Se connecter / S'enregistrer
Votre question

Virus et disparition du fond d'écran [Résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Mars 2009 11:54:20

Bonjour,

Je sollicite votre aide pour enlever un virus de l'ordinateur.

Il supprime mon fond d'écran habituel, pour le remplacer par un fond d'écran noir avec écrit en jaune et blanc dessus :

"Dangerous spyware"

"Many viruses were found on your computer such as : Trojan horse, PassCapture, etc."
"Your personal information can fall into in the "third hands".

"Please check up the computer with a special Software."
"Thank"

Une grosse croix blanche et rouge est également apparue dans la barre de tâches, avec une fenêtre m'invitant à démarrer un scan avec un logiciel anti-spyware ; quand je clique sur cette fenêtre, cela me dirige sur internet pour télécharger Antivirus XP Pro.

Je possède Ad-Aware, Avast et Spyware Terminator, j'ai scanné le PC pendant une heure avec tout ça, cela m'a viré des trucs, mais j'en suis toujours au même point.

Je suis sous XP.

Voilà un log HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43, on 2009-03-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: crawler search - tbr:iemenu
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7d368dd65cb3489abda204c8e2839ac8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7d368dd65cb3489abda204c8e2839ac8
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: efcDUlii - efcDUlii.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 14509 bytes

Je précise que MSN marche, Internet et les jeux vidéo aussi, y'a pas de problème particulier, juste le fond d'écran ; mais évidemment, ça me fait un peu peur quand même ;) 

Voilà, en attente de vos réponses.

Bien à vous,
Vincent

Autres pages sur : virus disparition fond ecran resolu

a c 275 8 Sécurité
2 Mars 2009 17:04:03

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit\.
    m
    0
    l
    2 Mars 2009 18:10:34

    Merci de la réponse ;) 

    Voilà les deux fichiers :

    - log.txt

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by HP_Propriétaire at 2009-03-02 18:08:31
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 86 GB (46%) free of 185 GB
    Total RAM: 958 MB (8% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:08, on 2009-03-02
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\WINDOWS\system32\frmwrk32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Crawler\CToolbar.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\HP_Propriétaire\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\HP_Propriétaire.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
    O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~1\Crawler\ctbr.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
    O8 - Extra context menu item: crawler search - tbr:iemenu
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7d368dd65cb3489abda204c8e2839ac8
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7d368dd65cb3489abda204c8e2839ac8
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
    O20 - Winlogon Notify: efcDUlii - efcDUlii.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 14697 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1cb20bf0-bbae-40a7-93f4-6435ff3d0411}]
    C:\PROGRA~1\Crawler\ctbr.dll [2009-02-27 1196544]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-09 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-12-07 399424]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-01-19 2436160]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
    {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Barre d'outils &Crawler - C:\PROGRA~1\Crawler\ctbr.dll [2009-02-27 1196544]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "USBToolTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2004-04-23 192512]
    "USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2004-04-06 61440]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-09 136600]
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]
    "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]
    "PCLEPCI"=C:\PROGRA~1\Pinnacle\PPE\PPE.EXE [2004-02-03 49152]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
    "HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
    "HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-11-09 249856]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-11 49152]
    "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2006-05-20 188416]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-02-23 185896]
    "SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-05-16 1817600]
    "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2008-01-22 107248]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
    "Autoconfigurateur WiFi Neuf"=C:\Program Files\Neuf\Kit\WiFi\9wifi.exe [2008-03-18 287984]
    "Framework Windows"=C:\WINDOWS\system32\frmwrk32.exe [2009-03-01 30720]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-06 67128]
    "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]
    "Magentic"=C:\PROGRA~1\Magentic\bin\Magentic.exe [2007-07-10 475180]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2008-10-05 235936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM22b287f5]
    C:\WINDOWS\system32\euhxpjbn.dll []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    PowerReg Scheduler.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcDUlii]
    efcDUlii.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{14370F76-7676-44A2-AD11-93A31C5FC9FC}"=C:\WINDOWS\system32\efcDUlii.dll []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    C:\WINDOWS\system32\efcDTKbA

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableRegistryTools"=1
    "DisableTaskMgr"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "legalnoticecaption"=
    "legalnoticetext"=

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoFolderOptions"=1
    "NoSetActiveDesktop"=1
    "NoActiveDesktopChanges"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoSetActiveDesktop"=
    "NoActiveDesktopChanges"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
    "C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
    "C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
    "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:D isabled:Windows Messenger"
    "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
    "C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe"="C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe:*:Enabled:Navigateur Internet"
    "C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:D arkCrusade"
    "C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe"="C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:D isabled:Star Wars Galactic Battlegrounds"
    "C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe"="C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe:*:Enabled:Star Wars Galactic Battlegrounds: Clone Campaigns"
    "C:\Program Files\Atari\Act of War - Direct Action\ActOfWar.exe"="C:\Program Files\Atari\Act of War - Direct Action\ActOfWar.exe:*:Enabled:ActOfWar"
    "C:\Program Files\Atari\Act of War - High Treason\ActOfWar_HighTreason.exe"="C:\Program Files\Atari\Act of War - High Treason\ActOfWar_HighTreason.exe:*:Enabled:ActOfWar_HighTreason"
    "C:\Program Files\EA Games\La Bataille pour la Terre du Milieu(tm)\game.dat"="C:\Program Files\EA Games\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm)"
    "C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Games\Defcon\defcon.exe"="C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Games\Defcon\defcon.exe:*:Enabled:D efcon"
    "C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13520f18-42c6-11dc-a5ad-00c0a8b17038}]
    shell\Auto\command - Start.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2355e239-546c-11db-a886-0015f2e3fb67}]
    shell\AutoRun\command - L:\LaunchEAW.exe


    ======File associations======

    .scr - config - "%1" /S

    ======List of files/folders created in the last 1 months======

    2009-03-02 18:08:31 ----D---- C:\rsit
    2009-03-02 01:03:37 ----D---- C:\Program Files\Crawler
    2009-03-01 19:46:52 ----A---- C:\WINDOWS\system32\frmwrk32.exe
    2009-03-01 19:46:50 ----A---- C:\WINDOWS\system32\303392.exe
    2009-02-27 21:49:54 ----D---- C:\Program Files\FireFly Studios
    2009-02-27 12:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-14 23:24:30 ----A---- C:\WINDOWS\Eye for Design Setup Log.txt
    2009-02-14 01:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

    ======List of files/folders modified in the last 1 months======

    2009-03-02 18:08:19 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Azureus
    2009-03-02 15:25:46 ----D---- C:\WINDOWS\system32
    2009-03-02 15:24:34 ----D---- C:\WINDOWS\TEMP
    2009-03-02 13:38:30 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-02 13:31:25 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-02 01:33:49 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-02 01:32:40 ----D---- C:\Program Files\Spyware Terminator
    2009-03-02 01:32:40 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Spyware Terminator
    2009-03-02 01:11:39 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2009-03-02 01:03:37 ----AD---- C:\Program Files
    2009-03-01 23:37:07 ----D---- C:\Program Files\VirtualDJ
    2009-03-01 23:27:17 ----D---- C:\Program Files\Nanny Mania
    2009-03-01 00:39:12 ----AD---- C:\WINDOWS
    2009-02-28 15:32:42 ----D---- C:\WINDOWS\system32\dllcache
    2009-02-28 15:31:49 ----D---- C:\WINDOWS\Prefetch
    2009-02-28 15:31:48 ----D---- C:\WINDOWS\system32\drivers
    2009-02-28 15:29:37 ----D---- C:\WINDOWS\Minidump
    2009-02-28 11:31:12 ----A---- C:\WINDOWS\LEXSTAT.INI
    2009-02-27 21:49:52 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-02-27 20:16:18 ----D---- C:\Program Files\Azureus
    2009-02-27 12:01:53 ----D---- C:\WINDOWS\inf
    2009-02-27 11:42:21 ----HD---- C:\WINDOWS\$hf_mig$
    2009-02-14 19:09:27 ----D---- C:\Program Files\eMule
    2009-02-14 01:27:47 ----A---- C:\WINDOWS\imsins.BAK
    2009-02-14 01:27:30 ----D---- C:\Program Files\Internet Explorer
    2009-02-14 01:27:21 ----D---- C:\WINDOWS\ie7updates
    2009-02-13 19:12:50 ----D---- C:\Program Files\Messenger Plus! Live
    2009-02-12 05:56:17 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-02-09 13:19:52 ----D---- C:\WINDOWS\system32\FxsTmp

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2003-12-05 28592]
    R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
    R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-05-20 30588]
    R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-07-28 5632]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-03-02 271360]
    R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
    R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-03-02 18048]
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
    R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2006-06-23 31488]
    R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
    R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2006-01-19 10068]
    R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-30 11988]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
    R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2006-02-28 84836]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
    R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2003-12-05 89168]
    S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2006-07-16 23040]
    S3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
    S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
    S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
    S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DCamUSBEMPIA;Dazzle DVC90 Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2004-04-06 100957]
    S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-03-21 223128]
    S3 emAudio;Dazzle DVC90 Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2004-05-05 19584]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2004-04-06 5245]
    S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-05-02 25280]
    S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 607452]
    S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS []
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS []
    S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMPR5.SYS []
    S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRENDIS5.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS []
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS []
    S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 pfsvgae;pfsvgae; \??\C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\pfsvgae.sys []
    S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
    S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2004-04-06 4493]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 STIrUsb;Dongle SigmaTel USB-IrDA; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USB_RNDIS;Inventel Gateway; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
    R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-01-22 65536]
    R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2003-12-05 798772]
    R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-09 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-05-24 311296]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-12-18 73728]
    R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-05-16 606720]
    R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-05-18 126976]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-28 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 RkPavProc;RkPavProc; C:\WINDOWS\system32\drivers\RkPavProc.sys [2007-08-22 14128]
    S3 sthjxjdxrhvb;sthjxjdxrhvb; C:\WINDOWS\system32\drivers\sthjxjdxrhvb.sys [2007-06-05 8576]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-02-27 1119888]

    -----------------EOF-----------------

    -info.txt

    info.txt logfile of random's system information tool 1.05 2009-03-02 18:08:43

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x40c -removeonly
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x40c /cont -removeonly
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x40c -removeonly
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x40c -removeonly
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x40c -removeonly
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x40c -removeonly
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x40c -removeonly
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x40c -removeonly
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x40c -removeonly
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    3Planesoft Screensaver Manager 1.0-->"C:\Program Files\3Planesoft Screensaver Manager\unins000.exe"
    Ad-aware 6 Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
    Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Advanced MP3-WAV Converter version 8.0.0.1-->"C:\Program Files\SoftwareDepo.com\Advanced MP3-WAV Converter\unins000.exe"
    Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
    Amélioration de nos services-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1036
    AOL Desktop Icon-->"C:\Program Files\AOD\aoduninst.exe"
    ArcSoft PhotoStudio 2000-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\ArcSoft\PhotoStudio 2000\Uninst.isu"
    Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
    Azureus-->C:\Program Files\Azureus\Uninstall.exe
    Barcelona Screen Saver-->C:\WINDOWS\INDSOFT\SSAVERS\Barcelona\UNINSTAL.EXE
    Big Island Blends-->"C:\My Games\un_Big Island Blends_31051.exe"
    BitTorrent 4.4.1-->"C:\Program Files\BitTorrent\uninstall.exe"
    BlueSoleil-->MsiExec.exe /X{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}
    Bowling Evolution 1.05-->"C:\Program Files\Bowling Evolution 1.05\uninstall.exe"
    Canon ScanGear Toolbox 3.0-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3\uninst.dll"
    Catz (remove only)-->"C:\Program Files\Ubisoft\Catz\uninstall.exe" 1036
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CD-Rom Institut Barbie(TM) Beauté-->C:\Program Files\Fichiers communs\Vivendi Universal Games\Désinstaller\BeautyUn.exe
    CD-ROM My Scene(TM)-->C:\Program Files\Fichiers communs\Vivendi Universal Games\Uninstall\MySceneUn.exe
    Clouds Screensaver-->MsiExec.exe /X{54971851-57C7-496F-BDE6-B8335A84A245}
    Command & Conquer Alerte Rouge 2-->C:\Westwood\AR2\Uninstll.EXE
    Command & Conquer The First Decade-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
    Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\CToolbar.exe uninst
    Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x040c -removeonly
    Dawn of War - Tyranid Mod v0.4-->"C:\Program Files\THQ\Dawn of War - Dark Crusade\TyranidsUninstall.exe"
    Décompression des fichiers-->C:\UNWISE.EXE C:\INSTALL.LOG
    Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
    Disney Interactive European and Nordic Demo Compatiblity Update-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{d744ca14-14ba-454f-9dec-5feea936dbc9}.sdb"
    Disney Interactive Global Compatibility Update June 2003-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb"
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    Dogz (remove only)-->"C:\Program Files\Ubisoft\Dogz\uninstall.exe" 1036
    DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
    DVDFab HD Decrypter 3.1.5.0-->"C:\Program Files\DVDFab HD Decrypter 3\unins000.exe"
    EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
    Ecran de Veille - Mers du Sud-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10667692-82F1-4744-8AD6-7309DD46382E}\Setup.exe" -uninst
    ElectriCalm 3D Screensaver 2.52-->"C:\Program Files\ElectriCalm 3D Screensaver\unins000.exe"
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
    Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
    Free Christmas Holidays ScreenSaver v1.0 (remove only)-->C:\Program Files\Christmas Holidays ScreenSaver\uninstall.exe
    Free Mp3 Wma Converter V 1.4.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
    GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
    Google Earth-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
    GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
    High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Appareils photos Photosmart 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
    HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
    HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
    HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
    HP DVD Play 1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
    HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
    HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
    HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
    HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    IncrediMail Xe-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
    iTunes-->MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
    J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
    Jane's Hotel Deluxe-->C:\Program Files\Jane's Hotel Deluxe\Uninstal.exe
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    LEGO Star Wars II-->C:\Program Files\InstallShield Installation Information\{4E074808-1B86-4230-A9EB-0904942EC4AE}\setup.exe -runfromtemp -l0x040c
    LEGO Star Wars-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{E914A24F-2412-4374-B420-86D21D6D444A}
    Les Sims 2 : Nuits de Folie-->C:\Program Files\EA GAMES\Les Sims 2 Nuits de Folie\EAUninstall.exe
    Les Sims 2 : La bonne affaire-->C:\Program Files\EA GAMES\Les Sims 2  La bonne affaire\EAUninstall.exe
    Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
    Les Sims™ 2 Animaux & Cie-->C:\Program Files\EA GAMES\Les Sims 2 Animaux & Cie\EAUninstall.exe
    Les Sims™ 2 Kit Glamour-->C:\Program Files\EA GAMES\Les Sims 2 Kit Glamour\EAUninstall.exe
    L'essentiel de la Pâtisserie 1.0-->"c:\Patisserie\setup\uninst.exe"
    Lexmark 640 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXDAUN5C.EXE -dLexmark 640 Series
    Livre Album Fuji Photo-->"C:\Program Files\Livre Album Fuji Photo\unins000.exe"
    Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
    Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
    Magentic-->C:\PROGRA~1\Magentic\bin\mgsetup.exe /remove /addon:Magentic
    Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
    Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Les Océans Version 1.0-->E:\Data\00Setup\App\Uninstal.exe
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{9084040C-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
    Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
    Microsoft Zoo Tycoon-->"C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB9
    m
    0
    l
    Contenus similaires
    a c 275 8 Sécurité
    2 Mars 2009 18:32:48

  • Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) sur ton Bureau.

  • Double-clique sur SmitfraudFix.exe pour le lancer.

  • Choisis l'option 1 puis Entrée.

  • Un rapport sera généré, poste-le dans ta prochaine réponse.

    /!\ process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus./!\

    ** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix.
    m
    0
    l
    2 Mars 2009 18:40:27

    Voilà le rapport :

    SmitFraudFix v2.398

    Rapport fait à 18:39:36.65, 2009-03-02
    Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\WINDOWS\system32\frmwrk32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Crawler\CToolbar.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\Tasks\At?.job PRESENT !
    C:\WINDOWS\Tasks\At??.job PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris


    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\Google\googletoolbar1.dll PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!




    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "system"=""


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Wireless LAN PCI 802.11 b/g adapter WN5301A - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{DF8255F1-D454-4DAC-B713-ECD2DF2BC44B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{DF8255F1-D454-4DAC-B713-ECD2DF2BC44B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{DF8255F1-D454-4DAC-B713-ECD2DF2BC44B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{DF8255F1-D454-4DAC-B713-ECD2DF2BC44B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{FD25A773-C7CD-4CD6-8488-15BE681E34CB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    m
    0
    l
    a c 275 8 Sécurité
    2 Mars 2009 18:54:06

  • Redémarre l'ordinateur en mode sans échec (au démarrage de l'ordinateur, tapote F8).
  • Double-clique sur SmitfraudFix.exe
  • Sélectionne 2 et presse Entrée dans le menu pour supprimer les fichiers responsables de l'infection.
  • A la question : Voulez-vous nettoyer le registre ? réponds O (oui) et presse Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection.
  • Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage. Le rapport se trouve à la racine du disque système C:\rapport.txt
  • Copie-colle le rapport dans ton prochain message.
    m
    0
    l
    2 Mars 2009 19:34:24

    Voilà le rapport :

    SmitFraudFix v2.398

    Rapport fait à 19:15:46,60, 02/03/2009
    Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Mes documents\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\Tasks\At?.job supprimé
    C:\Program Files\Google\googletoolbar1.dll supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» RK


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{DF8255F1-D454-4DAC-B713-ECD2DF2BC44B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{DF8255F1-D454-4DAC-B713-ECD2DF2BC44B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{DF8255F1-D454-4DAC-B713-ECD2DF2BC44B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{DF8255F1-D454-4DAC-B713-ECD2DF2BC44B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{FD25A773-C7CD-4CD6-8488-15BE681E34CB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "system"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin


    Et le fond d'écran est toujours bloqué :( 
    m
    0
    l
    a c 275 8 Sécurité
    2 Mars 2009 19:54:14

  • Supprime SmitfraudFix.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    m
    0
    l
    2 Mars 2009 20:35:57

    Voilà le rapport :

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1814
    Windows 5.1.2600 Service Pack 3

    2009-03-02 20:34:43
    mbam-log-2009-03-02 (20-34-43).txt

    Type de recherche: Examen rapide
    Eléments examinés: 76872
    Temps écoulé: 5 minute(s), 34 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 27
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 8
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 17

    Processus mémoire infecté(s):
    C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e88995dc-cb69-4460-b14e-71f2b44d1998} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d651aff4-9590-424d-bd1e-8e33e090dfb3} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd3447d4-ca39-4377-8084-30e86331d74c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{57e218e6-5a80-4f0c-ab25-83598f25d7e9} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b572f27e-e372-4c72-b3fb-11f376e21785} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e2ee5c44-c66d-499d-beae-a2a79189a63a} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5adf3862-9e2e-4ad3-86f7-4510e6550cd0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e12bff69-38a7-406e-a8ef-2738107a7831} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\drivers\cbfdbe53.sys (Rootkit.Rustock) -> Delete on reboot.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM22b287f5.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM22b287f5.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\senekaksnkdmvd.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\senekarqoieccw.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\senekarvakxyqm.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\senekaswuigfto.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\senekatgkixrob.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\senekaehexhijd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    m
    0
    l
    a c 275 8 Sécurité
    2 Mars 2009 20:37:50

  • Redémarre ton PC comme demandé.
  • Refais un examen rapide avec MBAM et poste le rapport.
  • Refais un scan RSIT et poste le rapport log.
    m
    0
    l
    2 Mars 2009 20:46:02

    J'ai redémarré le PC, le fond d'écran est revenu.

    Je fais les scans.
    m
    0
    l
    2 Mars 2009 20:55:05

    Voilà le rapport MBAM :

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1814
    Windows 5.1.2600 Service Pack 3

    2009-03-02 20:53:05
    mbam-log-2009-03-02 (20-53-05).txt

    Type de recherche: Examen rapide
    Eléments examinés: 76755
    Temps écoulé: 7 minute(s), 26 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)


    Et le scan RSIT :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by HP_Propriétaire at 2009-03-02 20:54:28
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 86 GB (46%) free of 185 GB
    Total RAM: 958 MB (30% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:54:34, on 2009-03-02
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Crawler\CToolbar.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\HP_Propriétaire\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\HP_Propriétaire.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
    O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~1\Crawler\ctbr.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
    O8 - Extra context menu item: crawler search - tbr:iemenu
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7d368dd65cb3489abda204c8e2839ac8
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7d368dd65cb3489abda204c8e2839ac8
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
    O20 - Winlogon Notify: efcDUlii - efcDUlii.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 13977 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1cb20bf0-bbae-40a7-93f4-6435ff3d0411}]
    C:\PROGRA~1\Crawler\ctbr.dll [2009-02-27 1196544]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-09 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-12-07 399424]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
    {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Barre d'outils &Crawler - C:\PROGRA~1\Crawler\ctbr.dll [2009-02-27 1196544]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "USBToolTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2004-04-23 192512]
    "USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2004-04-06 61440]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-09 136600]
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]
    "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]
    "PCLEPCI"=C:\PROGRA~1\Pinnacle\PPE\PPE.EXE [2004-02-03 49152]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
    "HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
    "HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-11-09 249856]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-11 49152]
    "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2006-05-20 188416]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-02-23 185896]
    "SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-05-16 1817600]
    "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2008-01-22 107248]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
    "Autoconfigurateur WiFi Neuf"=C:\Program Files\Neuf\Kit\WiFi\9wifi.exe [2008-03-18 287984]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-06 67128]
    "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]
    "Magentic"=C:\PROGRA~1\Magentic\bin\Magentic.exe [2007-07-10 475180]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM22b287f5]
    C:\WINDOWS\system32\euhxpjbn.dll []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    PowerReg Scheduler.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcDUlii]
    efcDUlii.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    C:\WINDOWS\system32\efcDTKbA

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "legalnoticecaption"=
    "legalnoticetext"=

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoFolderOptions"=0
    "NoSetActiveDesktop"=0
    "NoActiveDesktopChanges"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoSetActiveDesktop"=
    "NoActiveDesktopChanges"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
    "C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
    "C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
    "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:D isabled:Windows Messenger"
    "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
    "C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe"="C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe:*:Enabled:Navigateur Internet"
    "C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:D arkCrusade"
    "C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe"="C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:D isabled:Star Wars Galactic Battlegrounds"
    "C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe"="C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe:*:Enabled:Star Wars Galactic Battlegrounds: Clone Campaigns"
    "C:\Program Files\Atari\Act of War - Direct Action\ActOfWar.exe"="C:\Program Files\Atari\Act of War - Direct Action\ActOfWar.exe:*:Enabled:ActOfWar"
    "C:\Program Files\Atari\Act of War - High Treason\ActOfWar_HighTreason.exe"="C:\Program Files\Atari\Act of War - High Treason\ActOfWar_HighTreason.exe:*:Enabled:ActOfWar_HighTreason"
    "C:\Program Files\EA Games\La Bataille pour la Terre du Milieu(tm)\game.dat"="C:\Program Files\EA Games\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm)"
    "C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Games\Defcon\defcon.exe"="C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Games\Defcon\defcon.exe:*:Enabled:D efcon"
    "C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13520f18-42c6-11dc-a5ad-00c0a8b17038}]
    shell\Auto\command - Start.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2355e239-546c-11db-a886-0015f2e3fb67}]
    shell\AutoRun\command - L:\LaunchEAW.exe


    ======File associations======

    .scr - config - "%1" /S

    ======List of files/folders created in the last 1 months======

    2009-03-02 19:59:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-02 18:59:15 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-03-02 18:39:36 ----A---- C:\rapport.txt
    2009-03-02 18:39:22 ----A---- C:\WINDOWS\system32\swxcacls.exe
    2009-03-02 18:39:22 ----A---- C:\WINDOWS\system32\swsc.exe
    2009-03-02 18:39:22 ----A---- C:\WINDOWS\system32\swreg.exe
    2009-03-02 18:39:22 ----A---- C:\WINDOWS\system32\Process.exe
    2009-03-02 18:39:22 ----A---- C:\WINDOWS\system32\o4Patch.exe
    2009-03-02 18:39:22 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
    2009-03-02 18:39:22 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
    2009-03-02 18:08:31 ----D---- C:\rsit
    2009-03-02 01:03:37 ----D---- C:\Program Files\Crawler
    2009-02-27 21:49:54 ----D---- C:\Program Files\FireFly Studios
    2009-02-27 12:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-14 23:24:30 ----A---- C:\WINDOWS\Eye for Design Setup Log.txt
    2009-02-14 01:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

    ======List of files/folders modified in the last 1 months======

    2009-03-02 20:48:40 ----D---- C:\WINDOWS\system32
    2009-03-02 20:48:28 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-02 20:42:56 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-02 20:41:34 ----D---- C:\WINDOWS\TEMP
    2009-03-02 20:38:49 ----D---- C:\WINDOWS\system32\drivers
    2009-03-02 20:38:05 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-02 20:34:43 ----AD---- C:\WINDOWS
    2009-03-02 19:59:24 ----AD---- C:\Program Files
    2009-03-02 19:26:52 ----SHD---- C:\RECYCLER
    2009-03-02 19:16:13 ----D---- C:\Program Files\Google
    2009-03-02 19:16:11 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-03-02 19:16:10 ----D---- C:\WINDOWS\Tasks
    2009-03-02 18:56:33 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Azureus
    2009-03-02 01:32:40 ----D---- C:\Program Files\Spyware Terminator
    2009-03-02 01:32:40 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Spyware Terminator
    2009-03-02 01:11:39 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2009-03-01 23:37:07 ----D---- C:\Program Files\VirtualDJ
    2009-03-01 23:27:17 ----D---- C:\Program Files\Nanny Mania
    2009-02-28 15:32:42 ----D---- C:\WINDOWS\system32\dllcache
    2009-02-28 15:31:49 ----D---- C:\WINDOWS\Prefetch
    2009-02-28 15:29:37 ----D---- C:\WINDOWS\Minidump
    2009-02-28 11:31:12 ----A---- C:\WINDOWS\LEXSTAT.INI
    2009-02-27 21:49:52 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-02-27 20:16:18 ----D---- C:\Program Files\Azureus
    2009-02-27 12:01:53 ----D---- C:\WINDOWS\inf
    2009-02-27 11:42:21 ----HD---- C:\WINDOWS\$hf_mig$
    2009-02-14 19:09:27 ----D---- C:\Program Files\eMule
    2009-02-14 01:27:47 ----A---- C:\WINDOWS\imsins.BAK
    2009-02-14 01:27:30 ----D---- C:\Program Files\Internet Explorer
    2009-02-14 01:27:21 ----D---- C:\WINDOWS\ie7updates
    2009-02-13 19:12:50 ----D---- C:\Program Files\Messenger Plus! Live
    2009-02-12 05:56:17 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-02-09 13:19:52 ----D---- C:\WINDOWS\system32\FxsTmp

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2003-12-05 28592]
    R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
    R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-05-20 30588]
    R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-07-28 5632]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-03-02 271360]
    R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
    R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-03-02 18048]
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
    R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2006-06-23 31488]
    R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
    R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2006-01-19 10068]
    R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-30 11988]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
    R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2006-02-28 84836]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
    R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2003-12-05 89168]
    S1 cbfdbe53;cbfdbe53; C:\WINDOWS\System32\drivers\cbfdbe53.sys []
    S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekaehexhijd.sys []
    S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2006-07-16 23040]
    S3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
    S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
    S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
    S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DCamUSBEMPIA;Dazzle DVC90 Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2004-04-06 100957]
    S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-03-21 223128]
    S3 emAudio;Dazzle DVC90 Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2004-05-05 19584]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2004-04-06 5245]
    S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-05-02 25280]
    S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 607452]
    S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS []
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS []
    S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMPR5.SYS []
    S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRENDIS5.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS []
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS []
    S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 pfsvgae;pfsvgae; \??\C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\pfsvgae.sys []
    S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
    S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2004-04-06 4493]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 STIrUsb;Dongle SigmaTel USB-IrDA; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USB_RNDIS;Inventel Gateway; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
    R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-01-22 65536]
    R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2003-12-05 798772]
    R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-09 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-05-24 311296]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-12-18 73728]
    R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-05-16 606720]
    R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-05-18 126976]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-28 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 RkPavProc;RkPavProc; C:\WINDOWS\system32\drivers\RkPavProc.sys [2007-08-22 14128]
    S3 sthjxjdxrhvb;sthjxjdxrhvb; C:\WINDOWS\system32\drivers\sthjxjdxrhvb.sys [2007-06-05 8576]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-02-27 1119888]

    -----------------EOF-----------------
    m
    0
    l
    a c 275 8 Sécurité
    2 Mars 2009 21:03:07

    1/

  • Cherche ce fichier : C:\Program Files\Trend Micro\HijackThis\HP_Propriétaire.exe
  • Double-clique sur ce fichier.
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll

    O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~1\Crawler\ctbr.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)

    O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll

    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll

    O20 - Winlogon Notify: efcDUlii - efcDUlii.dll (file missing)

    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\

    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.


    2/

  • Fais analyser ce fichier : C:\WINDOWS\system32\drivers\sthjxjdxrhvb.sys

  • Sur VirusTotal et poste le lien de l'analyse.
    m
    0
    l
    2 Mars 2009 21:15:03

    Voilà le lien de l'analyse :

    analisis/82499b8799dc34a16b0a18c305bfc1ff
    m
    0
    l
    2 Mars 2009 21:23:05

    Désolé ; là ça devrait être bon :

    analisis/007da5e2c7fbf51b94c6b830dea1d43a
    m
    0
    l
    2 Mars 2009 21:23:22

    Ah ok, merci :) 
    m
    0
    l
    a c 275 8 Sécurité
    2 Mars 2009 21:23:47

  • Désinstalle Crawler Toolbar with Web Security Guard.

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    seneka
    pfsvgae

    :files
    C:\PROGRA~1\Crawler
    C:\WINDOWS\system32\swxcacls.exe
    C:\WINDOWS\system32\swsc.exe
    C:\WINDOWS\system32\swreg.exe
    C:\WINDOWS\system32\Process.exe
    C:\WINDOWS\system32\o4Patch.exe
    C:\WINDOWS\system32\IEDFix.C.exe
    C:\WINDOWS\system32\Agent.OMZ.Fix.exe

    :reg
    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\lsa]
    "Authentication Packages"= hex(7):6d,73,76,31,5f,30,00,00
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13520f18-42c6-11dc-a5ad-00c0a8b17038}]

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    m
    0
    l
    2 Mars 2009 21:56:58

    Voilà le rapport :

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    Unable to stop service seneka .
    Service pfsvgae stopped successfully.
    Service pfsvgae deleted successfully.
    ========== FILES ==========
    File/Folder C:\PROGRA~1\Crawler not found.
    C:\WINDOWS\system32\swxcacls.exe moved successfully.
    C:\WINDOWS\system32\swsc.exe moved successfully.
    C:\WINDOWS\system32\swreg.exe moved successfully.
    C:\WINDOWS\system32\Process.exe moved successfully.
    C:\WINDOWS\system32\o4Patch.exe moved successfully.
    C:\WINDOWS\system32\IEDFix.C.exe moved successfully.
    C:\WINDOWS\system32\Agent.OMZ.Fix.exe moved successfully.
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\lsa\\"Authentication Packages"| hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13520f18-42c6-11dc-a5ad-00c0a8b17038}\\ deleted successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\etilqs_gPplzG3N8CQAhO0VzIzg scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\Perflib_Perfdata_c00.dat scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_hphtra07.log scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFCE8.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFD03.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFFBAA.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFFBBF.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_144.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03022009_214501

    Files moved on Reboot...
    File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\etilqs_gPplzG3N8CQAhO0VzIzg not found!
    C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
    File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\Perflib_Perfdata_c00.dat not found!
    C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_hphtra07.log moved successfully.
    File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFCE8.tmp not found!
    File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFD03.tmp not found!
    File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFFBAA.tmp not found!
    File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFFBBF.tmp not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_144.dat not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat not found!
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\urlclassifier3.sqlite moved successfully.
    m
    0
    l
    a c 275 8 Sécurité
    2 Mars 2009 22:06:41

    Il reste des traces du rootkit seneka, je préfère que tu fasses ce qui suit :

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    m
    0
    l
    3 Mars 2009 11:21:59

    Bonjour,

    Voilà le rapport de Combofix :

    ComboFix 09-03-02.01 - HP_Propriétaire 2009-03-03 11:03:06.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.958.366 [GMT 1:00]
    Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
    AV: avast! antivirus 4.8.1296 [VPS 090302-0] *On-access scanning disabled* (Updated)
    AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated)
    FW: Norton Internet Security 2006 *enabled*
    FW: Norton Internet Worm Protection *disabled*
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Downloaded Program Files\UbiSoft
    c:\windows\Downloaded Program Files\UbiSoft\DSETUP.DLL
    c:\windows\Downloaded Program Files\UbiSoft\DSETUP16.DLL
    c:\windows\Downloaded Program Files\UbiSoft\DSETUP32.DLL
    c:\windows\Downloaded Program Files\UbiSoft\SETUPUBI.exe
    c:\windows\Downloaded Program Files\UbiSoft\strings.fra
    c:\windows\Downloaded Program Files\UbiSoft\ubi.bak
    c:\windows\Downloaded Program Files\UbiSoft\ubi.ini
    c:\windows\system32\AbKTDcfe.ini
    c:\windows\system32\AbKTDcfe.ini2
    c:\windows\system32\ayptqcgb.ini
    c:\windows\system32\bfnitmba.ini
    c:\windows\system32\bpriconf.ini
    c:\windows\system32\dshlesmg.ini
    c:\windows\system32\dumphive.exe
    c:\windows\system32\duvmgxdt.ini
    c:\windows\system32\dvraeblw.ini
    c:\windows\system32\eoeswwtm.ini
    c:\windows\system32\fcequxxc.ini
    c:\windows\system32\fooblmlf.ini
    c:\windows\system32\gfxdjkva.ini
    c:\windows\system32\godtonji.ini
    c:\windows\system32\hsufhakm.ini
    c:\windows\system32\hwhembcs.ini
    c:\windows\system32\hylmcgaw.ini
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\ihnpplix.ini
    c:\windows\system32\imrxorxt.ini
    c:\windows\system32\jmllm.ini
    c:\windows\system32\kqndbvwr.ini
    c:\windows\system32\myhbndcb.ini
    c:\windows\system32\oiqxlcxi.ini
    c:\windows\system32\pdgvpbjm.ini
    c:\windows\system32\potrjqat.ini
    c:\windows\system32\qalvlhmu.ini
    c:\windows\system32\qsafcsde.ini
    c:\windows\system32\rqvuteyc.ini
    c:\windows\system32\rrgdfffr.ini
    c:\windows\system32\ryvdtoae.ini
    c:\windows\system32\sknxnqyb.ini
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\tyjvnsbx.ini
    c:\windows\system32\uniq.tll
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    c:\windows\system32\wtxvuhgq.ini
    c:\windows\system32\xtegswdt.ini
    c:\windows\system32\yqghtiqu.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_seneka


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-02 21:45 . 2009-03-02 21:45 <REP> d-------- C:\_OTMoveIt
    2009-03-02 19:59 . 2009-03-02 19:59 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-02 19:59 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-02 19:59 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-02 18:08 . 2009-03-02 18:08 <REP> d-------- C:\rsit
    2009-03-01 00:39 . 2009-03-01 00:39 54,156 --ah----- c:\windows\QTFont.qfn
    2009-03-01 00:39 . 2009-03-01 00:39 1,409 --a------ c:\windows\QTFont.for
    2009-02-28 15:31 . 2009-02-28 15:31 2 --a------ C:\562148550
    2009-02-27 21:49 . 2009-02-27 21:49 <REP> d-------- c:\program files\FireFly Studios

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-03 09:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
    2009-03-02 23:45 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Azureus
    2009-03-02 18:16 --------- d-----w c:\program files\Google
    2009-03-02 00:32 --------- d-----w c:\program files\Spyware Terminator
    2009-03-02 00:32 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Spyware Terminator
    2009-03-01 22:37 --------- d-----w c:\program files\VirtualDJ
    2009-03-01 22:27 --------- d-----w c:\program files\Nanny Mania
    2009-02-27 20:49 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-27 19:16 --------- d-----w c:\program files\Azureus
    2009-02-14 18:09 --------- d-----w c:\program files\eMule
    2009-02-13 18:12 --------- d-----w c:\program files\Messenger Plus! Live
    2009-02-09 12:19 922 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
    2008-08-09 12:36 1,266 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\filterclsid.dat
    2008-02-24 09:42 774,144 ----a-w c:\program files\RngInterstitial.dll
    2006-11-04 15:35 517 ----a-w c:\program files\Fichiers communs\ryjy
    2006-08-27 15:38 1,015,973 -csha-r c:\program files\serial.tde
    2006-06-08 20:52 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
    2002-07-26 16:02 153,088 ----a-w c:\program files\UNWISE.EXE
    2006-06-08 20:41 22 -csha-w c:\windows\SMINST\HPCD.sys
    2007-09-16 16:55 80 --sh--r c:\windows\system32\36F4CE11AB.dll
    2007-12-05 20:19 8 --sh--r c:\windows\system32\E826B3EA8E.dll
    2008-08-15 18:53 9,392 --sha-w c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-06 67128]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
    "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2007-07-10 475180]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
    "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-06 61440]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
    "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
    "PCLEPCI"="c:\progra~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 49152]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-11 49152]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-05-20 188416]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-23 185896]
    "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-16 1817600]
    "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2008-01-22 107248]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
    "Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2008-03-18 287984]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 68856]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-02-27 27136]

    c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
    Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-15 344064]
    PowerReg Scheduler.exe [2007-05-07 256000]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-06 67128]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg21.dll
    "VIDC.PIM1"= pclepim1.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0stera

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\WINDOWS\\system32\\svchost.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
    "c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
    "c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
    "c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
    "c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
    "c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\battlegrounds_x1.exe"=
    "c:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-29 111184]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-04-30 141312]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-29 20560]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-02-27 468768]
    S1 cbfdbe53;cbfdbe53;c:\windows\system32\drivers\cbfdbe53.sys --> c:\windows\system32\drivers\cbfdbe53.sys [?]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2355e239-546c-11db-a886-0015f2e3fb67}]
    \Shell\AutoRun\command - L:\LaunchEAW.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-02 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
    MSConfigStartUp-BM22b287f5 - c:\windows\system32\euhxpjbn.dll


    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uStart Page = hxxp://orange.fr/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: &Traduire à partir de l'anglais - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
    IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
    IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7d368dd65cb3489abda204c8e2839ac8
    IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7d368dd65cb3489abda204c8e2839ac8
    IE: Pages liées - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    IE: Pages similaires - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    IE: Recherche &Google - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    IE: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar2.dll/cmcache.html
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.fr/
    FF - prefs.js: keyword.URL - hxxp://rws.search.ke.voila.fr/RW/A/O_toolbar31?errorigin=noturl&kw={searchTerms}
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npMdm.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
    FF - plugin: c:\program files\Panda Security\TotalScan\npwrapper.dll
    FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-03 11:12:28
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-3321681907-2501340605-2720634903-1008\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-3321681907-2501340605-2720634903-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Jeux stratégie\Westwood\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *L*e*s* *g*u*e*r*r*e*s* *d*u* *T*i*b*e*r*i*u*m*"!\Assistance]
    "Order"=hex:08,00,00,00,02,00,00,00,ce,02,00,00,01,00,00,00,04,00,00,00,92,00,
    00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\

    [HKEY_USERS\S-1-5-21-3321681907-2501340605-2720634903-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:D 6,fb,9c,ce,36,27,20,14,a9,ab,ac,07,71,5d,b4,9b,a0,62,d8,2e,05,2c,a0,
    16,84,d3,33,a6,f2,27,8e,2b,a6,ee,06,fa,44,93,3c,33,5f,6b,ec,f5,29,2f,66,c1,\
    "??"=hex:f4,17,fc,52,6e,37,33,25,cc,d1,83,1e,65,b5,08,38

    [HKEY_USERS\S-1-5-21-3321681907-2501340605-2720634903-1008\Software\SecuROM\License information*]
    "datasecu"=hex:f2,af,c7,bc,79,e0,a7,2e,89,96,29,6d,e2,7b,a2,32,3c,b8,bf,d5,77,
    d6,17,cd,fa,e9,c6,87,ca,d4,56,cd,65,85,b5,5f,4f,14,9e,dc,9f,dd,b5,4b,74,3f,\
    "rkeysecu"=hex:41,a9,66,05,93,d5,bf,9e,1a,8d,f0,46,b4,4b,56,73

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,22,76,3d,c4,9d,
    a9,fb,1a,e2,63,26,f1,3f,c8,ff,68,b4,74,cf,fe,8a,03,98,c7,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,97,8b,cb,d0,10,
    c2,41,21,6a,9c,d6,61,af,45,84,18,20,de,b5,1a,93,22,45,ac,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,0b,51,98,4c,1a,
    a2,63,fe,ff,7c,85,e0,43,d4,0e,fe,a5,c4,e5,31,b6,b4,bc,ff,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,3d,70,9d,ee,ab,
    6e,a8,db,86,8c,21,01,be,91,eb,e7,6c,e8,64,98,cc,69,bd,6e,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,59,a1,2b,01,54,
    58,72,67,f5,1d,4d,73,a8,13,5c,05,b7,8c,42,f6,fd,d3,ad,de,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,17,42,8c,bb,43,
    fa,f3,05,df,20,58,62,78,6b,cf,c8,58,b3,20,b4,5b,20,c5,83,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,cd,58,79,34,a9,
    bd,91,1f,fb,a7,78,e6,12,2f,9a,ea,a5,69,02,7f,fd,cb,45,89,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,9a,f3,48,60,4e,
    af,19,ae,01,3a,48,fc,e8,04,4a,f1,1d,2e,0f,42,d7,41,db,87,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,df,05,b9,2e,84,
    c2,22,f3,f6,0f,4e,58,98,5b,89,c9,33,c5,74,57,c1,36,38,94,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4e,a1,af,7d,09,
    2f,88,78,3d,ce,ea,26,2d,45,aa,78,be,18,de,cd,e8,71,c4,b7,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,92,c4,9b,a7,4c,
    ee,3e,a6,2a,b7,cc,b5,b9,7f,41,e7,d4,06,83,a3,28,f4,cc,9a,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ac,33,3c,97,cf,
    81,8e,ef,6c,43,2d,1e,aa,22,2f,9c,01,1e,7f,c1,33,cd,7f,21,6c,43,2d,1e,aa,22,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1088)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\program files\Ahead\InCD\incdsrv.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\program files\Spyware Terminator\sp_rsser.exe
    c:\windows\system32\UAService7.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\progra~1\Magentic\bin\MgApp.exe
    c:\program files\IncrediMail\bin\IMApp.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-03 11:19:11 - La machine a redémarré [HP_Propriétaire]
    ComboFix-quarantined-files.txt 2009-03-03 10:19:07

    Avant-CF: 90 087 464 960 octets libres
    Après-CF: 90,079,735,808 octets libres

    358 --- E O F --- 2009-02-27 11:01:53
    m
    0
    l
    a c 275 8 Sécurité
    3 Mars 2009 12:09:17

    Je ne pensais pas qu'il allait trouver une trentaine de fichiers Vundo...

    Peux-tu faire analyser le fichier suivant sur VirusTotal : c:\windows\system32\drivers\cbfdbe53.sys ?
    m
    0
    l
    3 Mars 2009 12:21:08

    Elles sont bien cachées ces petites bêtes...

    Et ce fichier : cbfdbe53.sys ne se trouve pas dans système32/drivers.

    J'ai celui là qui y ressemble : cbidf2k.sys

    Mais je n'ai pas de fichier commençant par un "c" et terminant par "53" (les fichiers sont classés par ordre alphabétique).
    m
    0
    l
    a c 275 8 Sécurité
    3 Mars 2009 12:29:33

    Ok.

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Désinstalle les programmes suivants :
    - J2SE Runtime Environment 5.0 Update 10
    - J2SE Runtime Environment 5.0 Update 11
    - J2SE Runtime Environment 5.0 Update 5
    - J2SE Runtime Environment 5.0 Update 6
    - J2SE Runtime Environment 5.0 Update 9
    - Java 6 Update 11
    - Java 6 Update 2
    - Java 6 Update 3
    - Java 6 Update 4
    - Java 6 Update 5
    - Java 6 Update 7
    - Java SE Runtime Environment 6 Update 1

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Refais un scan RSIT et poste le rapport log.
    m
    0
    l
    3 Mars 2009 13:05:46

    Voilà le rapport RSIT :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by HP_Propriétaire at 2009-03-03 13:05:06
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 84 GB (45%) free of 185 GB
    Total RAM: 958 MB (31% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:05:14, on 03/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Documents and Settings\HP_Propriétaire\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\HP_Propriétaire.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7d368dd65cb3489abda204c8e2839ac8
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7d368dd65cb3489abda204c8e2839ac8
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 13605 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-03 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-03 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-12-07 399424]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "USBToolTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2004-04-23 192512]
    "USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2004-04-06 61440]
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]
    "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]
    "PCLEPCI"=C:\PROGRA~1\Pinnacle\PPE\PPE.EXE [2004-02-03 49152]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
    "HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
    "HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-11-09 249856]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-11 49152]
    "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2006-05-20 188416]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-02-23 185896]
    "SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-05-16 1817600]
    "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2008-01-22 107248]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
    "Autoconfigurateur WiFi Neuf"=C:\Program Files\Neuf\Kit\WiFi\9wifi.exe [2008-03-18 287984]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-03 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-06 67128]
    "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]
    "Magentic"=C:\PROGRA~1\Magentic\bin\Magentic.exe [2007-07-10 475180]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    PowerReg Scheduler.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "legalnoticecaption"=
    "legalnoticetext"=

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
    "C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
    "C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
    "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:D isabled:Windows Messenger"
    "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
    "C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:D arkCrusade"
    "C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe"="C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:D isabled:Star Wars Galactic Battlegrounds"
    "C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe"="C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe:*:Enabled:Star Wars Galactic Battlegrounds: Clone Campaigns"
    "C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2355e239-546c-11db-a886-0015f2e3fb67}]
    shell\AutoRun\command - L:\LaunchEAW.exe


    ======File associations======

    .scr - config - "%1" /S

    ======List of files/folders created in the last 1 months======

    2009-03-03 12:55:05 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-03-03 12:55:05 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-03-03 12:55:05 ----A---- C:\WINDOWS\system32\java.exe
    2009-03-03 12:33:43 ----A---- C:\Start_.cmd
    2009-03-03 12:33:42 ----A---- C:\WINDOWS\system32\CF23877.exe
    2009-03-03 12:33:15 ----A---- C:\Bug.txt
    2009-03-03 12:33:13 ----A---- C:\WINDOWS\system32\cmd.execf
    2009-03-03 12:32:58 ----D---- C:\32788R22FWJFW
    2009-03-03 11:23:41 ----SHD---- C:\RECYCLER
    2009-03-03 11:19:12 ----A---- C:\ComboFix.txt
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\zip.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\VFIND.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\SWSC.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\SWREG.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\sed.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\grep.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\fdsv.exe
    2009-03-02 22:11:22 ----D---- C:\Qoobox
    2009-03-02 21:45:01 ----D---- C:\_OTMoveIt
    2009-03-02 19:59:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-02 18:59:15 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-03-02 18:39:36 ----A---- C:\rapport.txt
    2009-03-02 18:08:31 ----D---- C:\rsit
    2009-02-27 21:49:54 ----D---- C:\Program Files\FireFly Studios
    2009-02-27 12:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-14 23:24:30 ----A---- C:\WINDOWS\Eye for Design Setup Log.txt
    2009-02-14 01:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

    ======List of files/folders modified in the last 1 months======

    2009-03-03 13:04:55 ----SHD---- C:\WINDOWS\Installer
    2009-03-03 13:04:23 ----HD---- C:\Config.Msi
    2009-03-03 13:04:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-03-03 13:01:36 ----D---- C:\Program Files\Fichiers communs\Adobe
    2009-03-03 13:01:00 ----D---- C:\Program Files\Adobe
    2009-03-03 12:59:11 ----D---- C:\WINDOWS\system32
    2009-03-03 12:54:51 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-03-03 12:54:49 ----D---- C:\Program Files\Java
    2009-03-03 12:41:07 ----D---- C:\WINDOWS\TEMP
    2009-03-03 12:40:46 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Azureus
    2009-03-03 11:19:41 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-03 11:19:20 ----D---- C:\WINDOWS\system32\drivers
    2009-03-03 11:19:17 ----AD---- C:\WINDOWS
    2009-03-03 11:17:49 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-03 11:13:02 ----A---- C:\WINDOWS\system.ini
    2009-03-03 11:09:53 ----D---- C:\WINDOWS\system32\config
    2009-03-03 11:09:02 ----D---- C:\WINDOWS\erdnt
    2009-03-03 11:07:34 ----D---- C:\WINDOWS\Downloaded Program Files
    2009-03-03 11:06:25 ----D---- C:\WINDOWS\AppPatch
    2009-03-03 11:06:16 ----D---- C:\Program Files\Fichiers communs
    2009-03-03 11:02:40 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-03 10:50:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2009-03-02 21:33:47 ----AD---- C:\Program Files
    2009-03-02 19:16:13 ----D---- C:\Program Files\Google
    2009-03-02 19:16:11 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-03-02 19:16:10 ----D---- C:\WINDOWS\Tasks
    2009-03-02 01:32:40 ----D---- C:\Program Files\Spyware Terminator
    2009-03-02 01:32:40 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Spyware Terminator
    2009-03-01 23:37:07 ----D---- C:\Program Files\VirtualDJ
    2009-03-01 23:27:17 ----D---- C:\Program Files\Nanny Mania
    2009-02-28 15:32:42 ----D---- C:\WINDOWS\system32\dllcache
    2009-02-28 15:31:49 ----D---- C:\WINDOWS\Prefetch
    2009-02-28 15:29:37 ----D---- C:\WINDOWS\Minidump
    2009-02-28 11:31:12 ----A---- C:\WINDOWS\LEXSTAT.INI
    2009-02-27 21:49:52 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-02-27 20:16:18 ----D---- C:\Program Files\Azureus
    2009-02-27 12:01:53 ----D---- C:\WINDOWS\inf
    2009-02-27 11:42:21 ----HD---- C:\WINDOWS\$hf_mig$
    2009-02-14 19:09:27 ----D---- C:\Program Files\eMule
    2009-02-14 01:27:47 ----A---- C:\WINDOWS\imsins.BAK
    2009-02-14 01:27:30 ----D---- C:\Program Files\Internet Explorer
    2009-02-14 01:27:21 ----D---- C:\WINDOWS\ie7updates
    2009-02-13 19:12:50 ----D---- C:\Program Files\Messenger Plus! Live
    2009-02-12 05:56:17 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-02-09 13:19:52 ----D---- C:\WINDOWS\system32\FxsTmp

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2003-12-05 28592]
    R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
    R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-05-20 30588]
    R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-07-28 5632]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-03-02 271360]
    R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
    R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-03-02 18048]
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
    R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2006-06-23 31488]
    R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
    R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2006-01-19 10068]
    R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-30 11988]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
    R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2006-02-28 84836]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
    R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2003-12-05 89168]
    S1 cbfdbe53;cbfdbe53; C:\WINDOWS\System32\drivers\cbfdbe53.sys []
    S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2006-07-16 23040]
    S3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
    S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
    S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
    S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DCamUSBEMPIA;Dazzle DVC90 Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2004-04-06 100957]
    S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-03-21 223128]
    S3 emAudio;Dazzle DVC90 Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2004-05-05 19584]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2004-04-06 5245]
    S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-05-02 25280]
    S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 607452]
    S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS []
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS []
    S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMPR5.SYS []
    S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRENDIS5.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS []
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS []
    S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
    S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2004-04-06 4493]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 STIrUsb;Dongle SigmaTel USB-IrDA; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USB_RNDIS;Inventel Gateway; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
    R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-01-22 65536]
    R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2003-12-05 798772]
    R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-03 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-05-24 311296]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-12-18 73728]
    R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-05-16 606720]
    R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-05-18 126976]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-28 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 RkPavProc;RkPavProc; C:\WINDOWS\system32\drivers\RkPavProc.sys [2007-08-22 14128]
    S3 sthjxjdxrhvb;sthjxjdxrhvb; C:\WINDOWS\system32\drivers\sthjxjdxrhvb.sys [2007-06-05 8576]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-02-27 1119888]

    -----------------EOF-----------------
    m
    0
    l
    a c 275 8 Sécurité
    3 Mars 2009 13:22:44

  • Supprime les traces de Symantec avec ceci.

  • Désinstalle Avast.

  • Installe Antivir et mets-le à jour.
  • Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
  • Dans Antivir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet et poste le rapport.

    Tutoriel : http://www.libellules.ch/tuto_antivir.php#Scan_disque_d...
    m
    0
    l
    3 Mars 2009 18:34:51

    Voilà le rapport de Antivir :

    Avira AntiVir Personal
    Report file date: mardi 3 mars 2009 16:27

    Scanning for 1281206 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: PCBRUNO

    Version information:
    BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
    ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 15:23:01
    ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 03/03/2009 15:23:04
    ANTIVIR3.VDF : 7.1.2.111 53248 Bytes 03/03/2009 15:23:04
    Engineversion : 8.2.0.98
    AEVDF.DLL : 8.1.1.0 106868 Bytes 03/03/2009 15:23:18
    AESCRIPT.DLL : 8.1.1.56 352634 Bytes 03/03/2009 15:23:17
    AESCN.DLL : 8.1.1.7 127347 Bytes 03/03/2009 15:23:16
    AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
    AEPACK.DLL : 8.1.3.8 397684 Bytes 03/03/2009 15:23:15
    AEOFFICE.DLL : 8.1.0.36 196987 Bytes 03/03/2009 15:23:13
    AEHEUR.DLL : 8.1.0.100 1618295 Bytes 03/03/2009 15:23:12
    AEHELP.DLL : 8.1.2.2 119158 Bytes 03/03/2009 15:23:08
    AEGEN.DLL : 8.1.1.22 336245 Bytes 03/03/2009 15:23:07
    AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
    AECORE.DLL : 8.1.6.6 176501 Bytes 03/03/2009 15:23:05
    AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 3 mars 2009 16:27

    Starting search for hidden objects.
    '108897' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'CCC.exe' - '1' Module(s) have been scanned
    Scan process 'IMApp.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
    Scan process 'MgApp.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.bin' - '1' Module(s) have been scanned
    Scan process 'soffice.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
    Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process '9wifi.exe' - '1' Module(s) have been scanned
    Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
    Scan process 'MOM.exe' - '1' Module(s) have been scanned
    Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'HPBootOp.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'USBTip.exe' - '1' Module(s) have been scanned
    Scan process 'UAService7.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    59 processes with 59 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '89' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\JeuxPC\Trainers\Trainer COH\cohtrnmg.exe
    [DETECTION] Is the TR/Agent.231424.A Trojan
    [NOTE] The file was deleted!
    C:\Documents and Settings\HP_Propriétaire\Mes documents\My Games\Posh.Boutique.rar
    [0] Archive type: RAR
    --> PoshBoutique.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bot.71149 back-door program
    [NOTE] The file was deleted!
    C:\PoshBoutique\PoshBoutique.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bot.71149 back-door program
    [NOTE] The file was deleted!
    C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
    [DETECTION] Contains recognition pattern of the WORM/Mailer.C worm
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\IEDFix.exe.vir
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.43 back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP423\A0126959.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.43 back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP423\A0126975.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP442\A0130935.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP442\A0130938.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP442\A0130939.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP442\A0130940.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP442\A0130955.exe
    [DETECTION] Is the TR/Dldr.Avfake Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP442\A0131028.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.43 back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP443\A0131193.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.43 back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP462\A0133186.exe
    [DETECTION] Is the TR/Agent.231424.A Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP462\A0133187.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bot.71149 back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP462\A0133190.dll
    [DETECTION] Contains recognition pattern of the WORM/Mailer.C worm
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A7O5WH3W\cd[1].htm
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A7O5WH3W\cd[1].htm
    [DETECTION] Is the TR/Click.Hatigh.C.1 Trojan
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\drivers\atapi.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <HP_RECOVERY>


    End of the scan: mardi 3 mars 2009 18:30
    Used time: 2:03:01 Hour(s)

    The scan has been done completely.

    16126 Scanning directories
    1116068 Files were scanned
    18 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    18 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    4 Files cannot be scanned
    1116046 Files not concerned
    18960 Archives were scanned
    8 Warnings
    18 Notes
    108897 Objects were scanned with rootkit scan
    0 Hidden objects were found

    m
    0
    l
    a c 275 8 Sécurité
    3 Mars 2009 20:32:38

    Ton PC va comment ?

  • Refais un scan RSIT et poste le rapport log.
    m
    0
    l
    3 Mars 2009 21:11:47

    Le scan RSIT :

    OCLogfile of random's system information tool 1.05 (written by random/random)
    Run by HP_Propriétaire at 2009-03-03 21:09:15
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 84 GB (45%) free of 185 GB
    Total RAM: 958 MB (14% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:09:34, on 03/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\HP_Propriétaire\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\HP_Propriétaire.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7d368dd65cb3489abda204c8e2839ac8
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7d368dd65cb3489abda204c8e2839ac8
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 13671 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-03 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-03 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-12-07 399424]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "USBToolTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2004-04-23 192512]
    "USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2004-04-06 61440]
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]
    "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]
    "PCLEPCI"=C:\PROGRA~1\Pinnacle\PPE\PPE.EXE [2004-02-03 49152]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
    "HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
    "HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-11-09 249856]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-11 49152]
    "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2006-05-20 188416]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-02-23 185896]
    "SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-05-16 1817600]
    "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2008-01-22 107248]
    "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
    "Autoconfigurateur WiFi Neuf"=C:\Program Files\Neuf\Kit\WiFi\9wifi.exe [2008-03-18 287984]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-03 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-06 67128]
    "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]
    "Magentic"=C:\PROGRA~1\Magentic\bin\Magentic.exe [2007-07-10 475180]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    PowerReg Scheduler.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "legalnoticecaption"=
    "legalnoticetext"=

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
    "C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
    "C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
    "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:D isabled:Windows Messenger"
    "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
    "C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:D arkCrusade"
    "C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe"="C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:D isabled:Star Wars Galactic Battlegrounds"
    "C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe"="C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe:*:Enabled:Star Wars Galactic Battlegrounds: Clone Campaigns"
    "C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2355e239-546c-11db-a886-0015f2e3fb67}]
    shell\AutoRun\command - L:\LaunchEAW.exe


    ======File associations======

    .scr - config - "%1" /S

    ======List of files/folders created in the last 1 months======

    2009-03-03 16:21:36 ----D---- C:\Program Files\Avira
    2009-03-03 16:21:36 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-03-03 15:58:26 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    2009-03-03 12:55:05 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-03-03 12:55:05 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-03-03 12:55:05 ----A---- C:\WINDOWS\system32\java.exe
    2009-03-03 12:33:43 ----A---- C:\Start_.cmd
    2009-03-03 12:33:42 ----A---- C:\WINDOWS\system32\CF23877.exe
    2009-03-03 12:33:15 ----A---- C:\Bug.txt
    2009-03-03 12:33:13 ----A---- C:\WINDOWS\system32\cmd.execf
    2009-03-03 12:32:58 ----D---- C:\32788R22FWJFW
    2009-03-03 11:23:41 ----SHD---- C:\RECYCLER
    2009-03-03 11:19:12 ----A---- C:\ComboFix.txt
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\zip.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\VFIND.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\SWSC.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\SWREG.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\sed.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\grep.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\fdsv.exe
    2009-03-02 22:11:22 ----D---- C:\Qoobox
    2009-03-02 21:45:01 ----D---- C:\_OTMoveIt
    2009-03-02 19:59:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-02 18:59:15 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-03-02 18:39:36 ----A---- C:\rapport.txt
    2009-03-02 18:08:31 ----D---- C:\rsit
    2009-02-27 21:49:54 ----D---- C:\Program Files\FireFly Studios
    2009-02-27 12:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-14 23:24:30 ----A---- C:\WINDOWS\Eye for Design Setup Log.txt
    2009-02-14 01:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

    ======List of files/folders modified in the last 1 months======

    2009-03-03 21:09:37 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Azureus
    2009-03-03 21:03:02 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-03 18:19:53 ----D---- C:\WINDOWS\TEMP
    2009-03-03 17:08:51 ----D---- C:\PoshBoutique
    2009-03-03 16:21:39 ----D---- C:\WINDOWS\system32\drivers
    2009-03-03 16:21:36 ----AD---- C:\Program Files
    2009-03-03 16:11:09 ----HD---- C:\Config.Msi
    2009-03-03 16:10:13 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-03 16:10:12 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-03 16:08:47 ----D---- C:\WINDOWS\system32
    2009-03-03 13:04:55 ----SHD---- C:\WINDOWS\Installer
    2009-03-03 13:04:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-03-03 13:01:36 ----D---- C:\Program Files\Fichiers communs\Adobe
    2009-03-03 13:01:00 ----D---- C:\Program Files\Adobe
    2009-03-03 12:54:51 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-03-03 12:54:49 ----D---- C:\Program Files\Java
    2009-03-03 11:19:17 ----AD---- C:\WINDOWS
    2009-03-03 11:13:02 ----A---- C:\WINDOWS\system.ini
    2009-03-03 11:09:53 ----D---- C:\WINDOWS\system32\config
    2009-03-03 11:09:02 ----D---- C:\WINDOWS\erdnt
    2009-03-03 11:07:34 ----D---- C:\WINDOWS\Downloaded Program Files
    2009-03-03 11:06:25 ----D---- C:\WINDOWS\AppPatch
    2009-03-03 11:06:16 ----D---- C:\Program Files\Fichiers communs
    2009-03-03 10:50:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2009-03-02 19:16:13 ----D---- C:\Program Files\Google
    2009-03-02 19:16:11 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-03-02 19:16:10 ----D---- C:\WINDOWS\Tasks
    2009-03-02 01:32:40 ----D---- C:\Program Files\Spyware Terminator
    2009-03-02 01:32:40 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Spyware Terminator
    2009-03-01 23:37:07 ----D---- C:\Program Files\VirtualDJ
    2009-03-01 23:27:17 ----D---- C:\Program Files\Nanny Mania
    2009-02-28 15:32:42 ----D---- C:\WINDOWS\system32\dllcache
    2009-02-28 15:31:49 ----D---- C:\WINDOWS\Prefetch
    2009-02-28 15:29:37 ----D---- C:\WINDOWS\Minidump
    2009-02-28 11:31:12 ----A---- C:\WINDOWS\LEXSTAT.INI
    2009-02-27 21:49:52 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-02-27 20:16:18 ----D---- C:\Program Files\Azureus
    2009-02-27 12:01:53 ----D---- C:\WINDOWS\inf
    2009-02-27 11:42:21 ----HD---- C:\WINDOWS\$hf_mig$
    2009-02-14 19:09:27 ----D---- C:\Program Files\eMule
    2009-02-14 01:27:47 ----A---- C:\WINDOWS\imsins.BAK
    2009-02-14 01:27:30 ----D---- C:\Program Files\Internet Explorer
    2009-02-14 01:27:21 ----D---- C:\WINDOWS\ie7updates
    2009-02-13 19:12:50 ----D---- C:\Program Files\Messenger Plus! Live
    2009-02-12 05:56:17 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-02-09 13:19:52 ----D---- C:\WINDOWS\system32\FxsTmp

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2003-12-05 28592]
    R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
    R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-05-20 30588]
    R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-07-28 5632]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-03-02 271360]
    R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
    R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-03-02 18048]
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2006-06-23 31488]
    R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
    R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2006-01-19 10068]
    R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-30 11988]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
    R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2006-02-28 84836]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
    R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2003-12-05 89168]
    S1 cbfdbe53;cbfdbe53; C:\WINDOWS\System32\drivers\cbfdbe53.sys []
    S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2006-07-16 23040]
    S3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
    S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
    S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
    S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DCamUSBEMPIA;Dazzle DVC90 Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2004-04-06 100957]
    S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-03-21 223128]
    S3 emAudio;Dazzle DVC90 Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2004-05-05 19584]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2004-04-06 5245]
    S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-05-02 25280]
    S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 607452]
    S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS []
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS []
    S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMPR5.SYS []
    S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRENDIS5.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS []
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS []
    S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
    S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2004-04-06 4493]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 STIrUsb;Dongle SigmaTel USB-IrDA; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USB_RNDIS;Inventel Gateway; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
    R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
    R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-01-22 65536]
    R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2003-12-05 798772]
    R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-03 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-05-24 311296]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-12-18 73728]
    R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-05-16 606720]
    R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-05-18 126976]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-28 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 RkPavProc;RkPavProc; C:\WINDOWS\system32\drivers\RkPavProc.sys [2007-08-22 14128]
    S3 sthjxjdxrhvb;sthjxjdxrhvb; C:\WINDOWS\system32\drivers\sthjxjdxrhvb.sys [2007-06-05 8576]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------

    Le PC remarche très bien ! Fond d'écran revenu, il n'y a plus de pub pour des antivirus ; ça marche très bien :) 
    m
    0
    l
    a c 275 8 Sécurité
    3 Mars 2009 23:11:14

  • Clique sur le Menu Demarrer / Panneau de configuration / Options des dossiers / puis dans l'onglet Affichage.
    - Décoche "Masquer les extensions des fichiers dont le type est connu".
  • Clique sur Appliquer, puis OK.

  • Sélectionne l’intégralité du cadre ci-dessous :
    @echo off & cls
    reg export "hklm\system\currentcontrolset\services\wuauserv" wuauserv.log
    wuauserv.log & del wuauserv.log
    exit

  • Copie/colle-le dans le Bloc-notes (Démarrer / Tous les programmes / Accessoires / Bloc-notes).
  • Enregistre-le sur ton Bureau sous le nom de Correction.bat
  • Double-clique dessus. Poste le rapport généré (si présent).
    m
    0
    l
    3 Mars 2009 23:30:43

    Voilà le rapport :

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wuauserv]
    "Type"=dword:00000020
    "Start"=dword:00000002
    "ErrorControl"=dword:00000001
    "ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
    74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
    00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
    6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
    "DisplayName"="Mises à jour automatiques"
    "ObjectName"="LocalSystem"
    "Description"="Autorise le téléchargement et l'installation des mises à jour de Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité Mises à jour automatiques, ni accéder au site Web Windows Update."

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wuauserv\Parameters]
    "ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
    00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,75,00,\
    61,00,75,00,73,00,65,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wuauserv\Security]
    "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
    00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
    00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
    05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
    20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
    01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wuauserv\Enum]
    "0"="Root\\LEGACY_WUAUSERV\\0000"
    "Count"=dword:00000001
    "NextInstance"=dword:00000001

    m
    0
    l
    a c 275 8 Sécurité
    4 Mars 2009 16:30:23

  • Clique sur le Menu Demarrer / Panneau de configuration / Options des dossiers / puis dans l'onglet Affichage.
    - Décoche "Masquer les extensions des fichiers dont le type est connu".
  • Clique sur Appliquer, puis OK.

  • Sélectionne l’intégralité du cadre ci-dessous :
    @echo off & cls
    reg export "hklm\system\currentcontrolset\services\BITS" BITS.log
    BITS.log & del BITS.log
    exit

  • Copie/colle-le dans le Bloc-notes (Démarrer / Tous les programmes / Accessoires / Bloc-notes).
  • Enregistre-le sur ton Bureau sous le nom de Correction.bat
  • Double-clique dessus. Poste le rapport généré (si présent).
    m
    0
    l
    4 Mars 2009 16:40:24

    Le voilà :

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BITS]
    "Type"=dword:00000020
    "Start"=dword:00000003
    "ErrorControl"=dword:00000001
    "ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
    74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
    00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
    6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
    "DisplayName"="Service de transfert intelligent en arrière-plan"
    "DependOnService"=hex(7):52,00,70,00,63,00,73,00,73,00,00,00,00,00
    "DependOnGroup"=hex(7):00,00
    "ObjectName"="LocalSystem"
    "Description"="Transfère des fichiers en tâche de fond en utilisant la bande passante du réseau lors de ses périodes d'inactivité. Si le service est arrêté, des fonctionnalités telles que Windows Update et MSN Explorer ne pourront plus télécharger automatiquement des programmes et d'autres informations. Si ce service est désactivé, tous les services qui en dépendent explicitement peuvent présenter des problèmes de transfert de fichiers s'ils ne disposent pas d'un mécanisme sûr de remplacement pour transférer les fichier"
    "FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,68,e3,0c,\
    00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BITS\Parameters]
    "ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
    00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
    71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BITS\Security]
    "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
    00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
    00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
    05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
    20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
    00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
    00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BITS\Enum]
    "0"="Root\\LEGACY_BITS\\0000"
    "Count"=dword:00000001
    "NextInstance"=dword:00000001

    m
    0
    l
    a c 275 8 Sécurité
    4 Mars 2009 16:45:07

    Merci, je te donne des nouvelles dès que possible.
    m
    0
    l
    4 Mars 2009 16:49:45

    Ok, merci.

    En tout cas, le PC remarche impeccablement bien, je te remercie moi aussi pour m'avoir aidé aussi rapidement ;) 
    m
    0
    l
    a c 275 8 Sécurité
    4 Mars 2009 19:06:58

    Il y a quelque chose de bizarre sur ton PC, nous sommes plusieurs à regarder ;) 

    Les mises à jour Windows fonctionnent ?

  • Clique sur le Menu Demarrer / Panneau de configuration / Options des dossiers / puis dans l'onglet Affichage.
    - Décoche "Masquer les extensions des fichiers dont le type est connu".
  • Clique sur Appliquer, puis OK.

  • Sélectionne l’intégralité du cadre ci-dessous :
    @echo off
    set >> var.log
    var.log & del var.log

  • Copie/colle-le dans le Bloc-notes (Démarrer / Tous les programmes / Accessoires / Bloc-notes).
  • Enregistre-le sur ton Bureau sous le nom de Correction.bat
  • Double-clique dessus. Poste le rapport généré (si présent).
    m
    0
    l
    4 Mars 2009 20:02:54

    Quelque chose de bizarre ? Vous êtes plusieurs à regarder ? Vous me faites peur :o 

    Oui, les mises à jour fonctionnent, elles s'installent automatiquement.

    Le rapport de Correction.bat ne se génère pas (mais la console s'est ouverte et a fait son travail ;) )
    m
    0
    l
    a c 275 8 Sécurité
    4 Mars 2009 20:12:53

    Pas de rapport ?
    m
    0
    l
    4 Mars 2009 20:16:44

    Non, pas de rapport.
    m
    0
    l
    a c 275 8 Sécurité
    4 Mars 2009 21:37:11

  • Menu Démarrer > Exécuter > Tape cmd et valide.
  • Tape set et valide.
  • Clique droit (en haut) > Modifier > Sélectionner tout > Valide avec entrée et colle (Ctrl+V) sur le forum.
    m
    0
    l
    4 Mars 2009 21:47:39

    Voilà :

    Microsoft Windows XP [version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\HP_Propriétaire>set
    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\HP_Propriétaire\Application Data
    CLASSPATH=.;®h’|C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip;C:\Program
    Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Fichiers communs
    COMPUTERNAME=PCBRUNO
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\HP_Propriétaire
    LOGONSERVER=\\PCBRUNO
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Prog
    ram Files\QuickTime\QTSystem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat
    ic;C:\Program Files\Samsung\Samsung PC Studio 3;;C:\PROGRA~1\FICHIE~1\MUVEET~1\0
    30625
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=2402
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SonicCentral=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
    USERDOMAIN=PCBRUNO
    USERNAME=HP_Propriétaire
    USERPROFILE=C:\Documents and Settings\HP_Propriétaire
    windir=C:\WINDOWS
    __COMPAT_LAYER=DisableNXShowUI

    C:\Documents and Settings\HP_Propriétaire>
    m
    0
    l
    a c 275 8 Sécurité
    4 Mars 2009 22:14:25

    1/

    On va maintenant devoir modifier le registre. Modifier le registre peut se révéler être très dangereux, c'est pourquoi nous allons créer une sauvegarde du registre avant d'effectuer nos modifications. Ainsi, en cas de souci, il n'y aura qu'à restaurer.

    Merci de procéder EXACTEMENT comme décrit ci-dessous :

    ---> Télécharge ERUNT.
    (ERUNT = Emergency Recovery Utility NT, c'est un programme gratuit qui te permet de conserver une sauvegarde complète de ta base de registre et de la restaurer quand cela s'avère nécessaire)

  • Installe ERUNT en suivant les instructions suivantes :
    (Suis les directives d'installation par défaut, mais dis non quand on te demande d'ajouter ERUNT au startup folder (dossier start up), d'autant plus que si tu le souhaites tu pourras ajouter cette option ultérieurement)
  • Lance ERUNT soit en double-cliquant sur l'icône présente sur ton bureau soit en choisissant de lancer le programme en fin d'installation.
  • Choisis un emplacement pour la sauvegarde (L'emplacement par défaut est : C:\WINDOWS\ERDNT ce qui est acceptable).
  • Assure-toi que les deux premières cases suivantes soient bien cochées !!!
  • Clique sur OK.
  • Clique sur YES pour créer le dossier de sauvegarde.




    2/

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BITS]
    "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
    74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
    00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
    6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wuauserv]
    "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
    74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
    00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
    6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log


    3/

  • Refais un scan RSIT et poste le rapport log.
    m
    0
    l
    5 Mars 2009 11:44:25

    Le rapport OTMoveIt :

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== REGISTRY ==========
    Unable to set value : HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BITS\\"ImagePath"|hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 /E!
    Unable to set value : HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wuauserv\\"ImagePath"|hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 /E!
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\etilqs_P7G85Pgtb5lqX7r5063W scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\Perflib_Perfdata_990.dat scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_hphtra07.log scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF735C.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF73A2.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF90C8.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF92AB.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6ac.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03052009_113257

    Files moved on Reboot...
    File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\etilqs_P7G85Pgtb5lqX7r5063W not found!
    C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
    File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\Perflib_Perfdata_990.dat not found!
    C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_hphtra07.log moved successfully.
    File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF735C.tmp not found!
    File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF73A2.tmp not found!
    File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF90C8.tmp not found!
    File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF92AB.tmp not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_6ac.dat not found!
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\8bs1vmnj.default\urlclassifier3.sqlite moved successfully.

    Le rapport RSIT :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by HP_Propriétaire at 2009-03-05 11:43:20
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 79 GB (43%) free of 185 GB
    Total RAM: 958 MB (41% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:43:34, on 05/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\HP_Propriétaire\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\HP_Propriétaire.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7d368dd65cb3489abda204c8e2839ac8
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7d368dd65cb3489abda204c8e2839ac8
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Service Google Update (gupdate1c99ce954a1bd6e) (gupdate1c99ce954a1bd6e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 13833 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
    C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-04 312928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-03 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-03 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-12-07 399424]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "USBToolTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2004-04-23 192512]
    "USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2004-04-06 61440]
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]
    "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]
    "PCLEPCI"=C:\PROGRA~1\Pinnacle\PPE\PPE.EXE [2004-02-03 49152]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
    "HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
    "HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-11-09 249856]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-11 49152]
    "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2006-05-20 188416]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    "SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-05-16 1817600]
    "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2008-01-22 107248]
    "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
    "Autoconfigurateur WiFi Neuf"=C:\Program Files\Neuf\Kit\WiFi\9wifi.exe [2008-03-18 287984]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-03 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-03-04 198160]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-06 67128]
    "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]
    "Magentic"=C:\PROGRA~1\Magentic\bin\Magentic.exe [2007-07-10 475180]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    PowerReg Scheduler.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "legalnoticecaption"=
    "legalnoticetext"=

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
    "C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
    "C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
    "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:D isabled:Windows Messenger"
    "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
    "C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:D arkCrusade"
    "C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe"="C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:D isabled:Star Wars Galactic Battlegrounds"
    "C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe"="C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe:*:Enabled:Star Wars Galactic Battlegrounds: Clone Campaigns"
    "C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2355e239-546c-11db-a886-0015f2e3fb67}]
    shell\AutoRun\command - L:\LaunchEAW.exe


    ======File associations======

    .scr - config - "%1" /S

    ======List of files/folders created in the last 1 months======

    2009-03-05 11:31:28 ----D---- C:\Program Files\ERUNT
    2009-03-04 17:54:57 ----D---- C:\Program Files\Fichiers communs\xing shared
    2009-03-03 16:21:36 ----D---- C:\Program Files\Avira
    2009-03-03 16:21:36 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-03-03 15:58:26 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    2009-03-03 12:55:05 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-03-03 12:55:05 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-03-03 12:55:05 ----A---- C:\WINDOWS\system32\java.exe
    2009-03-03 12:33:43 ----A---- C:\Start_.cmd
    2009-03-03 12:33:42 ----A---- C:\WINDOWS\system32\CF23877.exe
    2009-03-03 12:33:15 ----A---- C:\Bug.txt
    2009-03-03 12:33:13 ----A---- C:\WINDOWS\system32\cmd.execf
    2009-03-03 12:32:58 ----D---- C:\32788R22FWJFW
    2009-03-03 11:23:41 ----SHD---- C:\RECYCLER
    2009-03-03 11:19:12 ----A---- C:\ComboFix.txt
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\zip.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\VFIND.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\SWSC.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\SWREG.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\sed.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\grep.exe
    2009-03-03 11:02:18 ----A---- C:\WINDOWS\fdsv.exe
    2009-03-02 22:11:22 ----D---- C:\Qoobox
    2009-03-02 21:45:01 ----D---- C:\_OTMoveIt
    2009-03-02 19:59:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-02 18:59:15 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-03-02 18:39:36 ----A---- C:\rapport.txt
    2009-03-02 18:08:31 ----D---- C:\rsit
    2009-02-27 21:49:54 ----D---- C:\Program Files\FireFly Studios
    2009-02-27 12:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-14 23:24:30 ----A---- C:\WINDOWS\Eye for Design Setup Log.txt
    2009-02-14 01:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

    ======List of files/folders modified in the last 1 months======

    2009-03-05 11:40:12 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-05 11:38:45 ----D---- C:\WINDOWS\TEMP
    2009-03-05 11:36:46 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-05 11:32:04 ----D---- C:\WINDOWS\erdnt
    2009-03-05 11:31:28 ----AD---- C:\Program Files
    2009-03-05 11:30:43 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Azureus
    2009-03-05 11:11:38 ----D---- C:\WINDOWS\system32
    2009-03-04 17:54:57 ----D---- C:\Program Files\Fichiers communs
    2009-03-04 17:54:33 ----D---- C:\Program Files\Fichiers communs\Real
    2009-03-04 17:54:20 ----A---- C:\WINDOWS\system32\rmoc3260.dll
    2009-03-04 17:53:48 ----A---- C:\WINDOWS\system32\pndx5032.dll
    2009-03-04 17:53:48 ----A---- C:\WINDOWS\system32\pndx5016.dll
    2009-03-04 17:53:29 ----A---- C:\WINDOWS\system32\pncrt.dll
    2009-03-04 17:53:29 ----A---- C:\WINDOWS\system32\msvcr71.dll
    2009-03-04 17:51:00 ----D---- C:\Program Files\Google
    2009-03-04 17:50:44 ----SHD---- C:\WINDOWS\Installer
    2009-03-04 17:50:32 ----D---- C:\WINDOWS\Tasks
    2009-03-04 12:03:26 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-03 17:08:51 ----D---- C:\PoshBoutique
    2009-03-03 16:21:39 ----D---- C:\WINDOWS\system32\drivers
    2009-03-03 16:11:09 ----HD---- C:\Config.Msi
    2009-03-03 13:04:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-03-03 13:01:36 ----D---- C:\Program Files\Fichiers communs\Adobe
    2009-03-03 13:01:00 ----D---- C:\Program Files\Adobe
    2009-03-03 12:54:51 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-03-03 12:54:49 ----D---- C:\Program Files\Java
    2009-03-03 11:19:17 ----AD---- C:\WINDOWS
    2009-03-03 11:13:02 ----A---- C:\WINDOWS\system.ini
    2009-03-03 11:09:53 ----D---- C:\WINDOWS\system32\config
    2009-03-03 11:07:34 ----D---- C:\WINDOWS\Downloaded Program Files
    2009-03-03 11:06:25 ----D---- C:\WINDOWS\AppPatch
    2009-03-03 10:50:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2009-03-02 19:16:11 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-03-02 01:32:40 ----D---- C:\Program Files\Spyware Terminator
    2009-03-02 01:32:40 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Spyware Terminator
    2009-03-01 23:37:07 ----D---- C:\Program Files\VirtualDJ
    2009-03-01 23:27:17 ----D---- C:\Program Files\Nanny Mania
    2009-02-28 15:32:42 ----D---- C:\WINDOWS\system32\dllcache
    2009-02-28 15:31:49 ----D---- C:\WINDOWS\Prefetch
    2009-02-28 15:29:37 ----D---- C:\WINDOWS\Minidump
    2009-02-28 11:31:12 ----A---- C:\WINDOWS\LEXSTAT.INI
    2009-02-27 21:49:52 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-02-27 20:16:18 ----D---- C:\Program Files\Azureus
    2009-02-27 12:01:53 ----D---- C:\WINDOWS\inf
    2009-02-27 11:42:21 ----HD---- C:\WINDOWS\$hf_mig$
    2009-02-14 19:09:27 ----D---- C:\Program Files\eMule
    2009-02-14 01:27:47 ----A---- C:\WINDOWS\imsins.BAK
    2009-02-14 01:27:30 ----D---- C:\Program Files\Internet Explorer
    2009-02-14 01:27:21 ----D---- C:\WINDOWS\ie7updates
    2009-02-13 19:12:50 ----D---- C:\Program Files\Messenger Plus! Live
    2009-02-12 05:56:17 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-02-09 13:19:52 ----D---- C:\WINDOWS\system32\FxsTmp

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2003-12-05 28592]
    R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
    R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-05-20 30588]
    R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-07-28 5632]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-03-02 271360]
    R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
    R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-03-02 18048]
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2006-06-23 31488]
    R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
    R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2006-01-19 10068]
    R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-30 11988]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
    R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2006-02-28 84836]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
    R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2003-12-05 89168]
    S1 cbfdbe53;cbfdbe53; C:\WINDOWS\System32\drivers\cbfdbe53.sys []
    S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2006-07-16 23040]
    S3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
    S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
    S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
    S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DCamUSBEMPIA;Dazzle DVC90 Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2004-04-06 100957]
    S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-03-21 223128]
    S3 emAudio;Dazzle DVC90 Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2004-05-05 19584]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2004-04-06 5245]
    S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-05-02 25280]
    S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 607452]
    S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS []
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS []
    S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MREMPR5.SYS []
    S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRENDIS5.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS []
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS []
    S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
    S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2004-04-06 4493]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 STIrUsb;Dongle SigmaTel USB-IrDA; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USB_RNDIS;Inventel Gateway; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
    R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
    R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-01-22 65536]
    R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2003-12-05 798772]
    R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-03 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-05-24 311296]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-12-18 73728]
    R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-05-16 606720]
    R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-05-18 126976]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
    S2 gupdate1c99ce954a1bd6e;Service Google Update (gupdate1c99ce954a1bd6e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-04 133104]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-28 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 RkPavProc;RkPavProc; C:\WINDOWS\system32\drivers\RkPavProc.sys [2007-08-22 14128]
    S3 sthjxjdxrhvb;sthjxjdxrhvb; C:\WINDOWS\system32\drivers\sthjxjdxrhvb.sys [2007-06-05 8576]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------
    m
    0
    l
    a c 275 8 Sécurité
    5 Mars 2009 19:08:41

    Ça n'a pas fonctionné.

  • Crée un fichier Bloc-notes avec le texte qui se trouve dans l'encadré ci-dessous (copie/colle):

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BITS]
    "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
    74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
    00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
    6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wuauserv]
    "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
    74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
    00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
    6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00


    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : fix.reg
    - Type : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc-notes.

    Utilisation du fichier : fix.reg :
    Double-clique sur le fichier (Bureau) / Accepte l'avertissement concernant la fusion / ne pas s'étonner de ne rien voir / valide le message disant que la fusion est terminée.

  • Refais un scan RSIT et poste le rapport log.
    m
    0
    l
    5 Mars 2009 20:36:28

    Pour la fusion, ça me marque "Erreur dans le registre" ; alors que j'ai fait toute la bonne démarche pour créer le fichier fix.reg.

    Je ne peux pas réaliser la fusion.
    m
    0
    l
    a c 275 8 Sécurité
    6 Mars 2009 01:20:04

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

  • Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

    Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    m
    0
    l
    6 Mars 2009 17:45:45

    Le rapport TCleaner :

    [ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Combofix.txt: trouvé !
    C:\Qoobox: trouvé !
    C:\_OtMoveIt: trouvé !
    C:\Rsit: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\OTMoveIt3.exe: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Rsit.exe: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\HijackThis.lnk: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\FixWareout.exe: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\Navilog1.exe: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\Navilog1.lnk: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\vundoFix.exe: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\SDFIX: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\DiagHelp: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\SmitFraudfix: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\DiagHelp\DiagHelp: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\SmitfraudFix\SmitFraudfix: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\HijackThis.lnk: supprimé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\FixWareout.exe: supprimé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\Navilog1.exe: supprimé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\Navilog1.lnk: supprimé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\vundoFix.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\OTMoveIt3.exe: supprimé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Rsit.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\Qoobox: supprimé !
    C:\_OtMoveIt: supprimé !
    C:\Rsit: supprimé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\SDFIX: supprimé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\DiagHelp: supprimé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\Mes fichiers\Anti-virus\Anti-Virus Système\SmitFraudfix: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    J'ai fait tout le reste.
    Je suis déjà sous Firefox (je confirme Internet Explorer c'est pas génial, Firefox forever for me :) ) avec l'extension NoScript.
    m
    0
    l
    a c 275 8 Sécurité
    6 Mars 2009 17:46:40

    Tu peux supprimer ToolsCleaner.
    m
    0
    l
    a c 275 8 Sécurité
    6 Mars 2009 20:37:49

    Des questions ?
    m
    0
    l
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS