Se connecter / S'enregistrer
Votre question

[Resolu] Rediriger vers d'autres sites

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Mars 2009 11:37:19

Bonjour,
Depuis hier, je suis redirigé vers des sites non désirés quand j'effectue une recherche sur Google. Je suis même éjecté d'internet explorer (j'ai essayé avec un autre navigateur, même chose) parfois automatiquement (en particulier sur le site PRICEMINISTER). J'ai essayé MALWARE, qui n'a rien trouvé. Je vous poste le rapport ci-dessous. Si quelqu'un peut m'aider, ce serait sympa. Merci

Le rapport :

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1861
Windows 5.1.2600 Service Pack 3

18/03/2009 11:13:14
mbam-log-2009-03-18 (11-13-14).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 174656
Temps écoulé: 21 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Autres pages sur : resolu rediriger vers sites

a c 267 8 Sécurité
18 Mars 2009 12:01:26

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    18 Mars 2009 12:20:52

    Merci, voici les 2 rapports :

    Le 1er :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by A at 2009-03-18 12:17:28
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 36 GB (38%) free of 93 GB
    Total RAM: 1022 MB (58% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:17:29, on 18/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Mio Technology\MioSync\mioSync.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\A\Bureau\RSIT.exe
    C:\Program Files\trend micro\A.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.orange.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
    O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://photoservice.fujicolor.de/ips-opdata/operator/27...
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    --
    End of file - 12594 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-27 251504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-27 657904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-27 522224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-27 251504]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"=Alaunch []
    "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112]
    "ntiMUI"=c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]
    ""= []
    "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
    "nwiz"=nwiz.exe /install []
    "AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe [2006-01-19 110592]
    "MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe [2005-09-21 425984]
    "eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 397312]
    "MemoryCardManager"=C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe [2004-02-02 139264]
    "MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2006-01-17 135168]
    "mmtask"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2006-01-17 53248]
    "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
    "SystrayORAHSS"=C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [2007-01-04 90112]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 81920]
    "OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-05-15 54576]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
    "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
    "LXBSCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll []
    "orahssStartup"=C:\Program Files\OrangeHSS\Launcher\Launcher.exe [2007-01-04 462848]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-07-31 139264]
    "Orange Desktop Search"=C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe [2006-11-02 4937512]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-04 68856]
    "OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2008-05-15 95536]
    "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-12-09 234856]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
    MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=95000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
    "C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"
    "C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62e4b672-22b6-11dd-a34b-001558255a6c}]
    shell\AutoRun\command - G:\InstallTomTomHOME.exe


    ======List of files/folders created in the last 1 months======

    2009-03-18 12:14:00 ----D---- C:\Program Files\trend micro
    2009-03-18 12:13:58 ----D---- C:\rsit
    2009-03-18 11:49:16 ----D---- C:\WINDOWS\system32\Kaspersky Lab
    2009-03-18 11:49:13 ----D---- C:\WINDOWS\LastGood
    2009-03-17 16:46:42 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-03-17 16:46:42 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-17 15:04:02 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
    2009-03-17 14:48:37 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-03-17 13:19:40 ----D---- C:\Documents and Settings\A\Application Data\Malwarebytes
    2009-03-17 13:19:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-03-11 13:48:37 ----HD---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-11 13:48:30 ----HD---- C:\WINDOWS\$NtUninstallKB958690$
    2009-02-25 22:57:54 ----HD---- C:\WINDOWS\$NtUninstallKB967715$

    ======List of files/folders modified in the last 1 months======

    2009-03-18 09:24:16 ----A---- C:\WINDOWS\system32\eRLog.ini
    2009-03-18 09:22:06 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-15 17:07:14 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-03-04 19:05:50 ----A---- C:\WINDOWS\BBW_INFO.INI
    2009-02-25 21:55:00 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
    R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
    R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
    R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
    R2 KM8G8W47;KM8G8W47; \??\C:\WINDOWS\System32\Drivers\TVKS0706.sys []
    R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 Ma730Pt;MA730 Bluetooth VCOM Driver; C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2006-09-21 103040]
    R3 Ma730Vad;MA730 Bluetooth Audio; C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2005-11-22 23376]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-23 6144]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
    R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 1a973fc0-4a2c-4f74-bbfa-dd3867f3d329;1a973fc0-4a2c-4f74-bbfa-dd3867f3d329; \??\E:\Player\cds300.dll []
    S3 a01e29f0-e143-4785-bbee-dc46614f886f;a01e29f0-e143-4785-bbee-dc46614f886f; \??\E:\Player\cds300.dll []
    S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
    S3 Ma730c;MA730 Bluetooth Core Driver; C:\WINDOWS\system32\DRIVERS\MA730C.sys [2006-11-02 155648]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 PAC207;SoC PC-Camer@; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
    S3 usbser;USB Serial emulation modem driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
    S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-04 32128]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-01-04 57344]
    R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-11 168432]
    R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-04 155716]
    R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 lxbs_device;lxbs_device; C:\WINDOWS\system32\lxbscoms.exe [2004-02-20 421888]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-07-31 720896]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

    -----------------EOF-----------------

    Le 2ème :

    info.txt logfile of random's system information tool 1.05 2009-03-18 12:14:12

    ======Uninstall list======

    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x40c
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.44 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
    Acer eConsole-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}\setup.exe" -l0x40c
    Acer eMode Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}\setup.exe" -l0x40c
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
    ALCATEL PC Suite V6.2.7-->"C:\Program Files\ALCATEL PC Suite\unins000.exe"
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Astérix Maxi-Délirium-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09C8B025-F0C5-4EF2-BC4F-399269BDE0C8}\setup.exe"
    Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Bugs Bunny - Voyage à travers le temps-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Infogrames\Bugs Bunny - Voyage à travers le temps\Uninst.isu"
    Bugs Bunny et Taz - La Spirale du Temps-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Infogrames\Bugs Bunny et Taz - La Spirale du Temps\Uninst.isu"
    Cars Quatre Roues - Aventures à Radiator Springs-->"C:\Program Files\THQ\Disney-PIXAR\Cars Quatre Roues\Aventures à Radiator Springs\Uninstall_Cars Quatre Roues - Aventures à Radiator Springs\Uninstall Cars Quatre Roues - Aventures à Radiator Springs.exe"
    Correctif Lecteur Windows Media 10 - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
    eMedia Starter Guitar Lessons-->"C:\Program Files\eMedia Starter Guitar Lessons\Uninstall.exe" "C:\Program Files\eMedia Starter Guitar Lessons\install.log"
    EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x40c UNINSTALL
    Euro Rally Champion-->MsiExec.exe /X{692BC747-FF37-4210-8E0B-F5157FCDE7BF}
    foobar2000 v0.9.5.1-->"C:\Program Files\foobar2000\uninstall.exe"
    Ford Racing 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{797E03F8-C8A0-47ED-AA9F-D7076276E491}\setup.exe"
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
    Harry Potter TM-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F50AF3B-8997-4916-0095-99D63DDB785A}\setup.exe" -l0x40c Uninstall
    Hercules-->C:\WINDOWS\unin040c.exe -fC:\Disney\Hercules\DeIsL2.isu
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
    Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Lexmark 810 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBSUNST.EXE -NOLICENSE
    Lexmark Precision Photo-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{56F81937-C3B5-4C98-A260-E47B631709D7} /l1036 /z/U
    Livebox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
    Lyra Jukebox Applications-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3374B4A6-5595-4667-882D-755ABE093806}\Setup.exe" -l0x9 -remove
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Mio Technology Speedcam Synchronisation ( PNA Version ) 1.2.10.07.06-->C:\PROGRA~1\MIOTEC~1\MioSync\Setup.exe /remove
    MioTransfer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49F00501-E02F-458F-8AED-85949AB9656F}\Setup.exe" -l0x9
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Monopoly-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7E7EC5E-4349-4E40-B37C-4342188B86EC}\setup.exe" -l0x40c
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x40c -uninst
    Navigateur Orange-->C:\Program Files\OrangeHSS\Uninstall\Browser\Shell.exe MainUninstall.shl
    Nero 7 Premium-->MsiExec.exe /I{11439F51-B8D2-4736-9CDF-8889FEBE1036}
    Nero Sipps-->C:\WINDOWS\UNNeroSipps.exe /UNINSTALL
    NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
    NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
    NTI HomeVideo-Maker-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8A6F713-D72D-47AD-A92D-B5C0E13F98C1}\setup.exe" -l0x40c
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OLYMPUS Master 2-->MsiExec.exe /X{45FCADDB-0B29-457E-83A1-D245C62A716C}
    OLYMPUS muvee theaterPack-->MsiExec.exe /X{B3282FB8-874B-4054-8356-9EB391A826F9}
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
    Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
    Orange Plug-in messagerie vocale 888-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}\Setup.exe" -l0x40c --AddRemove
    Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
    PC Camer@-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5} /l1036
    PG Music DirectX Plugins 1.3.4.1-->"C:\Program Files\PowerTracks DirectX Plugins\unins000.exe"
    PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    Presto! PageManager for EPSON-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\NewSoft\PageManager\DeIsL1.isu"
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    QVGDM Seconde Edition-->MsiExec.exe /I{735D1B9F-A9A4-4FF2-A830-96C150883B97}
    RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
    Ri4m v5.0.1d-->C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
    Roady Racer-->"C:\Program Files\Roady Racer\unins000.exe"
    Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
    Scooby-Doo (TM), Le Mystère du Château hanté(TM)-->C:\Program Files\Mindscape\Scooby-Doo (TM), Le Mystère du Château hanté(TM)\uninstal.exe
    Scooby-Doo 2 - Les monstres se déchaînent-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D7636EB-A089-44B2-BE30-BB301E9C88CB}\setup.exe" -l0x40c -uninst
    Scooby-Doo(TM), Panique dans la Ville fantôme(TM)-->C:\Program Files\Mindscape\Scooby-Doo(TM), Panique dans la Ville fantôme(TM)\uninstal.exe
    SdLL - Super Vacances vers le CE1-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\SdLL\SupVacCE1\Uninst.isu"
    Sports d'hiver-->"C:\Program Files\Micro Application\Sports d'hiver\unins000.exe"
    Styles 62: Requested 6-->"c:\bb\unins005.exe"
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    TomTom HOME 2.5.2.60-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
    Toy Story 2-->C:\WINDOWS\IsUn040c.exe -fC:\PROGRA~2\DISNEY~1\JEUDAC~1\DeIsL1.isu
    VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
    VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    VirtualDubMOD 1.5.10.3 Fr-->"C:\Program Files\VirtualDubMOD\unins000.exe"
    Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Security center information======

    AV: Norton AntiVirus 2005
    AV: avast! antivirus 4.8.1335 [VPS 090317-0]
    FW: Norton Internet Worm Protection

    System event log

    Computer Name: ACER-9DEB84EBB9
    Event Code: 7036
    Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

    Record Number: 58268
    Source Name: Service Control Manager
    Time Written: 20090215100049.000000+060
    Event Type: Informations
    User:

    Computer Name: ACER-9DEB84EBB9
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service int15.sys.

    Record Number: 58267
    Source Name: Service Control Manager
    Time Written: 20090215100049.000000+060
    Event Type: Informations
    User: ACER-9DEB84EBB9\A

    Computer Name: ACER-9DEB84EBB9
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

    Record Number: 58266
    Source Name: Service Control Manager
    Time Written: 20090215100049.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: ACER-9DEB84EBB9
    Event Code: 7036
    Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.

    Record Number: 58265
    Source Name: Service Control Manager
    Time Written: 20090215100049.000000+060
    Event Type: Informations
    User:

    Computer Name: ACER-9DEB84EBB9
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

    Record Number: 58264
    Source Name: Service Control Manager
    Time Written: 20090215100049.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Application event log

    Computer Name: ACER-9DEB84EBB9
    Event Code: 0
    Message:
    Record Number: 9611
    Source Name: Acer Media Server
    Time Written: 20080517161009.000000+120
    Event Type: Informations
    User:

    Computer Name: ACER-9DEB84EBB9
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 9610
    Source Name: SecurityCenter
    Time Written: 20080517125515.000000+120
    Event Type: Informations
    User:

    Computer Name: ACER-9DEB84EBB9
    Event Code: 32068
    Message: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement.
    Code de pays/région : '*'
    Indicatif régional : '*'

    Record Number: 9609
    Source Name: Microsoft Fax
    Time Written: 20080517125458.000000+120
    Event Type: Avertissement
    User:

    Computer Name: ACER-9DEB84EBB9
    Event Code: 32026
    Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).
    Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

    Record Number: 9608
    Source Name: Microsoft Fax
    Time Written: 20080517125458.000000+120
    Event Type: Avertissement
    User:

    Computer Name: ACER-9DEB84EBB9
    Event Code: 105
    Message: The service was started.

    Record Number: 9607
    Source Name: STI Simulator
    Time Written: 20080517125455.000000+120
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=2f02
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------



    Contenus similaires
    a c 267 8 Sécurité
    18 Mars 2009 12:30:49

    Je ne vois pas d'infection, l'infection est peut-être cachée.

  • Télécharge Gmer.
  • Extrais l'archive (Clic droit > Extraire) puis renomme gmer.exe en IDN.exe (Le .exe n'est pas forcément visible).
  • Double-clique sur IDN.exe.
  • Onglet "Rootkit/Malware", clique sur "Scan" puis patiente.
  • En fin de traitement, clique sur "Save..." et enregistre sur ton Bureau "301108.txt".
  • Double-clique sur "301108.txt", le rapport apparaît, poste-le.
    18 Mars 2009 12:42:51

    Voilà le rapport Gmer :

    GMER 1.0.15.14939 - http://www.gmer.net
    Rootkit scan 2009-03-18 12:41:15
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF42C46B8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF42C4574]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF42C4A52]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF42C414C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF42C464E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF42C408C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF42C40F0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF42C476E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF42C472E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF42C48AE]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\spoolsv.exe[184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\system32\spoolsv.exe[184] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\system32\spoolsv.exe[184] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\system32\spoolsv.exe[184] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\system32\spoolsv.exe[184] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\system32\spoolsv.exe[184] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\WINDOWS\system32\nvsvc32.exe[248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 108431F8
    .text C:\WINDOWS\system32\nvsvc32.exe[248] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10843140
    .text C:\WINDOWS\system32\nvsvc32.exe[248] ws2_32.dll!send 719F4C27 5 Bytes JMP 10842BA4
    .text C:\WINDOWS\system32\nvsvc32.exe[248] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10842404
    .text C:\WINDOWS\system32\nvsvc32.exe[248] ws2_32.dll!recv 719F676F 5 Bytes JMP 10842388
    .text C:\WINDOWS\system32\nvsvc32.exe[248] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 108430F4
    .text C:\WINDOWS\system32\svchost.exe[432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\system32\svchost.exe[432] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\system32\svchost.exe[432] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\system32\svchost.exe[432] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\system32\svchost.exe[432] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\system32\svchost.exe[432] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\system32\svchost.exe[944] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\system32\svchost.exe[944] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\system32\svchost.exe[944] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\system32\svchost.exe[944] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\system32\svchost.exe[944] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\system32\svchost.exe[996] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\system32\svchost.exe[996] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\system32\svchost.exe[996] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\system32\svchost.exe[996] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\system32\svchost.exe[996] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100131F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 4437F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 4451187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 44511800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 44511844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 4451178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 445117C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 445118BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 443A16F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10013140
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] ws2_32.dll!send 719F4C27 5 Bytes JMP 10012BA4
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10012404
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] ws2_32.dll!recv 719F676F 5 Bytes JMP 10012388
    .text C:\Program Files\Internet Explorer\iexplore.exe[1028] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100130F4
    .text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\System32\svchost.exe[1100] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\System32\svchost.exe[1100] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\System32\svchost.exe[1100] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\System32\svchost.exe[1100] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\System32\svchost.exe[1100] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\system32\svchost.exe[1172] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\system32\svchost.exe[1172] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\system32\svchost.exe[1172] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\system32\svchost.exe[1172] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\system32\svchost.exe[1172] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\system32\svchost.exe[1420] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\system32\svchost.exe[1420] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\system32\svchost.exe[1420] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\system32\svchost.exe[1420] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\system32\svchost.exe[1420] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100C31F8
    .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[1448] ws2_32.dll!connect 719F4A07 5 Bytes JMP 100C3140
    .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[1448] ws2_32.dll!send 719F4C27 5 Bytes JMP 100C2BA4
    .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[1448] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 100C2404
    .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[1448] ws2_32.dll!recv 719F676F 5 Bytes JMP 100C2388
    .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[1448] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100C30F4
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2008] WS2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2008] WS2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2008] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2008] WS2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2008] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\WINDOWS\System32\svchost.exe[2064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\System32\svchost.exe[2064] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\System32\svchost.exe[2064] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\System32\svchost.exe[2064] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\System32\svchost.exe[2064] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\System32\svchost.exe[2064] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2400] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2400] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2400] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2400] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2400] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2580] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2580] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2580] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2580] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe[2580] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\WINDOWS\System32\alg.exe[2644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\System32\alg.exe[2644] WS2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\System32\alg.exe[2644] WS2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\System32\alg.exe[2644] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\System32\alg.exe[2644] WS2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\System32\alg.exe[2644] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\WINDOWS\SOUNDMAN.EXE[2956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\SOUNDMAN.EXE[2956] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\SOUNDMAN.EXE[2956] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\SOUNDMAN.EXE[2956] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\SOUNDMAN.EXE[2956] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\SOUNDMAN.EXE[2956] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[3176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100431F8
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[3176] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10043140
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[3176] ws2_32.dll!send 719F4C27 5 Bytes JMP 10042BA4
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[3176] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10042404
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[3176] ws2_32.dll!recv 719F676F 5 Bytes JMP 10042388
    .text C:\Acer\Empowering Technology\eRecovery\Monitor.exe[3176] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100430F4
    .text C:\Program Files\OrangeHSS\Systray\SystrayApp.exe[3268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100C31F8
    .text C:\Program Files\OrangeHSS\Systray\SystrayApp.exe[3268] ws2_32.dll!connect 719F4A07 5 Bytes JMP 100C3140
    .text C:\Program Files\OrangeHSS\Systray\SystrayApp.exe[3268] ws2_32.dll!send 719F4C27 5 Bytes JMP 100C2BA4
    .text C:\Program Files\OrangeHSS\Systray\SystrayApp.exe[3268] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 100C2404
    .text C:\Program Files\OrangeHSS\Systray\SystrayApp.exe[3268] ws2_32.dll!recv 719F676F 5 Bytes JMP 100C2388
    .text C:\Program Files\OrangeHSS\Systray\SystrayApp.exe[3268] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100C30F4
    .text C:\WINDOWS\system32\RUNDLL32.EXE[3280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\system32\RUNDLL32.EXE[3280] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\system32\RUNDLL32.EXE[3280] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\system32\RUNDLL32.EXE[3280] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\system32\RUNDLL32.EXE[3280] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\system32\RUNDLL32.EXE[3280] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\Program Files\iTunes\iTunesHelper.exe[3392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100131F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[3392] WS2_32.dll!connect 719F4A07 5 Bytes JMP 10013140
    .text C:\Program Files\iTunes\iTunesHelper.exe[3392] WS2_32.dll!send 719F4C27 5 Bytes JMP 10012BA4
    .text C:\Program Files\iTunes\iTunesHelper.exe[3392] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10012404
    .text C:\Program Files\iTunes\iTunesHelper.exe[3392] WS2_32.dll!recv 719F676F 5 Bytes JMP 10012388
    .text C:\Program Files\iTunes\iTunesHelper.exe[3392] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 100130F4
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3412] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3412] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3412] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3412] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\Program Files\Java\jre6\bin\jusched.exe[3412] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100231F8
    .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3480] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10023140
    .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3480] ws2_32.dll!send 719F4C27 5 Bytes JMP 10022BA4
    .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3480] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10022404
    .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3480] ws2_32.dll!recv 719F676F 5 Bytes JMP 10022388
    .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3480] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100230F4
    .text C:\WINDOWS\system32\ctfmon.exe[3496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\WINDOWS\system32\ctfmon.exe[3496] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\WINDOWS\system32\ctfmon.exe[3496] ws2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\WINDOWS\system32\ctfmon.exe[3496] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\WINDOWS\system32\ctfmon.exe[3496] ws2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\WINDOWS\system32\ctfmon.exe[3496] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe[3524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100031F8
    .text C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe[3524] WS2_32.dll!connect 719F4A07 5 Bytes JMP 10003140
    .text C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe[3524] WS2_32.dll!send 719F4C27 5 Bytes JMP 10002BA4
    .text C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe[3524] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10002404
    .text C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe[3524] WS2_32.dll!recv 719F676F 5 Bytes JMP 10002388
    .text C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe[3524] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 100030F4
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100231F8
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3536] WS2_32.dll!connect 719F4A07 5 Bytes JMP 10023140
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3536] WS2_32.dll!send 719F4C27 5 Bytes JMP 10022BA4
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3536] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10022404
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3536] WS2_32.dll!recv 719F676F 5 Bytes JMP 10022388
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3536] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 100230F4
    .text C:\Program Files\Mio Technology\MioSync\mioSync.exe[3708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100231F8
    .text C:\Program Files\Mio Technology\MioSync\mioSync.exe[3708] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10023140
    .text C:\Program Files\Mio Technology\MioSync\mioSync.exe[3708] ws2_32.dll!send 719F4C27 5 Bytes JMP 10022BA4
    .text C:\Program Files\Mio Technology\MioSync\mioSync.exe[3708] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10022404
    .text C:\Program Files\Mio Technology\MioSync\mioSync.exe[3708] ws2_32.dll!recv 719F676F 5 Bytes JMP 10022388
    .text C:\Program Files\Mio Technology\MioSync\mioSync.exe[3708] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100230F4
    .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[3716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100231F8
    .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[3716] WS2_32.dll!connect 719F4A07 5 Bytes JMP 10023140
    .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[3716] WS2_32.dll!send 719F4C27 5 Bytes JMP 10022BA4
    .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[3716] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10022404
    .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[3716] WS2_32.dll!recv 719F676F 5 Bytes JMP 10022388
    .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[3716] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 100230F4
    .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[4024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100131F8
    .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[4024] ws2_32.dll!connect 719F4A07 5 Bytes JMP 10013140
    .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[4024] ws2_32.dll!send 719F4C27 5 Bytes JMP 10012BA4
    .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[4024] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 10012404
    .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[4024] ws2_32.dll!recv 719F676F 5 Bytes JMP 10012388
    .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[4024] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 100130F4

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
    IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device ACPI.sys (Pilote ACPI pour NT/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    ---- EOF - GMER 1.0.15 ----
    a c 267 8 Sécurité
    18 Mars 2009 12:57:52

    Rien de particulier, supprime GMER.

  • Télécharge Catchme (de Przemyslaw Gmerek) sur ton Bureau.
  • Double-clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton Bureau.)
    18 Mars 2009 13:00:58

    Encore merci de prendre du temps pour m'aider

    Le rapport catchme :

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXBSCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0
    a c 267 8 Sécurité
    18 Mars 2009 13:02:22

  • Supprime Catchme.

    Ton PC n'a pas l'air infecté.
    18 Mars 2009 13:07:16

    Et ça peut venir d'où le problème ?
    a c 267 8 Sécurité
    18 Mars 2009 13:09:55

    Je ne sais pas, je vais voir ça avec d'autres personnes.

    Je te donne des nouvelles dans la soirée.
    18 Mars 2009 13:11:02

    OK merci beaucoup.
    18 Mars 2009 13:57:35

    Encore moi ! Je ne sais pas si les manips que tu m'as fait faire ont résolu mon pb mais ça en a tout l'air car je peux à nouveau consulter les articles du site PRICEMINISTER sans qu'IE ne se ferme (je ne pouvais plus qu'accèder à la page d'accueil) et je n'ai pas été redirigé vers des sites non désirés après plusieurs essais différents. Espérons que ça dure !
    Merci beaucoup
    a c 267 8 Sécurité
    18 Mars 2009 15:17:59

    Ok.

  • Désinstalle les programmes suivants :
    - HijackThis
    - J2SE Runtime Environment 5.0 Update 5
    - J2SE Runtime Environment 5.0 Update 6
    - Java 6 Update 11
    - Java 6 Update 2
    - Java 6 Update 3
    - Java 6 Update 5
    - Java 6 Update 7
    - Java SE Runtime Environment 6 Update 1

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

    Je te conseille de remplacer Avast par Antivir que je trouve plus efficace car Avast met plus de temps à intégrer les nouvelles infections.

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.
    18 Mars 2009 17:24:22

    J'ai suivi tes dernières consignes encore merci.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS