]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    DSLMON.lnk - C:\Program Files\Menara\dslmon.exe
    InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

    C:\Documents and Settings\Home\Menu Démarrer\Programmes\Démarrage
    VOIP321.lnk - C:\Program Files\Philips\VOIP321\VOIP321.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
    C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2007-07-05 32768]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2007-08-09 204800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
    C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
    C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2006-12-14 28672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"=C:\WINDOWS\system32\Bitkv1.dll [2004-08-10 69632]
    "{BB4C402F-882A-4526-8C08-51278EA437C1}"=C:\WINDOWS\system32\afmain1.dll [2004-08-10 78848]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    nwprovau
    "notification packages"=scecli
    ACGina

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\InterVideo\DVD7\WinDVD.exe"="C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{018f9f30-8761-11dd-805d-00197e768cf6}]
    shell\AutoRun\command - F:\abk.bat
    shell\explore\command - F:\abk.bat
    shell\open\command - F:\abk.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13d4442c-2a94-11dd-804f-00197e768cf6}]
    shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13d4442d-2a94-11dd-804f-00197e768cf6}]
    shell\AutoRun\command - fooool.exe
    shell\explore\command - fooool.exe
    shell\open\command - fooool.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a565ebf6-9976-11dd-8071-00197e768cf6}]
    shell\AutoRun\command - iqe68o.bat
    shell\explore\command - iqe68o.bat
    shell\open\command - iqe68o.bat


    ======List of files/folders created in the last 1 months======

    2009-03-21 08:09:48 ----D---- C:\rsit
    2009-03-21 08:06:28 ----RSH---- C:\jm3cx96.bat
    2009-03-20 23:15:52 ----D---- C:\Program Files\Trend Micro
    2009-03-20 23:09:22 ----RSH---- C:\d1vmq.exe
    2009-03-20 23:01:55 ----D---- C:\Program Files\Avira
    2009-03-20 23:01:55 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-03-20 22:51:17 ----N---- C:\WINDOWS\system32\vxblock.dll
    2009-03-20 22:51:17 ----N---- C:\WINDOWS\system32\pxhpinst.exe
    2009-03-20 22:51:17 ----N---- C:\WINDOWS\system32\pxdrv.dll
    2009-03-20 22:51:16 ----N---- C:\WINDOWS\system32\pxwave.dll
    2009-03-20 22:51:16 ----N---- C:\WINDOWS\system32\pxmas.dll
    2009-03-20 22:51:16 ----N---- C:\WINDOWS\system32\px.dll
    2009-03-20 22:35:26 ----D---- C:\WINDOWS\system32\IOSUBSYS
    2009-03-20 22:32:18 ----RSH---- C:\pv6mxu.bat
    2009-03-20 18:46:49 ----RSH---- C:\xsia.bat
    2009-03-19 18:52:52 ----RSH---- C:\gyn.cmd
    2009-03-18 20:03:34 ----RSH---- C:\p1y2.cmd
    2009-03-18 19:52:25 ----RSH---- C:\q0dhfjf.exe
    2009-03-17 14:35:22 ----RSH---- C:\yh.cmd
    2009-03-16 22:50:27 ----RSH---- C:\luk1ylq.com
    2009-03-06 08:17:31 ----RSH---- C:\2.com
    2009-03-06 08:05:18 ----RSH---- C:\2.bat
    2009-03-05 18:33:28 ----RSH---- C:\WINDOWS\system32\nmdfgds2.dll
    2009-03-05 06:15:42 ----RSH---- C:\WINDOWS\system32\nmdfgds1.dll
    2009-03-04 23:02:17 ----RSH---- C:\dbrxubcw.com
    2009-03-04 22:47:06 ----RSH---- C:\WINDOWS\system32\optyhww1.dll
    2009-03-03 22:30:08 ----RSH---- C:\o.exe
    2009-03-03 22:29:53 ----RSH---- C:\WINDOWS\system32\urretnd.exe
    2009-03-03 22:29:53 ----RSH---- C:\WINDOWS\system32\optyhww0.dll
    2009-03-02 19:10:02 ----RSH---- C:\a1agmur.cmd
    2009-02-28 22:32:58 ----A---- C:\WINDOWS\AhnRpta.exe
    2009-02-28 22:18:54 ----RSH---- C:\gi2ky.exe
    2009-02-28 22:13:25 ----D---- C:\Program Files\Philips
    2009-02-28 21:09:39 ----RD---- C:\Program Files\Skype
    2009-02-28 20:29:53 ----RSH---- C:\ur0.com

    ======List of files/folders modified in the last 1 months======

    2009-03-21 08:06:24 ----D---- C:\Documents and Settings\Home\Application Data\Skype
    2009-03-21 08:06:02 ----D---- C:\WINDOWS\system32\drivers
    2009-03-21 08:06:02 ----D---- C:\WINDOWS\system32
    2009-03-21 08:06:00 ----RSH---- C:\WINDOWS\system32\olhrwef.exe
    2009-03-20 23:15:52 ----RD---- C:\Program Files
    2009-03-20 23:09:11 ----D---- C:\WINDOWS\Temp
    2009-03-20 23:05:39 ----N---- C:\WINDOWS\system32\nmdfgds0.dll
    2009-03-20 23:05:14 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-20 23:02:54 ----D---- C:\WINDOWS\Prefetch
    2009-03-20 23:02:39 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-20 22:49:48 ----HD---- C:\WINDOWS\inf
    2009-03-20 22:48:36 ----D---- C:\WINDOWS
    2009-03-20 22:48:05 ----A---- C:\WINDOWS\ModemLog_ThinkPad Modem.txt
    2009-03-20 22:47:56 ----RSH---- C:\WINDOWS\system32\amvo0.dll
    2009-03-20 22:47:56 ----N---- C:\WINDOWS\system32\ckvo0.dll
    2009-03-20 22:47:38 ----D---- C:\WINDOWS\Registration
    2009-03-20 22:47:38 ----A---- C:\WINDOWS\system32\PROCDB.INI
    2009-03-20 22:47:28 ----D---- C:\flexlm
    2009-03-20 22:47:28 ----A---- C:\WINDOWS\system32\IPSCtrl.INI
    2009-03-20 22:47:15 ----A---- C:\TPHKLOCK.TXT
    2009-03-20 22:40:42 ----RSH---- C:\WINDOWS\system32\vbsdfe0.dll
    2009-03-20 22:35:26 ----D---- C:\Program Files\Google
    2009-03-20 07:53:18 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-19 18:49:00 ----SHD---- C:\WINDOWS\Installer
    2009-03-19 18:49:00 ----SHD---- C:\Config.Msi
    2009-03-19 18:47:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-03-18 20:42:18 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2009-03-18 20:42:12 ----D---- C:\Program Files\Fichiers communs
    2009-03-18 20:10:14 ----D---- C:\Documents and Settings\Home\Application Data\skypePM
    2009-03-18 19:15:23 ----RSH---- C:\WINDOWS\system32\vbsdfe1.dll
    2009-03-17 22:53:34 ----SD---- C:\Documents and Settings\Home\Application Data\Microsoft
    2009-03-17 22:52:02 ----D---- C:\Program Files\Microsoft Office
    2009-03-17 12:45:31 ----RSH---- C:\WINDOWS\system32\ckvo1.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
    R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 40320]
    R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2006-10-23 17778]
    R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-12-07 4442]
    R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-12-26 7168]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
    R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
    R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-10 88448]
    R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
    R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
    R2 PROCDD;Pilote de support IPS; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
    R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
    R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
    R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-10-26 549184]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
    R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-11-21 879624]
    R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
    R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-01-12 246680]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]
    R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
    R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-09 5765056]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
    R3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672]
    R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-10 163584]
    R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
    R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2007-11-08 22568]
    R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2007-09-15 501800]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
    S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-03-02 63555]
    S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\tdi.sys []
    S3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288]
    S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-04 22016]
    S3 TwoTrack;Pilote de filtre de TrackPoint IBM PS/2; C:\WINDOWS\system32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
    S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-07-05 65536]
    R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-07-05 184320]
    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 ArcGIS License Manager;ArcGIS License Manager; C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe [1999-12-01 467968]
    R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-11-26 264800]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
    R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 103424]
    R2 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
    R2 IPSSVC;Service de base IPS; C:\WINDOWS\system32\IPSSVC.EXE [2007-01-30 108080]
    R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
    R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
    R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]
    R2 tp4serv;tp4serv; C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE [2007-11-08 35616]
    R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-09-17 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-09-17 70144]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-09-04 36864]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-09-17 864256]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
    S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-10-04 3006464]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-09-17 122880]

    -----------------EOF-----------------



    2/ info.txt


    info.txt logfile of random's system information tool 1.05 2009-03-21 08:09:54

    ======Uninstall list======

    -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    AIDA32 v3.93-->"C:\Program Files\AIDA32 - Personal System Information\unins000.exe"
    ALUpdate-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
    ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
    Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
    ArcGIS Desktop-->MsiExec.exe /I{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}
    ArcGIS License Manager-->C:\PROGRA~1\ESRI\License\arcgis9x\UNWISE32.EXE C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS~1.LOG "License Manager"
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Creative DVD Audio Plugin for Audigy Series-->"C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
    Fonctions d'accessibilité TrackPoint-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\Setup.exe"
    Gestionnaire d'alimentation ThinkPad-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x40c -AddRemove
    Gestionnaire de présentation-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x40c -AddRemove
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Incrustation-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
    Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
    Intel(R) PRO Network Connections Drivers-->Prounstl.exe
    InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
    InterVideo WinDVD 7-->"C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
    IsoBuster 2.4-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
    IsoBuster Toolbar-->C:\PROGRA~1\ISOBUS~1\UNWISE.EXE C:\PROGRA~1\ISOBUS~1\INSTALL.LOG
    Kit de Connexion MENARA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB25E068-C7A2-482F-A3BC-588A5869844D}\setup.exe" -l0x40c ControlPanel
    LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
    LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    Maintenance Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{03CBEF43-0166-3019-A11F-732A3D207B72}
    Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{78BD3A52-6CE8-31A9-97C2-54D13D98665C}
    Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
    Microsoft .NET Framework 3.5-->MsiExec.exe /I{55042A50-9A2B-306E-AB1A-649A3FD8057D}
    Microsoft Document Explorer 2008-->C:\Program Files\Fichiers communs\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
    Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
    Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
    Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9}
    Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
    Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
    Microsoft SQL Server Compact 3.5 for Devices ENU-->MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
    Microsoft Visual Studio Team System 2008 Team Suite - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio Team System 2008 Team Suite - ENU\setup.exe
    Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
    Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSDN Library for Visual Studio 2008 - ENU-->C:\Program Files\MSDN\MSDN9.0\MSDN Library for Visual Studio 2008 - ENU\setup.exe
    MSDN Library for Visual Studio 2008 - ENU-->MsiExec.exe /X{3A762A82-618D-3CAA-B847-D074ABFA0B2E}
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
    Norton Ghost-->MsiExec.exe /I{6975E810-C92F-45F0-0BFD-187B312F10E8}
    Picasa 3-->"H:\Picasa3\Uninstall.exe"
    Python 2.4.1-->C:\Python24\\Python24\UNWISE.EXE C:\Python24\\Python24\INSTALL.LOG
    Sentinel Protection Installer 7.2.2-->MsiExec.exe /I{6DC0632A-A838-4B34-AC19-0FA18E1C533C}
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x40c -removeonly
    ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
    ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
    ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.INF
    ThinkPad TrackPoint Driver-->C:\Program Files\Lenovo\TrackPoint\tp4unins.exe
    ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x40c anything
    Utilitaire de personnalisation du clavier ThinkPad-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x40c anything
    Utilitaire ThinkPad EasyEject-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x40c -AddRemove
    VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Visual Studio 2005 Tools pour Office Second Edition Runtime-->c:\Program Files\Fichiers communs\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
    Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files\Fichiers communs\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
    Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
    VOIP321-->MsiExec.exe /X{3C0C88F5-72EE-464C-AC78-A118367FB322}
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

    ======Security center information======

    AV: Avira AntiVir PersonalEdition Classic (disabled)

    System event log

    Computer Name: SONY_VAIO
    Event Code: 7036
    Message: Le service avast! Web Scanner est entré dans l'état : en cours d'exécution.

    Record Number: 2252
    Source Name: Service Control Manager
    Time Written: 20081113174033.000000+060
    Event Type: Informations
    User:

    Computer Name: SONY_VAIO
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service avast! Web Scanner.

    Record Number: 2251
    Source Name: Service Control Manager
    Time Written: 20081113174033.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: SONY_VAIO
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.

    Record Number: 2250
    Source Name: Service Control Manager
    Time Written: 20081113174033.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: SONY_VAIO
    Event Code: 7000
    Message: Le service General Purpose USB Driver (e4ldr.sys) n'a pas pu démarrer en raison de l'erreur :
    Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.


    Record Number: 2249
    Source Name: Service Control Manager
    Time Written: 20081113174033.000000+060
    Event Type: erreur
    User:

    Computer Name: SONY_VAIO
    Event Code: 19
    Message:
    Record Number: 2248
    Source Name: Sentinel
    Time Written: 20081113174024.000000+060
    Event Type: Avertissement
    User:

    Application event log

    Computer Name: SONY_VAIO
    Event Code: 1002
    Message: Les compteurs de performances pour le service ServiceModelService 3.0.0.0 (ServiceModelService 3.0.0.0) existent déjà dans le Registre
    des performances. Il n'est pas nécessaire de les réinstaller.

    Record Number: 852
    Source Name: LoadPerf
    Time Written: 20081121204009.000000+060
    Event Type: Informations
    User:

    Computer Name: SONY_VAIO
    Event Code: 1002
    Message: Les compteurs de performances pour le service ServiceModelEndpoint 3.0.0.0 (ServiceModelEndpoint 3.0.0.0) existent déjà dans le Registre
    des performances. Il n'est pas nécessaire de les réinstaller.

    Record Number: 851
    Source Name: LoadPerf
    Time Written: 20081121204009.000000+060
    Event Type: Informations
    User:

    Computer Name: SONY_VAIO
    Event Code: 1002
    Message: Les compteurs de performances pour le service SMSvcHost 3.0.0.0 (SMSvcHost 3.0.0.0) existent déjà dans le Registre
    des performances. Il n'est pas nécessaire de les réinstaller.

    Record Number: 850
    Source Name: LoadPerf
    Time Written: 20081121204008.000000+060
    Event Type: Informations
    User:

    Computer Name: SONY_VAIO
    Event Code: 1002
    Message: Les compteurs de performances pour le service MSDTC Bridge 3.0.0.0 (MSDTC Bridge 3.0.0.0) existent déjà dans le Registre
    des performances. Il n'est pas nécessaire de les réinstaller.

    Record Number: 849
    Source Name: LoadPerf
    Time Written: 20081121204008.000000+060
    Event Type: Informations
    User:

    Computer Name: SONY_VAIO
    Event Code: 0
    Message: The ServiceModelReg tool has completed successfully.

    Record Number: 848
    Source Name: System.ServiceModel.Install 3.0.0.0
    Time Written: 20081121203957.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\ESTsoft\ALZip;"C:\Program Files\Symantec\Norton Ghost 2003\"
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
    "PROCESSOR_REVISION"=0e0c
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "PYTHONPATH"=C:\Program Files\ArcGIS\bin
    "ARCGISHOME"=C:\Program Files\ArcGIS\
    "VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\

    -----------------EOF-----------------
    m
    0
    l
    Contenus similaires
    a c 296 8 Sécurité
    a b 9 Windows
    21 Mars 2009 14:31:59

    Tu as une grosse infection USB.

    L'auteur d'UsbFix ayant retiré son programme (UsbFix), je prends la responsabilité de te le faire utiliser. Merci aux autres de ne pas utiliser le lien de téléchargement donné.

  • Télécharge UsbFix sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix sur ton Bureau.
  • Choisis l'option 1 (Nettoyage).
  • Le PC va redémarrer.
  • Après redémarrage, poste le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

    (Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
    m
    0
    l
    21 Mars 2009 15:36:38

    oui ça doit être mon disque dur externe, ci-dessous le rapport UsbFix.txt



    -------------- UsbFix V2.414.3 ---------------

    * User : Home - SONY_VAIO
    * Outils mis a jours le 18/01/2009 par Chiquitine29 et Chimay8
    * Recherche effectuée à 15:29:19 le 21/03/2009
    * Windows Xp - Internet Explorer 6.0.2900.2180


    --------------- [ Processus actifs ] ----------------


    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\userinit.exe
    C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe

    D: - Lecteur fixe

    H: - Lecteur fixe


    +- Contenu de l'autorun : C:\autorun.inf

    [AutoRun]
    ;saKAJ4iK3wjCd2i
    open=d1vmq.exe
    ;0D
    shell\open\Command=d1vmq.exe


    +- Contenu de l'autorun : D:\autorun.inf

    [AutoRun]
    ;saKAJ4iK3wjCd2i
    open=d1vmq.exe
    ;0D
    shell\open\Command=d1vmq.exe


    +- Contenu de l'autorun : H:\autorun.inf

    [AutoRun]
    ;saKAJ4iK3wjCd2i
    open=d1vmq.exe
    ;0D
    shell\open\Command=d1vmq.exe


    --------------- [ Lecteur C ] ----------------

    C: - Lecteur fixe


    +- Listing des fichiers présents :

    [06/03/2009 21:53][-r-hs----] C:\2.bat
    [06/03/2009 21:53][-r-hs----] C:\AUTOEXEC.BAT
    [06/03/2009 21:53][-r-hs----] C:\h3.bat
    [06/03/2009 21:53][-r-hs----] C:\jm3cx96.bat
    [06/03/2009 21:53][-r-hs----] C:\pv6mxu.bat
    [06/03/2009 21:53][-r-hs----] C:\xsia.bat
    [06/03/2009 21:01][-r-hs----] C:\2.com
    [06/03/2009 21:01][-r-hs----] C:\dbrxubcw.com
    [06/03/2009 21:01][-r-hs----] C:\luk1ylq.com
    [06/03/2009 21:01][-r-hs----] C:\NTDETECT.COM
    [06/03/2009 21:01][-r-hs----] C:\ur0.com
    [21/08/2008 20:51][-r-hs----] C:\83l3v.cmd
    [21/08/2008 20:51][-r-hs----] C:\a1agmur.cmd
    [21/08/2008 20:51][-r-hs----] C:\gyn.cmd
    [21/08/2008 20:51][-r-hs----] C:\p1y2.cmd
    [21/08/2008 20:51][-r-hs----] C:\vva0hc0p.cmd
    [21/08/2008 20:51][-r-hs----] C:\yh.cmd
    [20/03/2009 22:48][-r-hs----] C:\d1vmq.exe
    [20/03/2009 22:48][-r-hs----] C:\gi2ky.exe
    [20/03/2009 22:48][-r-hs----] C:\o.exe
    [20/03/2009 22:48][-r-hs----] C:\q0dhfjf.exe
    [29/02/2008 10:41][---hs----] C:\boot.ini
    [21/03/2009 15:26][-r-hs----] C:\autorun.inf
    [21/03/2009 15:28][--a------] C:\TPHKLOCK.TXT
    [21/03/2009 15:28][--a------] C:\UsbFix.txt
    [28/02/2008 00:11][--a------] C:\CONFIG.SYS
    [28/02/2008 00:11][--a------] C:\IO.SYS
    [28/02/2008 00:11][--a------] C:\MSDOS.SYS
    [28/02/2008 00:11][--a------] C:\pagefile.sys

    --------------- [ Lecteur D ] ----------------

    D: - Lecteur fixe


    +- Listing des fichiers présents :

    [06/03/2009 21:53][-r-hs----] D:\2.bat
    [06/03/2009 21:53][-r-hs----] D:\jm3cx96.bat
    [06/03/2009 21:01][-r-hs----] D:\2.com
    [20/03/2009 22:48][-r-hs----] D:\d1vmq.exe
    [21/03/2009 15:26][-r-hs----] D:\autorun.inf

    --------------- [ Lecteur H ] ----------------

    H: - Lecteur fixe


    +- Listing des fichiers présents :

    [06/03/2009 21:53][-r-hs----] H:\2.bat
    [06/03/2009 21:53][-r-hs----] H:\h3.bat
    [06/03/2009 21:53][-r-hs----] H:\jm3cx96.bat
    [06/03/2009 21:53][-r-hs----] H:\pv6mxu.bat
    [06/03/2009 21:53][-r-hs----] H:\xsia.bat
    [06/03/2009 21:01][-r-hs----] H:\2.com
    [06/03/2009 21:01][-r-hs----] H:\dbrxubcw.com
    [06/03/2009 21:01][-r-hs----] H:\luk1ylq.com
    [06/03/2009 21:01][-r-hs----] H:\ur0.com
    [21/08/2008 20:51][-r-hs----] H:\83l3v.cmd
    [21/08/2008 20:51][-r-hs----] H:\a1agmur.cmd
    [21/08/2008 20:51][-r-hs----] H:\gyn.cmd
    [21/08/2008 20:51][-r-hs----] H:\p1y2.cmd
    [21/08/2008 20:51][-r-hs----] H:\vva0hc0p.cmd
    [21/08/2008 20:51][-r-hs----] H:\yh.cmd
    [20/03/2009 22:48][-r-hs----] H:\d1vmq.exe
    [20/03/2009 22:48][-r-hs----] H:\gi2ky.exe
    [20/03/2009 22:48][-r-hs----] H:\o.exe
    [20/03/2009 22:48][-r-hs----] H:\q0dhfjf.exe
    [21/03/2009 15:26][-r-hs----] H:\autorun.inf

    --------------- [ Registre / Startup ] ----------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\System32\\userinit.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://www.google.com"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
    Messenger (Yahoo!)="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
    Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    TrackPointSrv=C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
    ehTray=C:\WINDOWS\ehome\ehtray.exe
    ACTray=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    ACWLIcon=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    AwaySch=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    IgfxTray=C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
    Persistence=C:\WINDOWS\system32\igfxpers.exe
    TPHOTKEY=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    PWRMGRTR=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    BLOG=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
    SoundMAX=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    GhostStartTrayApp=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    Installed=1
    NoChange=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{018f9f30-8761-11dd-805d-00197e768cf6}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{018f9f30-8761-11dd-805d-00197e768cf6}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{018f9f30-8761-11dd-805d-00197e768cf6}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13d4442c-2a94-11dd-804f-00197e768cf6}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13d4442d-2a94-11dd-804f-00197e768cf6}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13d4442d-2a94-11dd-804f-00197e768cf6}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13d4442d-2a94-11dd-804f-00197e768cf6}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a565ebf6-9976-11dd-8071-00197e768cf6}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a565ebf6-9976-11dd-8071-00197e768cf6}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a565ebf6-9976-11dd-8071-00197e768cf6}\Shell\open\Command

    --------------- [ Nettoyage des disques ] ----------------

    Supprimé ! - [16/12/2008 09:03][-r-hs----] C:\WINDOWS\system32\vamsoft.exe
    Supprimé ! - [21/03/2009 13:55][-r-hs----] C:\WINDOWS\system32\olhrwef.exe
    Supprimé ! - [20/03/2009 22:48][-r-hs----] C:\WINDOWS\system32\urretnd.exe
    Supprimé ! - [10/08/2004 13:00][--a------] C:\WINDOWS\system32\afmain0.dll
    Echec de la supression !! - [10/08/2004 13:00] C:\WINDOWS\system32\afmain1.dll
    Supprimé ! - [13/10/2008 23:29][-r-hs----] C:\WINDOWS\system32\amvo.exe
    Supprimé ! - [20/03/2009 22:47][-r-hs----] C:\WINDOWS\system32\amvo0.dll
    Supprimé ! - [13/10/2008 23:29][-r-hs----] C:\WINDOWS\system32\amvo1.dll
    Supprimé ! - [10/08/2004 13:00][--a------] C:\WINDOWS\system32\Bitkv0.dll
    Supprimé ! - [10/08/2004 13:00][--a------] C:\WINDOWS\system32\Bitkv1.dll
    Supprimé ! - [20/03/2009 22:47][---------] C:\WINDOWS\system32\ckvo0.dll
    Supprimé ! - [17/03/2009 12:45][-r-hs----] C:\WINDOWS\system32\ckvo1.dll
    Supprimé ! - [20/03/2009 23:05][---------] C:\WINDOWS\system32\nmdfgds0.dll
    Supprimé ! - [21/03/2009 08:06][---------] C:\WINDOWS\system32\nmdfgds1.dll
    Supprimé ! - [21/03/2009 13:55][-r-hs----] C:\WINDOWS\system32\nmdfgds2.dll
    Supprimé ! - [20/03/2009 22:48][-r-hs----] C:\WINDOWS\system32\optyhww0.dll
    Supprimé ! - [18/03/2009 21:28][-r-hs----] C:\WINDOWS\system32\optyhww1.dll
    Supprimé ! - [20/03/2009 22:40][-r-hs----] C:\WINDOWS\system32\vbsdfe0.dll
    Supprimé ! - [18/03/2009 19:15][-r-hs----] C:\WINDOWS\system32\vbsdfe1.dll
    Supprimé ! - C:\DOCUME~1\Home\LOCALS~1\Temp\nsi72.tmp\System.dll
    Supprimé ! - C:\DOCUME~1\Home\LOCALS~1\Temp\nsu5.tmp\System.dll
    C:\autorun.inf ~> fichier appelé : "C:\d1vmq.exe" ( présent ! )
    Supprimé ! - C:\d1vmq.exe
    D:\autorun.inf ~> fichier appelé : "D:\d1vmq.exe" ( présent ! )
    Supprimé ! - D:\d1vmq.exe
    H:\autorun.inf ~> fichier appelé : "H:\d1vmq.exe" ( présent ! )
    Supprimé ! - H:\d1vmq.exe
    Supprimé ! - [21/08/2008 20:51][-r-hs----] C:\83l3v.cmd
    Supprimé ! - [15/10/2008 23:56][-r-hs----] C:\h3.bat
    Supprimé ! - [15/10/2008 23:56][-r-hs----] C:\p1y2.cmd
    Supprimé ! - [13/10/2008 23:29][-r-hs----] C:\pv6mxu.bat
    Supprimé ! - [06/10/2008 17:27][-r-hs----] C:\vva0hc0p.cmd
    Supprimé ! - [06/03/2009 21:53][-r-hs----] C:\2.bat
    Supprimé ! - [06/03/2009 21:01][-r-hs----] C:\2.com
    Supprimé ! - [03/03/2009 22:44][-r-hs----] C:\o.exe
    Supprimé ! - [21/03/2009 15:26][-r-hs----] C:\autorun.inf
    Supprimé ! - [06/03/2009 21:53][-r-hs----] D:\2.bat
    Supprimé ! - [06/03/2009 21:01][-r-hs----] D:\2.com
    Supprimé ! - [21/03/2009 15:26][-r-hs----] D:\autorun.inf
    Supprimé ! - [21/08/2008 20:51][-r-hs----] H:\83l3v.cmd
    Supprimé ! - [15/10/2008 23:56][-r-hs----] H:\h3.bat
    Supprimé ! - [15/10/2008 23:56][-r-hs----] H:\p1y2.cmd
    Supprimé ! - [13/10/2008 23:29][-r-hs----] H:\pv6mxu.bat
    Supprimé ! - [06/10/2008 17:27][-r-hs----] H:\vva0hc0p.cmd
    Supprimé ! - [06/03/2009 21:53][-r-hs----] H:\2.bat
    Supprimé ! - [06/03/2009 21:01][-r-hs----] H:\2.com
    Supprimé ! - [03/03/2009 22:44][-r-hs----] H:\o.exe
    Supprimé ! - [21/03/2009 15:26][-r-hs----] H:\autorun.inf

    --------------- [ Resumé ] ----------------

    -> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

    [28/02/2008 00:11][--a------] C:\AUTOEXEC.BAT
    [28/02/2008 00:11][--a------] C:\jm3cx96.bat
    [28/02/2008 00:11][--a------] C:\xsia.bat
    [05/03/2009 06:15][-r-hs----] C:\dbrxubcw.com
    [05/03/2009 06:15][-r-hs----] C:\luk1ylq.com
    [05/03/2009 06:15][-r-hs----] C:\NTDETECT.COM
    [05/03/2009 06:15][-r-hs----] C:\ur0.com
    [02/03/2009 19:24][-r-hs----] C:\a1agmur.cmd
    [02/03/2009 19:24][-r-hs----] C:\gyn.cmd
    [02/03/2009 19:24][-r-hs----] C:\yh.cmd
    [28/02/2009 22:33][-r-hs----] C:\gi2ky.exe
    [28/02/2009 22:33][-r-hs----] C:\q0dhfjf.exe
    [29/02/2008 10:41][---hs----] C:\boot.ini
    [21/03/2009 13:55][-r-hs----] D:\jm3cx96.bat
    [21/03/2009 13:55][-r-hs----] H:\jm3cx96.bat
    [21/03/2009 13:55][-r-hs----] H:\xsia.bat
    [05/03/2009 06:15][-r-hs----] H:\dbrxubcw.com
    [05/03/2009 06:15][-r-hs----] H:\luk1ylq.com
    [05/03/2009 06:15][-r-hs----] H:\ur0.com
    [02/03/2009 19:24][-r-hs----] H:\a1agmur.cmd
    [02/03/2009 19:24][-r-hs----] H:\gyn.cmd
    [02/03/2009 19:24][-r-hs----] H:\yh.cmd
    [28/02/2009 22:33][-r-hs----] H:\gi2ky.exe
    [28/02/2009 22:33][-r-hs----] H:\q0dhfjf.exe

    --------------- [ Vaccination ] ----------------

    C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    H:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

    --------------- ! Fin du rapport ! ----------------

    m
    0
    l
    a c 296 8 Sécurité
    a b 9 Windows
    21 Mars 2009 15:50:33

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    m
    0
    l
    21 Mars 2009 16:10:01

    et voilà le rapport combofix

    ComboFix 09-03-19.02 - Home 2009-03-21 15:58:42.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1014.417 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Home\Bureau\ComboFix.exe
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\a1agmur.cmd
    C:\dbrxubcw.com
    C:\gyn.cmd
    C:\jm3cx96.bat
    C:\xsia.bat
    C:\yh.cmd
    D:\jm3cx96.bat
    H:\a1agmur.cmd
    H:\dbrxubcw.com
    H:\gyn.cmd
    H:\jm3cx96.bat
    H:\xsia.bat
    H:\yh.cmd

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-21 au 2009-03-21 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-21 15:24 . 2009-03-21 15:30 <REP> d-------- c:\program files\UsbFix
    2009-03-21 08:09 . 2009-03-21 08:09 <REP> d-------- C:\rsit
    2009-03-20 23:15 . 2009-03-20 23:15 <REP> d-------- c:\program files\Trend Micro
    2009-03-20 23:01 . 2009-03-20 23:01 <REP> d-------- c:\program files\Avira
    2009-03-20 23:01 . 2009-03-20 23:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-03-20 22:51 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
    2009-03-20 22:51 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
    2009-03-20 22:35 . 2009-03-20 22:35 <REP> d-------- c:\windows\system32\IOSUBSYS
    2009-03-18 19:52 . 2009-03-18 21:28 110,053 -r-hs---- C:\q0dhfjf.exe
    2009-03-16 22:50 . 2009-03-17 13:01 111,435 -r-hs---- C:\luk1ylq.com
    2009-02-28 22:32 . 2004-08-10 13:00 70,656 --a------ c:\windows\AhnRpta.exe
    2009-02-28 22:18 . 2009-02-28 22:33 108,843 -r-hs---- C:\gi2ky.exe
    2009-02-28 22:13 . 2009-02-28 22:13 <REP> d-------- c:\program files\Philips
    2009-02-28 22:00 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
    2009-02-28 22:00 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
    2009-02-28 22:00 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
    2009-02-28 22:00 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
    2009-02-28 21:09 . 2009-03-18 20:42 <REP> dr------- c:\program files\Skype
    2009-02-28 20:29 . 2009-02-12 21:16 108,565 -r-hs---- C:\ur0.com

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-21 14:31 --------- d-----w c:\documents and settings\Home\Application Data\Skype
    2009-03-20 21:35 --------- d-----w c:\program files\Google
    2009-03-18 19:42 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
    2009-03-18 19:10 --------- d-----w c:\documents and settings\Home\Application Data\skypePM
    .

    ------- Sigcheck -------

    2004-11-25 23:20 506368 048cb871e6f98e41f072b85c67c30925 c:\windows\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-06-04 1542168]

    [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
    2008-06-04 01:26 1542168 --a------ c:\program files\IsoBuster\tbIsoB.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-06-04 1542168]

    [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-06-04 1542168]

    [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2007-11-08 92960]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-15 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-15 162328]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-15 137752]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-07 200704]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-07 208896]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-19 94208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

    c:\documents and settings\Home\Menu D‚marrer\Programmes\D‚marrage\
    VOIP321.lnk - c:\program files\Philips\VOIP321\VOIP321.exe [2007-05-03 376832]

    c:\documents and settings\Home\Menu D‚marrer\Programmes\D‚marrage\
    VOIP321.lnk - c:\program files\Philips\VOIP321\VOIP321.exe [2007-05-03 376832]

    c:\documents and settings\Home\Menu D‚marrer\Programmes\D‚marrage\
    VOIP321.lnk - c:\program files\Philips\VOIP321\VOIP321.exe [2007-05-03 376832]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - c:\program files\Menara\dslmon.exe [2008-09-24 839680]
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-09-20 278528]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2006-09-06 17:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2006-12-14 12:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    2007-07-05 15:52 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
    Notification Packages REG_MULTI_SZ scecli ACGina

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
    backup=c:\windows\pss\BTTray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
    --------- 2007-04-27 03:33 243248 c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
    --------- 2007-12-20 04:04 60704 c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
    --a------ 2007-01-09 17:28 868352 c:\program files\ThinkPad\Utilities\TpKmapAp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
    --a------ 2005-10-17 02:11 65536 c:\windows\system32\TP4EX.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-02-28 11520]
    R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [2002-08-14 5632]
    R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-02-28 4224]
    R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-02-28 4442]
    R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [2008-09-21 467968]
    R2 tp4serv;tp4serv;c:\program files\Lenovo\TrackPoint\tp4servinst.exe [2007-11-08 35616]
    R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2007-11-08 22568]
    S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-09-23 63555]
    S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-10 18560]
    S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-09-23 114616]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [2004-10-20 21344]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-21 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-12-07 02:22]
    .
    .
    ------- Examen supplémentaire -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Ajouter à Kaspersky Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Envoyer à Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\maoebn38.default\
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: h:\picasa3\npPicasa3.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-21 16:03:41
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(784)
    c:\windows\system32\tvt_gina.dll
    c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACON.dll
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
    c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
    c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
    c:\program files\ThinkPad\ConnectUtilities\Res\FR\ACGinaRes.dll
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\Lenovo\HOTKEY\tphklock.dll

    - - - - - - - > 'lsass.exe'(840)
    c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACON.dll
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
    c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
    c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\ESRI\License\arcgis9x\lmgrd.exe
    c:\windows\ehome\ehRecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
    c:\program files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    c:\windows\system32\TpKmpSvc.exe
    c:\progra~1\ESRI\License\arcgis9x\ARCGIS.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\windows\system32\dllhost.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\windows\ehome\ehmsas.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\ZOOM\TpScrex.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-21 16:06:41 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-21 15:06:38

    Avant-CF: 839 413 760 octets libres
    Après-CF: 1,107,939,328 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    243
    m
    0
    l
    a c 296 8 Sécurité
    a b 9 Windows
    21 Mars 2009 16:18:04

    /!\ Seul ammoun25 peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    --> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    File::
    C:\luk1ylq.com
    C:\ur0.com
    C:\gi2ky.exe
    C:\q0dhfjf.exe
    H:\luk1ylq.com
    H:\ur0.com
    H:\gi2ky.exe
    H:\q0dhfjf.exe


    --> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    --> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    m
    0
    l
    21 Mars 2009 17:30:13

    voilà le rapport:b



    ComboFix 09-03-19.02 - Home 2009-03-21 16:24:05.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1014.423 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Home\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Home\Bureau\CFScript.txt
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé

    FILE ::
    C:\gi2ky.exe
    C:\luk1ylq.com
    C:\q0dhfjf.exe
    C:\ur0.com
    H:\gi2ky.exe
    H:\luk1ylq.com
    H:\q0dhfjf.exe
    H:\ur0.com
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\gi2ky.exe
    C:\luk1ylq.com
    C:\q0dhfjf.exe
    C:\ur0.com
    H:\gi2ky.exe
    H:\luk1ylq.com
    H:\q0dhfjf.exe
    H:\ur0.com

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-21 au 2009-03-21 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-21 15:24 . 2009-03-21 15:30 <REP> d-------- c:\program files\UsbFix
    2009-03-21 08:09 . 2009-03-21 08:09 <REP> d-------- C:\rsit
    2009-03-20 23:15 . 2009-03-20 23:15 <REP> d-------- c:\program files\Trend Micro
    2009-03-20 23:01 . 2009-03-20 23:01 <REP> d-------- c:\program files\Avira
    2009-03-20 23:01 . 2009-03-20 23:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-03-20 22:51 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
    2009-03-20 22:51 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
    2009-03-20 22:35 . 2009-03-20 22:35 <REP> d-------- c:\windows\system32\IOSUBSYS
    2009-02-28 22:32 . 2004-08-10 13:00 70,656 --a------ c:\windows\AhnRpta.exe
    2009-02-28 22:13 . 2009-02-28 22:13 <REP> d-------- c:\program files\Philips
    2009-02-28 22:00 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
    2009-02-28 22:00 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
    2009-02-28 22:00 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
    2009-02-28 22:00 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
    2009-02-28 21:09 . 2009-03-18 20:42 <REP> dr------- c:\program files\Skype

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-21 15:22 --------- d-----w c:\documents and settings\Home\Application Data\Skype
    2009-03-20 21:35 --------- d-----w c:\program files\Google
    2009-03-18 19:42 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
    2009-03-18 19:10 --------- d-----w c:\documents and settings\Home\Application Data\skypePM
    .

    ------- Sigcheck -------

    2004-11-25 23:20 506368 048cb871e6f98e41f072b85c67c30925 c:\windows\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-03-21_16.05.29.20 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-03-21 15:28:44 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_a30.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-06-04 1542168]

    [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
    2008-06-04 01:26 1542168 --a------ c:\program files\IsoBuster\tbIsoB.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-06-04 1542168]

    [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-06-04 1542168]

    [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2007-11-08 92960]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-15 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-15 162328]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-15 137752]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-07 200704]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-07 208896]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-19 94208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

    c:\documents and settings\Home\Menu D‚marrer\Programmes\D‚marrage\
    VOIP321.lnk - c:\program files\Philips\VOIP321\VOIP321.exe [2007-05-03 376832]

    c:\documents and settings\Home\Menu D‚marrer\Programmes\D‚marrage\
    VOIP321.lnk - c:\program files\Philips\VOIP321\VOIP321.exe [2007-05-03 376832]

    c:\documents and settings\Home\Menu D‚marrer\Programmes\D‚marrage\
    VOIP321.lnk - c:\program files\Philips\VOIP321\VOIP321.exe [2007-05-03 376832]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - c:\program files\Menara\dslmon.exe [2008-09-24 839680]
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-09-20 278528]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2006-09-06 17:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2006-12-14 12:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    2007-07-05 15:52 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
    Notification Packages REG_MULTI_SZ scecli ACGina

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
    backup=c:\windows\pss\BTTray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
    --------- 2007-04-27 03:33 243248 c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
    --------- 2007-12-20 04:04 60704 c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
    --a------ 2007-01-09 17:28 868352 c:\program files\ThinkPad\Utilities\TpKmapAp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
    --a------ 2005-10-17 02:11 65536 c:\windows\system32\TP4EX.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-02-28 11520]
    R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [2002-08-14 5632]
    R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-02-28 4224]
    R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-02-28 4442]
    R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [2008-09-21 467968]
    R2 tp4serv;tp4serv;c:\program files\Lenovo\TrackPoint\tp4servinst.exe [2007-11-08 35616]
    R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2007-11-08 22568]
    S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-09-23 63555]
    S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-10 18560]
    S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-09-23 114616]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [2004-10-20 21344]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-21 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-12-07 02:22]
    .
    .
    ------- Examen supplémentaire -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Ajouter à Kaspersky Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Envoyer à Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\maoebn38.default\
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: h:\picasa3\npPicasa3.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-21 16:28:48
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(784)
    c:\windows\system32\tvt_gina.dll
    c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACON.dll
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
    c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
    c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
    c:\program files\ThinkPad\ConnectUtilities\Res\FR\ACGinaRes.dll
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\Lenovo\HOTKEY\tphklock.dll

    - - - - - - - > 'lsass.exe'(840)
    c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACON.dll
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
    c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
    c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\ESRI\License\arcgis9x\lmgrd.exe
    c:\windows\ehome\ehRecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
    c:\progra~1\ESRI\License\arcgis9x\ARCGIS.EXE
    c:\program files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    c:\windows\system32\TpKmpSvc.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\windows\system32\dllhost.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\windows\ehome\ehmsas.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\ZOOM\TpScrex.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-21 16:31:48 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-21 15:31:45
    ComboFix2.txt 2009-03-21 15:06:42

    Avant-CF: 1 093 218 304 octets libres
    Après-CF: 1,081,667,584 octets libres

    242
    m
    0
    l
    a c 296 8 Sécurité
    a b 9 Windows
    21 Mars 2009 19:01:31

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS