Se connecter / S'enregistrer
Votre question

Mon pc souffre et moi aussi aidez moi svp

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Février 2009 20:43:38

voila le "hijackthis" merci de m'aider:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38, on 2002-02-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\MAXIPOWER\TWL541P\Mrv8000x.exe
C:\DOCUME~1\nacera\LOCALS~1\Temp\winepjij.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
O4 - HKLM\..\Policies\Explorer\Run: [USER-6386143AA7] .vbe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: TWL541P.lnk = C:\Program Files\MAXIPOWER\TWL541P\Mrv8000x.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D02EC146-87C0-4F4B-A661-29BB4B4830F1}: NameServer = 192.168.1.1,202.96.128.68
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: 88f5ece4530 - C:\WINDOWS\System32\iasnap32.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8283 bytes


merci merci de votre aide d'avance

Autres pages sur : souffre aidez svp

a c 267 8 Sécurité
27 Février 2009 21:12:02

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit\.
    27 Février 2009 21:46:30

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by nacera at 2002-02-27 21:40:20
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 59 GB (75%) free of 79 GB
    Total RAM: 1015 MB (42% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:40, on 2002-02-27
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\WScript.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\FlashGet\FlashGet.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
    C:\Program Files\MAXIPOWER\TWL541P\Mrv8000x.exe
    C:\DOCUME~1\nacera\LOCALS~1\Temp\winepjij.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Downloads\RSIT.exe
    C:\Downloads\nacera.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
    O4 - HKLM\..\Policies\Explorer\Run: [USER-6386143AA7] .vbe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Global Startup: TWL541P.lnk = C:\Program Files\MAXIPOWER\TWL541P\Mrv8000x.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D02EC146-87C0-4F4B-A661-29BB4B4830F1}: NameServer = 192.168.1.1,202.96.128.68
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: 88f5ece4530 - C:\WINDOWS\System32\iasnap32.dll (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 8302 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
    FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-21 657904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
    Peer2Peer-FR Toolbar - C:\Program Files\Peer2Peer-FR\tbPee1.dll [2002-02-26 1883672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
    PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-02-13 806912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-16 522224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-14 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
    FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - Peer2Peer-FR Toolbar - C:\Program Files\Peer2Peer-FR\tbPee1.dll [2002-02-26 1883672]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
    {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-02-13 806912]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
    "Persistence"=C:\WINDOWS\system32\igfxpers.exe []
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 211736]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 232216]
    "Flashget"=C:\Program Files\FlashGet\FlashGet.exe [2007-09-11 2076720]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 2770800]
    "Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 389120]
    "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "USER-6386143AA7"=C:\WINDOWS\system32\.vbe [2009-02-22 10000]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-30 15360]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-21 39408]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5806104]
    "EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 250368]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5806104]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    C:\WINDOWS\RTHDCPL.EXE [2002-02-26 16384000]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    C:\Program Files\Skype\Phone\Skype.exe [2008-09-29 24520488]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    TWL541P.lnk - C:\Program Files\MAXIPOWER\TWL541P\Mrv8000x.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\88f5ece4530]
    C:\WINDOWS\System32\iasnap32.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-04-30 133632]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=1
    "DisableRegistryTools"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableLUA"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "ForceClassicControlPanel"=1
    "NoSMHelp"=1
    "NoSMConfigurePrograms"=1
    "NoSMMyPictures"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:ipsec"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "J:\flashget194en.exe"="J:\flashget194en.exe:*:Enabled:ipsec"
    "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:ipsec"
    "C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
    "C:\WINDOWS\ALCMTR.EXE"="C:\WINDOWS\ALCMTR.EXE:*:Enabled:ipsec"
    "C:\WINDOWS\system32\kamsoft.exe"="C:\WINDOWS\system32\kamsoft.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winrimy.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winrimy.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winsnewqg.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winsnewqg.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\sfglne.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\sfglne.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winwbpxg.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winwbpxg.exe:*:Enabled:ipsec"
    "C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\jofhx.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\jofhx.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\kxym.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\kxym.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winiaomm.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winiaomm.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winlislt.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winlislt.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winbndaaj.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winbndaaj.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\sqhav.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\sqhav.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winvdbi.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winvdbi.exe:*:Enabled:ipsec"
    "C:\Program Files\Spyware Doctor\pctsTray.exe"="C:\Program Files\Spyware Doctor\pctsTray.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\windprq.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\windprq.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winpvgjis.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winpvgjis.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\pfroa.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\pfroa.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\vvfoyn.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\vvfoyn.exe:*:Enabled:ipsec"
    "C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec"
    "C:\WINDOWS\system32\igfxtray.exe"="C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winvjnavx.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winvjnavx.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\wqtt.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\wqtt.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\gljga.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\gljga.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\ujemg.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\ujemg.exe:*:Enabled:ipsec"
    "C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\regedits.exe"="C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\regedits.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\tttll.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\tttll.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\mmnpty.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\mmnpty.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winuxrsx.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winuxrsx.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winexbhv.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winexbhv.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winjukfsv.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winjukfsv.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winudtnoe.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winudtnoe.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winoorfok.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winoorfok.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\brki.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\brki.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winftlc.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winftlc.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\wingqdx.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\wingqdx.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winoskqfu.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winoskqfu.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winedynw.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winedynw.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winftys.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winftys.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winutjlhf.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winutjlhf.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winibeaul.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winibeaul.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winslul.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winslul.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\myrj.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\myrj.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winqdcu.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winqdcu.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winveklh.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winveklh.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winujrtb.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winujrtb.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\qudo.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\qudo.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winjmsd.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winjmsd.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winsklp.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winsklp.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winrqhfv.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winrqhfv.exe:*:Enabled:ipsec"
    "C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winntrvp.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winntrvp.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\nlifou.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\nlifou.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winljqxqy.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winljqxqy.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\kevjdm.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\kevjdm.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winxpci.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winxpci.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winljypeb.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winljypeb.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\viojem.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\viojem.exe:*:Enabled:ipsec"
    "C:\WINDOWS\system32\igfxpers.exe"="C:\WINDOWS\system32\igfxpers.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winogynp.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winogynp.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\pfoc.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\pfoc.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winyenf.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winyenf.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\flscfw.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\flscfw.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winpigh.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winpigh.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\saliha\LOCALS~1\Temp\winoaeykb.exe"="C:\DOCUME~1\saliha\LOCALS~1\Temp\winoaeykb.exe:*:Enabled:ipsec"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\irtoyq.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\irtoyq.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winfexdrw.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winfexdrw.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\sffgl.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\sffgl.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\gedqw.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\gedqw.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\ldimum.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\ldimum.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\lnpk.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\lnpk.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\wingyxm.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\wingyxm.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\saliha\LOCALS~1\Temp\winxwwimb.exe"="C:\DOCUME~1\saliha\LOCALS~1\Temp\winxwwimb.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\saliha\LOCALS~1\Temp\winpybsh.exe"="C:\DOCUME~1\saliha\LOCALS~1\Temp\winpybsh.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\saliha\LOCALS~1\Temp\vivsws.exe"="C:\DOCUME~1\saliha\LOCALS~1\Temp\vivsws.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\saliha\LOCALS~1\Temp\winubwwrl.exe"="C:\DOCUME~1\saliha\LOCALS~1\Temp\winubwwrl.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winslsu.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winslsu.exe:*:Enabled:ipsec"
    "C:\Program Files\MAXIPOWER\TWL541P\Mrv8000x.exe"="C:\Program Files\MAXIPOWER\TWL541P\Mrv8000x.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\dhpaw.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\dhpaw.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\uprqg.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\uprqg.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winsmih.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winsmih.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winwwmt.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winwwmt.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winvkly.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winvkly.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winbxtli.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winbxtli.exe:*:Enabled:ipsec"
    "C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\saoh.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\saoh.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winurhjk.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winurhjk.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\aixr.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\aixr.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\wingpek.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\wingpek.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\wintfma.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\wintfma.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\vstdug.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\vstdug.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\tpvdck.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\tpvdck.exe:*:Enabled:ipsec"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    shell\AutoRun\command - K:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11b4cd84-bf49-11dd-86dd-0018f3729656}]
    shell\AutoRun\command - wscript.exe .\.vbs
    shell\open\command - wscript.exe .\.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a010b0c-ec6e-11dd-8763-00111134106e}]
    shell\AutoRun\command - wscript.exe .\.vbs
    shell\open\command - wscript.exe .\.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4422a286-0103-11de-879e-00111134106e}]
    shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4422a287-0103-11de-879e-00111134106e}]
    shell\AutoRun\command - wscript.exe .\.vbs
    shell\open\command - wscript.exe .\.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bbe5fa-d9d0-11dd-873d-00111134106e}]
    shell\AutoRun\command - K:\ij.bat
    shell\explore\command - K:\ij.bat
    shell\open\command - K:\ij.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c500051c-d1a4-11dd-8721-00111134106e}]
    shell\AutoRun\command - J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\regedits.exe
    shell\open\command - J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\regedits.exe


    ======File associations======

    .ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
    .txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

    ======List of files/folders created in the last 1 months======

    2009-02-22 18:07:31 ----D---- C:\Documents and Settings\nacera\Application Data\U3
    2009-02-13 12:04:42 ----D---- C:\Program Files\PDFCreator Toolbar
    2009-02-13 12:04:27 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
    2009-02-13 12:04:26 ----A---- C:\WINDOWS\system32\VB6FR.DLL
    2009-02-13 12:04:26 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
    2009-02-13 12:04:26 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
    2009-02-13 12:04:26 ----A---- C:\WINDOWS\system32\MSCC2FR.DLL
    2009-02-13 12:04:25 ----D---- C:\Program Files\PDFCreator
    2009-02-13 12:00:37 ----SHD---- C:\WINDOWS\system32\LocalService32
    2009-02-13 11:59:31 ----ASH---- C:\WINDOWS\system32\57.tmp
    2009-02-11 13:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
    2009-02-07 20:17:44 ----D---- C:\Documents and Settings\All Users\Application Data\UDL
    2009-02-07 20:15:37 ----A---- C:\WINDOWS\system32\PICSDK2.dll
    2009-02-07 20:15:37 ----A---- C:\WINDOWS\system32\PICSDK.ini
    2009-02-07 20:15:37 ----A---- C:\WINDOWS\system32\PICSDK.dll
    2009-02-07 20:15:37 ----A---- C:\WINDOWS\system32\PICEntry.dll
    2009-02-07 20:15:37 ----A---- C:\WINDOWS\system32\EpPicPrt.dll
    2009-02-07 20:15:37 ----A---- C:\WINDOWS\system32\EPPicMgr.dll
    2009-02-07 20:15:35 ----D---- C:\Documents and Settings\nacera\Application Data\InstallShield
    2009-02-07 20:14:57 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON
    2009-02-07 20:14:54 ----A---- C:\WINDOWS\system32\E_FLBCAE.DLL
    2009-02-07 20:14:54 ----A---- C:\WINDOWS\system32\E_FD4BCAE.DLL
    2009-02-07 20:14:54 ----A---- C:\WINDOWS\system32\E_DCINST.DLL
    2009-02-07 20:12:17 ----D---- C:\Program Files\epson
    2009-02-07 20:12:17 ----A---- C:\WINDOWS\system32\eswiaml.dll
    2009-02-07 20:12:17 ----A---- C:\WINDOWS\system32\eswia7e.dll
    2009-02-07 20:12:17 ----A---- C:\WINDOWS\system32\esint7e.dll
    2009-02-05 21:08:52 ----D---- C:\Program Files\MSECache
    2009-01-14 08:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-13 20:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2009-01-11 11:27:08 ----D---- C:\Documents and Settings\nacera\Application Data\LimeWire
    2009-01-11 11:26:48 ----D---- C:\Program Files\LimeWire
    2008-12-27 22:41:57 ----D---- C:\My Documents
    2008-12-26 12:13:05 ----D---- C:\my dvd
    2008-12-26 00:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-12-26 00:38:48 ----D---- C:\Documents and Settings\nacera\Application Data\CyberLink
    2008-12-26 00:36:27 ----A---- C:\WINDOWS\system32\msxml3a.dll
    2008-12-23 22:26:19 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
    2008-12-22 19:43:39 ----D---- C:\WINDOWS\ERDNT
    2008-12-22 19:43:39 ----D---- C:\Qoobox
    2008-12-22 19:43:39 ----A---- C:\WINDOWS\system32\CF31543.exe
    2008-12-21 22:34:15 ----D---- C:\Program Files\7-Zip
    2008-12-21 19:27:28 ----D---- C:\WINDOWS\pss
    2008-12-21 19:11:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-21 12:43:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-12-21 11:57:29 ----D---- C:\Downloads
    2008-12-21 11:51:32 ----D---- C:\Program Files\FlashGet
    2008-12-19 16:31:46 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2008-12-18 10:56:42 ----D---- C:\Program Files\Peer2Peer-FR
    2008-12-18 10:56:42 ----D---- C:\Program Files\Conduit
    2008-12-17 21:26:57 ----D---- C:\Documents and Settings\nacera\Application Data\Google
    2008-12-17 21:26:15 ----D---- C:\Documents and Settings\nacera\Application Data\skypePM
    2008-12-17 21:25:22 ----D---- C:\Documents and Settings\nacera\Application Data\Skype
    2008-12-17 21:25:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2008-12-17 21:25:12 ----D---- C:\Program Files\Google
    2008-12-17 21:25:09 ----D---- C:\Program Files\Skype
    2008-12-17 21:25:08 ----D---- C:\Program Files\Fichiers communs\Skype
    2008-12-17 21:25:03 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2008-12-17 20:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
    2008-12-14 09:38:12 ----D---- C:\WINDOWS\Sun
    2008-12-14 09:37:59 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-14 09:37:59 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-14 09:37:59 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-14 09:37:59 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-14 09:37:46 ----D---- C:\Program Files\Java
    2008-12-14 09:23:19 ----D---- C:\Documents and Settings\nacera\Application Data\Sun
    2008-12-12 20:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-12 20:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-12 20:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2008-12-12 20:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-12 20:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-12 11:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-12-12 11:26:23 ----D---- C:\Program Files\Fichiers communs\Adobe
    2008-12-12 11:26:23 ----D---- C:\Program Files\Adobe
    2008-12-12 08:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-12-12 08:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-12-12 08:50:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-12-12 08:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-12-12 08:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2008-12-12 08:50:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-12-12 08:49:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-12-11 17:08:59 ----A---- C:\WINDOWS\system32\muweb.dll
    2008-12-11 17:08:59 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
    2008-12-11 17:08:59 ----A---- C:\WINDOWS\system32\mucltui.dll
    2008-12-10 21:06:45 ----D---- C:\Program Files\uTorrent
    2008-12-10 21:06:43 ----D---- C:\Documents and Settings\nacera\Application Data\uTorrent
    2008-12-10 20:55:14 ----D---- C:\WINDOWS\system32\DirectX
    2008-12-10 20:55:14 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
    2008-12-10 20:54:52 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-12-10 19:48:49 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-12-10 19:48:47 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-10 19:48:43 ----D---- C:\Program Files\Windows Live
    2008-12-10 19:48:42 ----D---- C:\WINDOWS\ie7updates
    2008-12-10 19:48:38 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-12-10 19:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-12-10 19:48:31 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2008-12-10 19:12:09 ----D---- C:\Documents and Settings\nacera\Application Data\Macromedia
    2008-12-10 19:10:26 ----D---- C:\Documents and Settings\nacera\Application Data\Adobe
    2008-12-08 21:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-12-08 17:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-12-08 17:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2008-12-08 17:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-12-08 17:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
    2008-12-08 17:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-12-08 17:09:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-12-08 17:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-12-08 17:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2008-12-08 17:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-12-08 16:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-12-08 16:56:03 ----D---- C:\WINDOWS\system32\PreInstall
    2008-12-08 16:36:39 ----N---- C:\WINDOWS\system32\spmsg.dll
    2008-12-08 16:36:38 ----A---- C:\WINDOWS\system32\spupdsvc.exe
    2008-12-08 16:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
    2008-12-08 16:36:37 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-08 16:29:33 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-12-08 16:29:33 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-12-08 16:29:32 ----D---- C:\WINDOWS\system32\SoftwareDistribution
    2008-12-08 16:29:32 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-12-08 16:29:32 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-12-04 21:01:42 ----D---- C:\Program Files\MAXIPOWER
    2008-12-04 11:49:58 ----D---- C:\Documents and Settings\nacera\Application Data\Identities
    2008-12-04 11:49:50 ----SD---- C:\Documents and Settings\nacera\Application Data\Microsoft
    2008-12-04 11:49:50 ----ASH---- C:\Documents and Settings\nacera\Application Data\desktop.ini
    2008-09-05 23:30:46 ----N---- C:\WINDOWS\system32\WgaLogon.dll
    2008-09-05 23:30:06 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
    2008-09-05 23:30:04 ----N---- C:\WINDOWS\system32\WgaTray.exe
    2008-09-03 17:53:02 ----RA---- C:\WINDOWS\system32\kbdgeo.dll
    2008-09-03 17:53:02 ----RA---- C:\WINDOWS\system32\kbdarmw.dll
    2008-09-03 17:53:02 ----RA---- C:\WINDOWS\system32\kbdarme.dll
    2008-09-03 17:53:02 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdintel.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdintam.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdinpun.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdinmar.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdinkan.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdinhin.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdinguj.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdindev.dll
    2008-09-03 17:53:01 ----A---- C:\WINDOWS\system32\c_iscii.dll
    2008-09-03 17:53:00 ----RA---- C:\WINDOWS\system32\kbdvntc.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbdurdu.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbdsyr2.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbdsyr1.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbdfa.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbddiv2.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbddiv1.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbda3.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbda2.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbda1.dll
    2008-09-03 17:52:58 ----A---- C:\WINDOWS\system32\kbdusa.dll
    2008-09-03 17:52:55 ----RA---- C:\WINDOWS\system32\kbdheb.dll
    2008-09-03 17:52:50 ----RA---- C:\WINDOWS\system32\kbdth3.dll
    2008-09-03 17:52:50 ----RA---- C:\WINDOWS\system32\kbdth2.dll
    2008-09-03 17:52:49 ----RA---- C:\WINDOWS\system32\kbdth1.dll
    2008-09-03 17:52:49 ----RA---- C:\WINDOWS\system32\kbdth0.dll
    2008-09-03 17:52:45 ----A---- C:\WINDOWS\system32\ftlx041e.dll
    2008-09-03 17:48:14 ----SHD---- C:\RECYCLER
    2008-09-03 10:48:53 ----RA---- C:\WINDOWS\system32\igfxres.dll
    2008-09-03 10:46:36 ----RA---- C:\WINDOWS\system32\igmedkrn.dll
    2008-09-03 10:46:36 ----RA---- C:\WINDOWS\system32\ig4icd32.dll
    2008-09-03 10:46:36 ----RA---- C:\WINDOWS\system32\ig4dev32.dll
    2008-09-01 21:13:00 ----A---- C:\WINDOWS\system32\msvcr71.dll
    2008-09-01 21:13:00 ----A---- C:\WINDOWS\system32\msvcp71.dll
    2008-09-01 21:13:00 ----A---- C:\WINDOWS\system32\mfc71.dll
    2008-09-01 21:13:00 ----A---- C:\WINDOWS\system32\aswBoot.exe
    2008-09-01 21:12:59 ----D---- C:\Program Files\Alwil Software
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igxprd32.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igxpgd32.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igxpdx32.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igxpdv32.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\iglicd32.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igldev32.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxzoom.exe
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxtray.exe
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxsrvc.exe
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxsrvc.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxress.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxpph.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxext.exe
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxexps.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxdo.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxdev.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxCoIn_v4837.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxcfg.exe
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\hkcmd.exe
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\hccutils.dll
    2008-09-01 21:00:59 ----RA---- C:\WINDOWS\system32\igxpun.exe
    2008-09-01 21:00:59 ----RA---- C:\WINDOWS\system32\difxapi.dll
    2008-09-01 21:00:59 ----D---- C:\WINDOWS\system32\Lang
    2008-09-01 20:46:41 ----D---- C:\WINDOWS\OPTIONS
    2008-09-01 20:46:01 ----R---- C:\WINDOWS\system32\ChCfg.exe
    2008-09-01 20:45:41 ----D---- C:\WINDOWS\system32\RTCOM
    2008-09-01 20:45:39 ----A---- C:\WINDOWS\system32\ksuser.dll
    2008-09-01 20:45:06 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-09-01 20:44:52 ----D---- C:\Program Files\Fichiers communs\InstallShield
    2008-09-01 20:44:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2008-09-01 20:44:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-09-01 20:44:01 ----D---- C:\Program Files\Intel
    2008-09-01 20:43:40 ----D---- C:\Intel
    2008-09-01 20:40:40 ----A---- C:\WINDOWS\system32\mdimon.dll
    2008-09-01 20:39:02 ----D---- C:\Program Files\Fichiers communs\DESIGNER
    2008-09-01 20:38:57 ----D---- C:\Program Files\Microsoft Works
    2008-09-01 20:38:52 ----D---- C:\Program Files\Microsoft Visual Studio
    2008-09-01 20:38:31 ----D---- C:\WINDOWS\SHELLNEW
    2008-09-01 20:38:15 ----D---- C:\Program Files\Microsoft.NET
    2008-09-01 20:38:15 ----D---- C:\Program Files\Microsoft Office
    2008-09-01 20:30:35 ----A---- C:\WINDOWS\system32\h323log.txt
    2008-09-01 20:29:26 ----A---- C:\WINDOWS\system32\irmon.dll
    2008-09-01 20:29:25 ----A---- C:\WINDOWS\system32\wshirda.dll
    2008-09-01 20:29:25 ----A---- C:\WINDOWS\system32\irftp.exe
    2008-09-01 20:28:50 ----A---- C:\WINDOWS\system32\usbui.dll
    2008-09-01 20:27:37 ----SHD---- C:\WINDOWS\Installer
    2008-09-01 20:27:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-09-01 20:27:36 ----D---- C:\Program Files\Fichiers communs\ODBC
    2008-09-01 20:27:34 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
    2008-09-01 20:27:33 ----RD---- C:\Program Files
    2008-09-01 20:27:33 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2008-09-01 20:27:33 ----D---- C:\Program Files\Fichiers communs
    2008-09-01 20:27:30 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
    2008-09-01 20:27:30 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
    2008-09-01 20:27:30 ----RA---- C:\WINDOWS\system32\kbdazel.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdycc.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbduzb.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdur.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdtat.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdru1.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdru.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdmon.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdbu.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdblr.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdaze.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdhept.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdhe.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
    2008-09-01 20:27:27 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
    2008-09-01 20:27:27 ----RA---- C:\WINDOWS\system32\kbdlv.dll
    2008-09-01 20:27:27 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
    2008-09-01 20:27:27 ----RA---- C:\WINDOWS\system32\kbdlt.dll
    2008-09-01 20:27:26 ----RA---- C:\WINDOWS\system32\kbdest.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdycl.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdsl.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdro.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdpl.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdhu.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdcz.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdcr.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
    2008-09-01 20:27:21 ----A---- C:\WINDOWS\system32\spxcoins.dll
    2008-09-01 20:27:21 ----A---- C:\WINDOWS\system32\irclass.dll
    2008-09-01 20:27:21 ----A---- C:\WINDOWS\system32\EqnClass.Dll
    2008-09-01 20:27:21 ----A---- C:\WINDOWS\system32\dgsetup.dll
    2008-09-01 20:27:21 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
    2008-09-01 20:27:19 ----N---- C:\WINDOWS\system32\CONFIG.TMP
    2008-09-01 20:27:19 ----A---- C:\WINDOWS\system32\batt.dll
    2008-09-01 20:27:17 ----A---- C:\WINDOWS\system32\storprop.dll
    2008-09-01 20:27:11 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
    2008-09-01 20:25:22 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-09-01 20:25:22 ----D---- C:\WINDOWS\system32\CatRoot
    2008-09-01 20:25:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-09-01 20:24:56 ----SHD---- C:\System Volume Information
    2008-09-01 20:24:56 ----D---- C:\Documents and Settings
    2008-09-01 20:14:36 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-09-01 20:14:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-09-01 20:14:36 ----RSD---- C:\WINDOWS\Fonts
    2008-09-01 20:14:36 ----RD---- C:\WINDOWS\Web
    2008-09-01 20:14:36 ----HD---- C:\WINDOWS\inf
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\WinSxS
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\WBEM
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\twain_32
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Temp
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\wins
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\wbem
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\usmt
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\spool
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\ShellExt
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\Setup
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\ras
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\oobe
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\npp
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\mui
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\inetsrv
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\IME
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\icsxml
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\ias
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\fr-fr
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\fr
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\export
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\drivers
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\dhcp
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\config
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\3com_dmi
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\3076
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\2052
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1054
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1042
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1041
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1037
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1036
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1033
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1031
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1028
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1025
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\security
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Resources
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\repair
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Provisioning
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\PeerNet
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\pchealth
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Offline Web Pages
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\NLDRV
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Network Diagnostic
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\mui
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\msapps
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\msagent
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Media
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\L2Schemas
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\java
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\ime
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Help
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\ehome
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Driver Cache
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Debug
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Cursors
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Connection Wizard
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Config
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\AppPatch
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\addins
    2008-09-01 20:14:36 ----D---- C:\WINDOWS
    2008-09-01 18:48:45 ----HD---- C:\Program Files\Uninstall Information
    2008-09-01 18:46:31 ----RSD---- C:\WINDOWS\assembly
    2008-09-01 18:46:19 ----D---- C:\WINDOWS\Microsoft.NET
    2008-09-01 18:46:02 ----D---- C:\WINDOWS\SoftwareDistribution
    2008-09-01 18:46:01 ----D---- C:\WINDOWS\Prefetch
    2008-09-01 18:46:00 ----SD---- C:\WINDOWS\system32\Microsoft
    2008-09-01 18:46:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-09-01 18:40:39 ----D---- C:\WINDOWS\system32\xircom
    2008-09-01 18:40:39 ----D---- C:\Program Files\xerox
    2008-09-01 18:40:39 ----D---- C:\Program Files\netmeeting
    2008-09-01 18:40:39 ----D---- C:\Program Files\microsoft frontpage
    2008-09-01 18:34:14 ----A---- C:\WINDOWS\system32\mapi32.dll
    2008-09-01 18:33:32 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
    2008-09-01 18:33:29 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
    2008-09-01 18:33:26 ----HD---- C:\Program Files\WindowsUpdate
    2008-09-01 18:33:23 ----D---- C:\Program Files\Services en ligne
    2008-09-01 18:33:10 ----A---- C:\WINDOWS\system32\desktop.ini
    2008-09-01 18:33:10 ----A---- C:\WINDOWS\system32\atrace.dll
    2008-09-01 18:33:07 ----A---- C:\WINDOWS\system32\acctres.dll
    2008-09-01 18:33:06 ----D---- C:\Program Files\Fichiers communs\Services
    2008-09-01 18:33:04 ----SD---- C:\WINDOWS\Tasks
    2008-09-01 18:33:04 ----D---- C:\Program Files\Fichiers communs\MSSoap
    2008-09-01 18:33:04 ----A---- C:\WINDOWS\system32\icfgnt5.dll
    2008-09-01 18:33:00 ----D---- C:\WINDOWS\srchasst
    2008-09-01 18:32:59 ----D---- C:\WINDOWS\system32\Macromed
    2008-09-01 18:32:58 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-09-01 18:32:58 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-09-01 18:32:58 ----A---- C:\WINDOWS\system32\wuauserv.dll
    2008-09-01 18:32:58 ----A---- C:\WINDOWS\system32\wuaueng1.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\wups.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\wuauclt1.exe
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\bitsprx4.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\bitsprx3.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\bitsprx2.dll
    2008-09-01 18:32:56 ----A---- C:\WINDOWS\system32\qmgr.dll
    2008-09-01 18:32:40 ----A---- C:\WINDOWS\system32\safrslv.dll
    2008-09-01 18:32:40 ----A---- C:\WINDOWS\system32\safrdm.dll
    2008-09-01 18:32:40 ----A---- C:\WINDOWS\system32\safrcdlg.dll
    2008-09-01 18:32:40 ----A---- C:\WINDOWS\system32\racpldlg.dll
    2008-09-01 18:32:36 ----D---- C:\WINDOWS\system32\Restore
    2008-09-01 18:32:36 ----A---- C:\WINDOWS\system32\srsvc.dll
    2008-09-01 18:32:36 ----A---- C:\WINDOWS\system32\srrstr.dll
    2008-09-01 18:32:36 ----A---- C:\WINDOWS\system32\srclient.dll
    2008-09-01 18:32:36 ----A---- C:\WINDOWS\system32\fltMc.exe
    2008-09-01 18:32:36 ----A---- C:\WINDOWS\system32\fltlib.dll
    2008-09-01 18:32:35 ----A---- C:\WINDOWS\system32\msoert2.dll
    2008-09-01 18:32:35 ----A---- C:\WINDOWS\system32\msoeacct.dll
    2008-09-01 18:32:34 ----A---- C:\WINDOWS\system32\inetres.dll
    2008-09-01 18:32:34 ----A---- C:\WINDOWS\system32\inetcomm.dll
    2008-09-01 18:32:33 ----D---- C:\Program Files\Outlook Express
    2008-09-01 18:32:33 ----A---- C:\WINDOWS\system32\schedsvc.dll
    2008-09-01 18:32:32 ----A---- C:\WINDOWS\system32\mstinit.exe
    2008-09-01 18:32:32 ----A---- C:\WINDOWS\system32\mstask.dll
    2008-09-01 18:32:32 ----A---- C:\WINDOWS\system32\isign32.dll
    2008-09-01 18:32:32 ----A---- C:\WINDOWS\system32\inetcfg.dll
    2008-09-01 18:32:32 ----A---- C:\WINDOWS\system32\icwphbk.dll
    2008-09-01 18:32:32 ----A---- C:\WINDOWS\system32\icwdial.dll
    2008-09-01 18:32:27 ----D---- C:\Program Files\Internet Explorer
    2008-09-01 18:32:27 ----D---- C:\Program Files\Fichiers communs\System
    2008-09-01 18:31:55 ----D---- C:\Program Files\ComPlus Applications
    2008-09-01 18:31:50 ----D---- C:\WINDOWS\Registration
    2008-09-01 18:31:37 ----D---- C:\Program Files\Windows Media Connect 2
    2008-09-01 18:31:36 ----D---- C:\Program Files\Windows Media Player
    2008-09-01 18:31:33 ----D---- C:\Program Files\MSN Gaming Zone
    2008-09-01 18:31:33 ----A---- C:\WINDOWS\system32\write.exe
    2008-09-01 18:31:30 ----A---- C:\WINDOWS\system32\winchat.exe
    2008-09-01 18:31:30 ----A---- C:\WINDOWS\system32\sndvol32.exe
    2008-09-01 18:31:30 ----A---- C:\WINDOWS\system32\hticons.dll
    2008-09-01 18:31:30 ----A---- C:\WINDOWS\system32\avwav.dll
    2008-09-01 18:31:30 ----A---- C:\WINDOWS\system32\avtapi.dll
    2008-09-01 18:31:30 ----A---- C:\WINDOWS\system32\avmeter.dll
    2008-09-01 18:31:28 ----A---- C:\WINDOWS\system32\sol.exe
    2008-09-01 18:31:28 ----A---- C:\WINDOWS\system32\getuname.dll
    2008-09-01 18:31:28 ----A---- C:\WINDOWS\system32\charmap.exe
    2008-09-01 18:31:28 ----A---- C:\WINDOWS\system32\calc.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\winmine.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\usrlogon.cmd
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\tsshutdn.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\tslabels.ini
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\tskill.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\tsdiscon.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\tscon.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\shadow.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\rwinsta.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\reset.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\regini.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\mshearts.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\freecell.exe
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\qwinsta.exe
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\qappsrv.exe
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\msg.exe
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\msdtcprf.ini
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\logoff.exe
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\cdmodem.dll
    2008-09-01 18:31:22 ----A---- C:\WINDOWS\system32\wmimgmt.msc
    2008-09-01 18:31:21 ----A---- C:\WINDOWS\system32\sndrec32.exe
    2008-09-01 18:31:21 ----A---- C:\WINDOWS\system32\mplay32.exe
    2008-09-01 18:31:21 ----A---- C:\WINDOWS\system32\hypertrm.dll
    2008-09-01 18:31:21 ----A---- C:\WINDOWS\system32\accwiz.exe
    2008-09-01 18:31:20 ----D---- C:\Program Files\Windows NT
    2008-09-01 18:31:20 ----A---- C:\WINDOWS\system32\spider.exe
    2008-09-01 18:31:20 ----A---- C:\WINDOWS\system32\mspaint.exe
    2008-09-01 18:31:20 ----A---- C:\WINDOWS\system32\clipbrd.exe
    2008-09-01 18:31:19 ----A---- C:\WINDOWS\system32\tsgqec.dll
    2008-09-01 18:31:19 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
    2008-09-01 18:31:19 ----A---- C:\WINDOWS\system32\rhttpaa.dll
    2008-09-01 18:31:19 ----A---- C:\WINDOWS\system32\aaclient.dll
    2008-09-01 18:31:18 ----A---- C:\WINDOWS\system32\sessmgr.exe
    2008-09-01 18:31:18 ----A---- C:\WINDOWS\system32\remotepg.dll
    2008-09-01 18:31:18 ----A---- C:\WINDOWS\system32\rdshost.exe
    2008-09-01 18:31:18 ----A---- C:\WINDOWS\system32\rdsaddin.exe
    2008-09-01 18:31:18 ----A---- C:\WINDOWS\system32\mstscax.dll
    2008-09-01 18:31:18 ----A---- C:\WINDOWS\system32\mstsc.exe
    2008-09-01 18:31:17 ----D---- C:\WINDOWS\system32\MsDtc
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\termsrv.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\rdpwsx.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\rdpsnd.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\rdpclip.exe
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\rdchost.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\qprocess.exe
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\mtxoci.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\icaapi.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\cfgbkend.dll
    2008-09-01 18:31:16 ----A---- C:\WINDOWS\system32\xolehlp.dll
    2008-09-01 18:31:16 ----A---- C:\WINDOWS\system32\msdtctm.dll
    2008-09-01 18:31:16 ----A---- C:\WINDOWS\system32\msdtcprx.dll
    2008-09-01 18:31:16 ----A---- C:\WINDOWS\system32\msdtclog.dll
    2008-09-01 18:31:16 ----A---- C:\WINDOWS\system32\msdtc.exe
    2008-09-01 18:31:15 ----D---- C:\WINDOWS\system32\Com
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\stclient.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\mtxlegih.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\mtxex.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\mtxdm.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\comrepl.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\comaddin.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\colbact.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\clbcatex.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\catsrvps.dll
    2008-09-01 18:31:14 ----A---- C:\WINDOWS\system32\comuid.dll
    2008-09-01 18:31:14 ----A---- C:\WINDOWS\system32\comsvcs.dll
    2008-09-01 18:31:14 ----A---- C:\WINDOWS\system32\comsnap.dll
    2008-09-01 18:31:14 ----A---- C:\WINDOWS\system32\catsrvut.dll
    2008-09-01 18:31:14 ----A---- C:\WINDOWS\system32\catsrv.dll
    2008-09-01 18:31:13 ----A---- C:\WINDOWS\system32\clbcatq.dll
    2008-09-01 18:31:08 ----A---- C:\WINDOWS\system32\servdeps.dll
    2008-09-01 18:31:08 ----A---- C:\WINDOWS\system32\mmfutil.dll
    2008-09-01 18:31:08 ----A---- C:\WINDOWS\system32\licwmi.dll
    2008-09-01 18:31:08 ----A---- C:\WINDOWS\system32\cmprops.dll
    2008-04-30 10:00:00 ----RA---- C:\WINDOWS\system32\ctl3dv2.dll
    2008-04-30 10:00:00 ----R---- C:\WINDOWS\system32\rsop.msc
    2008-04-30 10:00:00 ----R---- C:\WINDOWS\system32\perfmon.msc
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\zipfldr.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xpsp3res.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xpsp2res.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xpsp1res.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xpob2res.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xmlprovi.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xmlprov.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xmllite.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xenroll.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xcopy.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xactsrv.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wzcdlg.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wupdmgr.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wudfx.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wudfsvc.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wudfplatform.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wudfhost.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wudfcoinstaller.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wtsapi32.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wstdecod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wsock32.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wsnmp32.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshtcpip.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\WshRm.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshnetbs.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshisn.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wship6.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshfr.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshext.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshcon.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshbth.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshatm.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wsecedit.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wscsvc.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wscript.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wscntfy.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\ws2help.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\ws2_32.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpnpinst.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\WPDSp.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdshserviceobj.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdshextres.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdshextautoplay.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdshext.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdmtpus.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdmtp.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdconns.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpd_ci.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpabaln.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wowexec.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wowdeb.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wow32.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvxencd.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvsencd.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvsdecd.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvencod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvdmod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvdecod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\WMVCore.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvadve.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvadvd.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmstream.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmspdmoe.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmspdmod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmsdmod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpui.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpsrcwp.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpshell.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpps.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpmde.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmploc.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmphoto.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\WMPEncEn.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpeffects.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpdxm.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpcore.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpcd.dll
    2008-04-30 10:00:00 ----A---
    Contenus similaires
    27 Février 2009 21:47:44

    info.txt logfile of random's system information tool 1.05 2002-02-27 21:40:26

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.42-->MsiExec.exe /I{23170F69-40C1-2701-0442-000001000000}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x40c UNINST
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    CX4300_5500_DX4400 Manuel-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\FRA\USE_G\DOCUNINS.EXE
    EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
    EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x40c UNINST
    EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
    EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
    FlashGet 1.9.4.1063-->C:\Program Files\FlashGet\uninst.exe
    Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
    HijackThis 2.0.2-->"C:\Downloads\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
    Look 110-->C:\Program Files\InstallShield Installation Information\{6E8979F9-6946-4EE5-8849-586DF7DF8A7A}\Setup.exe -runfromtemp -l0x040c -removeonly
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_3812.exe" _?=C:\Program Files\PDFCreator Toolbar
    PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
    Peer2Peer-FR Toolbar-->C:\PROGRA~1\PEER2P~1\UNWISE.EXE C:\PROGRA~1\PEER2P~1\INSTALL.LOG
    REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe -runfromtemp -l0x040c -removeonly
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    TWL541P-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FD6904D-AF75-407B-BE42-39970517EA9D}\setup.exe" -l0x9 -removeonly
    Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
    WinAVI Video Converter 8.0-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

    ======Security center information======

    AV: avast! antivirus 4.8.1201 [VPS 080516-1] (outdated)

    System event log

    Computer Name: USER-6386143AA7
    Event Code: 18
    Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. L'installation de ces mises à jour est actuellement planifiée pour le ?2009-?01-?24 à 20:00 :
    - Mise à jour de sécurité cumulative pour Internet Explorer 7 pour Windows XP (KB958215)

    Record Number: 5493
    Source Name: Windows Update Agent
    Time Written: 20090124085339.000000+060
    Event Type: Informations
    User:

    Computer Name: USER-6386143AA7
    Event Code: 4201
    Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{9943B39D-C04B-4D11-B629-F927805EA16F} était connectée au réseau,
    et a lancé une opération normale sur la carte réseau.

    Record Number: 5492
    Source Name: Tcpip
    Time Written: 20090124085241.000000+060
    Event Type: Informations
    User:

    Computer Name: USER-6386143AA7
    Event Code: 3100
    Message: Le pilote de l'édition Développeur IPv6 Microsoft a été démarré.

    Record Number: 5491
    Source Name: Tcpip6
    Time Written: 20090124085236.000000+060
    Event Type: Informations
    User:

    Computer Name: USER-6386143AA7
    Event Code: 26
    Message: Application popup : Windows - Pas de disque : Exception Processing Message c0000013 Parameters 75afbf7c 4 75afbf7c 75afbf7c

    Record Number: 5490
    Source Name: Application Popup
    Time Written: 20090124085232.000000+060
    Event Type: Informations
    User:

    Computer Name: USER-6386143AA7
    Event Code: 26
    Message: Application popup : Windows - Pas de disque : Exception Processing Message c0000013 Parameters 75afbf7c 4 75afbf7c 75afbf7c

    Record Number: 5489
    Source Name: Application Popup
    Time Written: 20090124085231.000000+060
    Event Type: Informations
    User:

    Application event log

    Computer Name: USER-6386143AA7
    Event Code: 102
    Message: wuaueng.dll (2216) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0).

    Record Number: 1503
    Source Name: ESENT
    Time Written: 20081201021820.000000+060
    Event Type: Informations
    User:

    Computer Name: USER-6386143AA7
    Event Code: 100
    Message: wuauclt (2216) Le moteur de base de données 5.01.2600.5512 est démarré.

    Record Number: 1502
    Source Name: ESENT
    Time Written: 20081201021820.000000+060
    Event Type: Informations
    User:

    Computer Name: USER-6386143AA7
    Event Code: 101
    Message: wuauclt (2176) Le moteur de base de données est arrêté.

    Record Number: 1501
    Source Name: ESENT
    Time Written: 20081201021820.000000+060
    Event Type: Informations
    User:

    Computer Name: USER-6386143AA7
    Event Code: 454
    Message: wuauclt (2176) La récupération/restauration de la base de données a échoué en raison d'une erreur inattendue -1216.

    Record Number: 1500
    Source Name: ESENT
    Time Written: 20081201021820.000000+060
    Event Type: erreur
    User:

    Computer Name: USER-6386143AA7
    Event Code: 494
    Message: wuauclt (2176) La récupération de la base de données a échoué en raison de l'erreur -1216 car elle a rencontré des références à une base de données, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', qui n'est plus présente. La base de données ne présentait pas un état cohérent avant d'être supprimée (ou déplacée et renommée). Le moteur de base de données ne permettra pas d'effectuer la récupération pour cette instance tant que la base de données manquante ne sera pas réinstallée. Si la base de données n'est plus disponible ni nécessaire, contactez le Support technique pour obtenir des instructions concernant les étapes à suivre pour permettre la récupération sans cette base de données.

    Record Number: 1499
    Source Name: ESENT
    Time Written: 20081201021820.000000+060
    Event Type: erreur
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION"=0f0d
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------
    27 Février 2009 21:57:07

    voila les textes que vous m'avez demandé!!!
    a c 267 8 Sécurité
    27 Février 2009 22:03:51

    Effectivement, il y a des infections.

    Message édité par Destrio5.
    27 Février 2009 22:28:20



    -------------- UsbFix V2.414.3 ---------------

    * User : nacera - USER-6386143AA7
    * Outils mis a jours le 18/01/2009 par Chiquitine29 et Chimay8
    * Recherche effectuée à 22:13:28 le 2002-02-27
    * Windows Xp - Internet Explorer 7.0.5730.13


    --------------- [ Processus actifs ] ----------------


    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe

    D: - Lecteur fixe

    E: - Lecteur de CD-ROM

    F: - Lecteur amovible


    +- Contenu de l'autorun : E:\autorun.inf

    [autorun]
    open=setup.exe
    icon=setup.exe,0

    +- Contenu de l'autorun : F:\autorun.inf

    [AutoRun]
    ;LeoylWoCabL Kayw
    OPeN= fiiyc.exe
    ;TxekCkgeCjqqcDYnwkmWHAkNcrsIIerikDUi
    ShELL\exPloRe\COMmAnd= fiiyc.exe
    ;
    shELl\Open\cOmMand = fiiyc.exe
    ;LWExO AjpKux revr
    sHELL\opEn\DefauLt=1

    ;kAAw vEGOjdXXjh eHqvjG oOdpQ KUmshELkLlSnJriqQFLiCmqu
    shELl\AuTOPlAY\coMmanD= fiiyc.exe


    --------------- [ Lecteur C ] ----------------

    C: - Lecteur fixe


    +- Listing des fichiers présents :

    [2002-02-26 20:43][--a------] C:\AUTOEXEC.BAT
    [2002-02-26 20:43][-r-hs----] C:\2u.com
    [2002-02-26 20:43][-r-hs----] C:\NTDETECT.COM
    [2002-02-26 20:43][---hs----] C:\boot.ini
    [2002-02-27 22:13][--a------] C:\UsbFix.txt
    [2002-02-26 20:43][--a------] C:\CONFIG.SYS
    [2002-02-26 20:43][--a------] C:\IO.SYS
    [2002-02-26 20:43][--a------] C:\MSDOS.SYS
    [2002-02-26 20:43][--a------] C:\pagefile.sys

    --------------- [ Lecteur D ] ----------------

    D: - Lecteur fixe


    +- Listing des fichiers présents :

    [2008-12-08 13:52][-r-hs----] D:\2u.com
    [2008-12-08 13:52][-r-hs----] D:\6fnlpetp.exe

    --------------- [ Lecteur E ] ----------------

    E: - Lecteur de CD-ROM


    +- Listing des fichiers présents :

    [1998-10-02 07:12][-r-------] E:\Setup.exe
    [2000-02-18 04:24][-r-------] E:\autorun.inf

    --------------- [ Lecteur F ] ----------------

    F: - Lecteur amovible


    +- Listing des fichiers présents :

    [2009-02-24 16:04][-r-hs----] F:\.vbs
    [2002-02-22 21:01][-r-hs----] F:\vrhrx.pif
    [2002-02-22 21:01][-r-hs----] F:\oyxi.pif
    [2008-03-10 11:39][--a------] F:\pdfcreator_pdfcreator_0.9.5_francais_11085.exe
    [2008-03-10 11:39][--a------] F:\PDFCreator-0_9_3_GPLGhostscript.exe
    [2008-03-10 11:39][--a------] F:\fiiyc.exe
    [2002-02-27 22:06][-r-hs----] F:\autorun.inf

    --------------- [ Registre / Startup ] ----------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
    swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    EPSON Stylus DX4400 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
    Persistence=C:\WINDOWS\system32\igfxpers.exe
    IgfxTray=C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
    Flashget=C:\Program Files\FlashGet\FlashGet.exe /min
    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    Monitor=C:\WINDOWS\PixArt\PAC207\Monitor.exe
    UnlockerAssistant="C:\Program Files\Unlocker\UnlockerAssistant.exe"
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    Installed=1
    NoChange=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a010b0c-ec6e-11dd-8763-00111134106e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a010b0c-ec6e-11dd-8763-00111134106e}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4422a286-0103-11de-879e-00111134106e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4422a287-0103-11de-879e-00111134106e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4422a287-0103-11de-879e-00111134106e}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75bbe5fa-d9d0-11dd-873d-00111134106e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75bbe5fa-d9d0-11dd-873d-00111134106e}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75bbe5fa-d9d0-11dd-873d-00111134106e}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c500051c-d1a4-11dd-8721-00111134106e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c500051c-d1a4-11dd-8721-00111134106e}\Shell\open\Command

    --------------- [ Nettoyage des disques ] ----------------

    Supprimé ! - C:\DOCUME~1\nacera\LOCALS~1\Temp\RarSFX0\basic\avipbb.sys
    Supprimé ! - C:\DOCUME~1\nacera\LOCALS~1\Temp\RarSFX0\basic\unacev2.dll
    Supprimé ! - C:\DOCUME~1\nacera\LOCALS~1\Temp\RarSFX1\basic\avipbb.sys
    Supprimé ! - C:\DOCUME~1\nacera\LOCALS~1\Temp\RarSFX1\basic\unacev2.dll
    Supprimé ! - C:\DOCUME~1\nacera\LOCALS~1\Temp\RarSFX2\basic\avipbb.sys
    Supprimé ! - C:\DOCUME~1\nacera\LOCALS~1\Temp\RarSFX2\basic\unacev2.dll
    Supprimé ! - C:\DOCUME~1\nacera\LOCALS~1\Temp\RarSFX3\basic\avipbb.sys
    Supprimé ! - C:\DOCUME~1\nacera\LOCALS~1\Temp\RarSFX3\basic\unacev2.dll
    F:\autorun.inf ~> fichier appelé : "F:\ fiiyc.exe" ( absent ! )
    Supprimé ! - [2002-02-26 20:43][-r-hs----] C:\2u.com
    Supprimé ! - [2008-12-08 13:52][-r-hs----] D:\2u.com
    Supprimé ! - [2008-12-08 13:52][-r-hs----] D:\6fnlpetp.exe
    Echec de la supression !! - [1998-10-02 07:12] E:\Setup.exe
    Echec de la supression !! - [2000-02-18 04:24] E:\autorun.inf
    Echec de la supression !! - [2000-02-18 04:24] E:\autorun.inf
    Supprimé ! - [2002-02-27 22:06][-r-hs----] F:\autorun.inf

    --------------- [ Resumé ] ----------------

    -> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

    [2002-02-26 20:43][--a------] C:\AUTOEXEC.BAT
    [2002-02-26 20:43][-rahs----] C:\NTDETECT.COM
    [2002-02-26 20:43][---hs----] C:\boot.ini
    [1998-10-02 07:12][-r-------] E:\Setup.exe
    [2000-02-18 04:24][-r-------] E:\autorun.inf
    [2009-02-24 16:04][-r-hs----] F:\.vbs
    [2002-02-22 21:01][-r-hs----] F:\vrhrx.pif
    [2002-02-22 21:01][-r-hs----] F:\oyxi.pif
    [2008-03-10 11:39][--a------] F:\pdfcreator_pdfcreator_0.9.5_francais_11085.exe
    [2008-03-10 11:39][--a------] F:\PDFCreator-0_9_3_GPLGhostscript.exe
    [2008-03-10 11:39][--a------] F:\fiiyc.exe

    --------------- [ Vaccination ] ----------------

    C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

    --------------- ! Fin du rapport ! ----------------

    27 Février 2009 22:35:32

    et en plus a chaque fois que je place ma clef USB, ya un messag génant "windows pas de disque, exception processing message c 0000013 parameters 75afbf7c 4 75afbf7c 75afbf7c
    ps: je te remercie pour ton aide
    a c 267 8 Sécurité
    27 Février 2009 22:39:20

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    F:\.vbs
    F:\vrhrx.pif
    F:\oyxi.pif
    F:\fiiyc.exe

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    27 Février 2009 22:52:09

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    F:\.vbs moved successfully.
    F:\vrhrx.pif moved successfully.
    F:\oyxi.pif moved successfully.
    F:\fiiyc.exe moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\nacera\LOCALS~1\Temp\hvdap.exe scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4b8.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_79c.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02272002_224322

    Files moved on Reboot...
    C:\DOCUME~1\nacera\LOCALS~1\Temp\hvdap.exe moved successfully.
    C:\WINDOWS\temp\Perflib_Perfdata_4b8.dat moved successfully.
    File C:\WINDOWS\temp\Perflib_Perfdata_79c.dat not found!
    a c 267 8 Sécurité
    27 Février 2009 23:00:24

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    27 Février 2009 23:29:30

    j'attend la citation, mais bloque des qu'il arrive au 3912ème element analysé, j'ai refais l'opération deux fois mais il s'arrete toujours a cet element et des que je veux fermer il me dit que le programme ne repond pas etc... :( 
    a c 267 8 Sécurité
    27 Février 2009 23:31:55

    Essaie en mode sans échec.

    Pour redémarrer en mode sans échec :
  • Redémarre ton PC.
  • Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
  • Dans le menu d'options avancées, choisis Mode sans échec.
  • Choisis ta session.
    27 Février 2009 23:53:11

    tres bien voila le dernier rapport:
    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1811
    Windows 5.1.2600 Service Pack 3

    2002-02-27 23:44:26
    mbam-log-2002-02-27 (23-44-26).txt

    Type de recherche: Examen rapide
    Eléments examinés: 93155
    Temps écoulé: 3 minute(s), 47 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 4
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 20

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\LocalService32 (Worm.P2P) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\regedits.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\4A.tmp (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\57.tmp (Worm.P2P) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\39.music.mp3 (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\39.music.mp3.kwd (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\41.crack.zip (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\41.crack.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\42.keymaker.zip (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\42.keymaker.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\43.setup.zip (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\43.setup.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\44.unpack.zip (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\44.unpack.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\45.keygen.zip (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\45.keygen.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\46.serial.zip (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\46.serial.zip.kwd (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\47.music.snd (Worm.P2P) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\LocalService32\47.music.snd.kwd (Worm.P2P) -> Quarantined and deleted successfully.
    27 Février 2009 23:55:10

    voila aller encore ca commence a m'amuser ;) 
    a c 267 8 Sécurité
    27 Février 2009 23:56:02

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Refais un scan RSIT et poste le rapport log.
    28 Février 2009 00:02:56

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by nacera at 2002-02-27 23:57:52
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 59 GB (75%) free of 79 GB
    Total RAM: 1015 MB (34% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:57, on 2002-02-27
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\WScript.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\FlashGet\FlashGet.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\MAXIPOWER\TWL541P\Mrv8000x.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\nacera\LOCALS~1\Temp\dmwqwo.exe
    C:\Downloads\RSIT.exe
    C:\Downloads\nacera.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
    O4 - HKLM\..\Policies\Explorer\Run: [USER-6386143AA7] .vbe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Global Startup: TWL541P.lnk = C:\Program Files\MAXIPOWER\TWL541P\Mrv8000x.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D02EC146-87C0-4F4B-A661-29BB4B4830F1}: NameServer = 192.168.1.1,202.96.128.68
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: 88f5ece4530 - C:\WINDOWS\System32\iasnap32.dll (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 8095 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
    FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-21 657904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
    Peer2Peer-FR Toolbar - C:\Program Files\Peer2Peer-FR\tbPee1.dll [2002-02-26 1883672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
    PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-02-13 806912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-16 522224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-14 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
    FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - Peer2Peer-FR Toolbar - C:\Program Files\Peer2Peer-FR\tbPee1.dll [2002-02-26 1883672]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
    {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-02-13 806912]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
    "Persistence"=C:\WINDOWS\system32\igfxpers.exe []
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 211736]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 232216]
    "Flashget"=C:\Program Files\FlashGet\FlashGet.exe [2007-09-11 2076720]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 2770800]
    "Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 389120]
    "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "USER-6386143AA7"=C:\WINDOWS\system32\.vbe [2009-02-22 10000]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-30 15360]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-21 39408]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5806104]
    "EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 250368]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5806104]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    C:\WINDOWS\RTHDCPL.EXE [2002-02-26 16384000]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    C:\Program Files\Skype\Phone\Skype.exe [2008-09-29 24520488]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    TWL541P.lnk - C:\Program Files\MAXIPOWER\TWL541P\Mrv8000x.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\88f5ece4530]
    C:\WINDOWS\System32\iasnap32.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-04-30 133632]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableRegistryTools"=1
    "DisableTaskMgr"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableLUA"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "ForceClassicControlPanel"=1
    "NoSMConfigurePrograms"=1
    "NoSMMyPictures"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:ipsec"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "J:\flashget194en.exe"="J:\flashget194en.exe:*:Enabled:ipsec"
    "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:ipsec"
    "C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
    "C:\WINDOWS\ALCMTR.EXE"="C:\WINDOWS\ALCMTR.EXE:*:Enabled:ipsec"
    "C:\WINDOWS\system32\kamsoft.exe"="C:\WINDOWS\system32\kamsoft.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winrimy.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winrimy.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winsnewqg.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winsnewqg.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\sfglne.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\sfglne.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winwbpxg.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winwbpxg.exe:*:Enabled:ipsec"
    "C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\jofhx.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\jofhx.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\kxym.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\kxym.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winiaomm.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winiaomm.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winlislt.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winlislt.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winbndaaj.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winbndaaj.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\sqhav.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\sqhav.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winvdbi.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winvdbi.exe:*:Enabled:ipsec"
    "C:\Program Files\Spyware Doctor\pctsTray.exe"="C:\Program Files\Spyware Doctor\pctsTray.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\windprq.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\windprq.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winpvgjis.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winpvgjis.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\pfroa.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\pfroa.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\vvfoyn.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\vvfoyn.exe:*:Enabled:ipsec"
    "C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec"
    "C:\WINDOWS\system32\igfxtray.exe"="C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winvjnavx.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winvjnavx.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\wqtt.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\wqtt.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\gljga.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\gljga.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\ujemg.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\ujemg.exe:*:Enabled:ipsec"
    "C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\regedits.exe"="C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\regedits.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\tttll.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\tttll.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\mmnpty.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\mmnpty.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winuxrsx.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winuxrsx.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winexbhv.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winexbhv.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winjukfsv.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winjukfsv.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winudtnoe.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winudtnoe.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winoorfok.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winoorfok.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\brki.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\brki.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winftlc.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winftlc.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\wingqdx.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\wingqdx.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winoskqfu.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winoskqfu.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winedynw.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winedynw.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winftys.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winftys.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winutjlhf.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winutjlhf.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winibeaul.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winibeaul.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winslul.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winslul.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\myrj.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\myrj.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winqdcu.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winqdcu.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winveklh.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winveklh.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winujrtb.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winujrtb.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\qudo.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\qudo.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winjmsd.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winjmsd.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winsklp.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winsklp.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winrqhfv.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winrqhfv.exe:*:Enabled:ipsec"
    "C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winntrvp.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winntrvp.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\nlifou.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\nlifou.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winljqxqy.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winljqxqy.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\kevjdm.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\kevjdm.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winxpci.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winxpci.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winljypeb.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winljypeb.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\viojem.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\viojem.exe:*:Enabled:ipsec"
    "C:\WINDOWS\system32\igfxpers.exe"="C:\WINDOWS\system32\igfxpers.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winogynp.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winogynp.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\pfoc.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\pfoc.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winyenf.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winyenf.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\flscfw.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\flscfw.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winpigh.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winpigh.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\saliha\LOCALS~1\Temp\winoaeykb.exe"="C:\DOCUME~1\saliha\LOCALS~1\Temp\winoaeykb.exe:*:Enabled:ipsec"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\irtoyq.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\irtoyq.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winfexdrw.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winfexdrw.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\sffgl.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\sffgl.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\gedqw.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\gedqw.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\ldimum.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\ldimum.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\lnpk.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\lnpk.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\wingyxm.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\wingyxm.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\saliha\LOCALS~1\Temp\winxwwimb.exe"="C:\DOCUME~1\saliha\LOCALS~1\Temp\winxwwimb.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\saliha\LOCALS~1\Temp\winpybsh.exe"="C:\DOCUME~1\saliha\LOCALS~1\Temp\winpybsh.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\saliha\LOCALS~1\Temp\vivsws.exe"="C:\DOCUME~1\saliha\LOCALS~1\Temp\vivsws.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\saliha\LOCALS~1\Temp\winubwwrl.exe"="C:\DOCUME~1\saliha\LOCALS~1\Temp\winubwwrl.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winslsu.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winslsu.exe:*:Enabled:ipsec"
    "C:\Program Files\MAXIPOWER\TWL541P\Mrv8000x.exe"="C:\Program Files\MAXIPOWER\TWL541P\Mrv8000x.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\dhpaw.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\dhpaw.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\uprqg.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\uprqg.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winsmih.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winsmih.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winwwmt.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winwwmt.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winvkly.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winvkly.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winbxtli.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winbxtli.exe:*:Enabled:ipsec"
    "C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\saoh.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\saoh.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\winurhjk.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\winurhjk.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\aixr.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\aixr.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\wingpek.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\wingpek.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\wintfma.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\wintfma.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\vstdug.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\vstdug.exe:*:Enabled:ipsec"
    "C:\DOCUME~1\nacera\LOCALS~1\Temp\tpvdck.exe"="C:\DOCUME~1\nacera\LOCALS~1\Temp\tpvdck.exe:*:Enabled:ipsec"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======File associations======

    .ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
    .txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

    ======List of files/folders created in the last 1 months======

    2009-02-22 18:07:31 ----D---- C:\Documents and Settings\nacera\Application Data\U3
    2009-02-13 12:04:42 ----D---- C:\Program Files\PDFCreator Toolbar
    2009-02-13 12:04:27 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
    2009-02-13 12:04:26 ----A---- C:\WINDOWS\system32\VB6FR.DLL
    2009-02-13 12:04:26 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
    2009-02-13 12:04:26 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
    2009-02-13 12:04:26 ----A---- C:\WINDOWS\system32\MSCC2FR.DLL
    2009-02-13 12:04:25 ----D---- C:\Program Files\PDFCreator
    2009-02-11 13:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
    2009-02-07 20:17:44 ----D---- C:\Documents and Settings\All Users\Application Data\UDL
    2009-02-07 20:15:37 ----A---- C:\WINDOWS\system32\PICSDK2.dll
    2009-02-07 20:15:37 ----A---- C:\WINDOWS\system32\PICSDK.ini
    2009-02-07 20:15:37 ----A---- C:\WINDOWS\system32\PICSDK.dll
    2009-02-07 20:15:37 ----A---- C:\WINDOWS\system32\PICEntry.dll
    2009-02-07 20:15:37 ----A---- C:\WINDOWS\system32\EpPicPrt.dll
    2009-02-07 20:15:37 ----A---- C:\WINDOWS\system32\EPPicMgr.dll
    2009-02-07 20:15:35 ----D---- C:\Documents and Settings\nacera\Application Data\InstallShield
    2009-02-07 20:14:57 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON
    2009-02-07 20:14:54 ----A---- C:\WINDOWS\system32\E_FLBCAE.DLL
    2009-02-07 20:14:54 ----A---- C:\WINDOWS\system32\E_FD4BCAE.DLL
    2009-02-07 20:14:54 ----A---- C:\WINDOWS\system32\E_DCINST.DLL
    2009-02-07 20:12:17 ----D---- C:\Program Files\epson
    2009-02-07 20:12:17 ----A---- C:\WINDOWS\system32\eswiaml.dll
    2009-02-07 20:12:17 ----A---- C:\WINDOWS\system32\eswia7e.dll
    2009-02-07 20:12:17 ----A---- C:\WINDOWS\system32\esint7e.dll
    2009-02-05 21:08:52 ----D---- C:\Program Files\MSECache
    2009-01-14 08:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-13 20:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2009-01-11 11:27:08 ----D---- C:\Documents and Settings\nacera\Application Data\LimeWire
    2009-01-11 11:26:48 ----D---- C:\Program Files\LimeWire
    2008-12-27 22:41:57 ----D---- C:\My Documents
    2008-12-26 12:13:05 ----D---- C:\my dvd
    2008-12-26 00:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-12-26 00:38:48 ----D---- C:\Documents and Settings\nacera\Application Data\CyberLink
    2008-12-26 00:36:27 ----A---- C:\WINDOWS\system32\msxml3a.dll
    2008-12-23 22:26:19 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
    2008-12-22 19:43:39 ----D---- C:\WINDOWS\ERDNT
    2008-12-22 19:43:39 ----D---- C:\Qoobox
    2008-12-22 19:43:39 ----A---- C:\WINDOWS\system32\CF31543.exe
    2008-12-21 22:34:15 ----D---- C:\Program Files\7-Zip
    2008-12-21 19:27:28 ----D---- C:\WINDOWS\pss
    2008-12-21 19:11:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-21 12:43:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-12-21 11:57:29 ----D---- C:\Downloads
    2008-12-21 11:51:32 ----D---- C:\Program Files\FlashGet
    2008-12-19 16:31:46 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2008-12-18 10:56:42 ----D---- C:\Program Files\Peer2Peer-FR
    2008-12-18 10:56:42 ----D---- C:\Program Files\Conduit
    2008-12-17 21:26:57 ----D---- C:\Documents and Settings\nacera\Application Data\Google
    2008-12-17 21:26:15 ----D---- C:\Documents and Settings\nacera\Application Data\skypePM
    2008-12-17 21:25:22 ----D---- C:\Documents and Settings\nacera\Application Data\Skype
    2008-12-17 21:25:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2008-12-17 21:25:12 ----D---- C:\Program Files\Google
    2008-12-17 21:25:09 ----D---- C:\Program Files\Skype
    2008-12-17 21:25:08 ----D---- C:\Program Files\Fichiers communs\Skype
    2008-12-17 21:25:03 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2008-12-17 20:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
    2008-12-14 09:38:12 ----D---- C:\WINDOWS\Sun
    2008-12-14 09:37:59 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-14 09:37:59 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-14 09:37:59 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-14 09:37:59 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-14 09:37:46 ----D---- C:\Program Files\Java
    2008-12-14 09:23:19 ----D---- C:\Documents and Settings\nacera\Application Data\Sun
    2008-12-12 20:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-12 20:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-12 20:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2008-12-12 20:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-12 20:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-12 11:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-12-12 11:26:23 ----D---- C:\Program Files\Fichiers communs\Adobe
    2008-12-12 11:26:23 ----D---- C:\Program Files\Adobe
    2008-12-12 08:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-12-12 08:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-12-12 08:50:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-12-12 08:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-12-12 08:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2008-12-12 08:50:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-12-12 08:49:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-12-11 17:08:59 ----A---- C:\WINDOWS\system32\muweb.dll
    2008-12-11 17:08:59 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
    2008-12-11 17:08:59 ----A---- C:\WINDOWS\system32\mucltui.dll
    2008-12-10 21:06:45 ----D---- C:\Program Files\uTorrent
    2008-12-10 21:06:43 ----D---- C:\Documents and Settings\nacera\Application Data\uTorrent
    2008-12-10 20:55:14 ----D---- C:\WINDOWS\system32\DirectX
    2008-12-10 20:55:14 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
    2008-12-10 20:54:52 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-12-10 19:48:49 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-12-10 19:48:47 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-10 19:48:43 ----D---- C:\Program Files\Windows Live
    2008-12-10 19:48:42 ----D---- C:\WINDOWS\ie7updates
    2008-12-10 19:48:38 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-12-10 19:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-12-10 19:48:31 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2008-12-10 19:12:09 ----D---- C:\Documents and Settings\nacera\Application Data\Macromedia
    2008-12-10 19:10:26 ----D---- C:\Documents and Settings\nacera\Application Data\Adobe
    2008-12-08 21:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-12-08 17:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-12-08 17:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2008-12-08 17:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-12-08 17:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
    2008-12-08 17:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-12-08 17:09:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-12-08 17:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-12-08 17:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2008-12-08 17:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-12-08 16:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-12-08 16:56:03 ----D---- C:\WINDOWS\system32\PreInstall
    2008-12-08 16:36:39 ----N---- C:\WINDOWS\system32\spmsg.dll
    2008-12-08 16:36:38 ----A---- C:\WINDOWS\system32\spupdsvc.exe
    2008-12-08 16:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
    2008-12-08 16:36:37 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-08 16:29:33 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-12-08 16:29:33 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-12-08 16:29:32 ----D---- C:\WINDOWS\system32\SoftwareDistribution
    2008-12-08 16:29:32 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-12-08 16:29:32 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-12-04 21:01:42 ----D---- C:\Program Files\MAXIPOWER
    2008-12-04 11:49:58 ----D---- C:\Documents and Settings\nacera\Application Data\Identities
    2008-12-04 11:49:50 ----SD---- C:\Documents and Settings\nacera\Application Data\Microsoft
    2008-12-04 11:49:50 ----ASH---- C:\Documents and Settings\nacera\Application Data\desktop.ini
    2008-09-05 23:30:46 ----N---- C:\WINDOWS\system32\WgaLogon.dll
    2008-09-05 23:30:06 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
    2008-09-05 23:30:04 ----N---- C:\WINDOWS\system32\WgaTray.exe
    2008-09-03 17:53:02 ----RA---- C:\WINDOWS\system32\kbdgeo.dll
    2008-09-03 17:53:02 ----RA---- C:\WINDOWS\system32\kbdarmw.dll
    2008-09-03 17:53:02 ----RA---- C:\WINDOWS\system32\kbdarme.dll
    2008-09-03 17:53:02 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdintel.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdintam.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdinpun.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdinmar.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdinkan.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdinhin.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdinguj.dll
    2008-09-03 17:53:01 ----RA---- C:\WINDOWS\system32\kbdindev.dll
    2008-09-03 17:53:01 ----A---- C:\WINDOWS\system32\c_iscii.dll
    2008-09-03 17:53:00 ----RA---- C:\WINDOWS\system32\kbdvntc.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbdurdu.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbdsyr2.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbdsyr1.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbdfa.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbddiv2.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbddiv1.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbda3.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbda2.dll
    2008-09-03 17:52:58 ----RA---- C:\WINDOWS\system32\kbda1.dll
    2008-09-03 17:52:58 ----A---- C:\WINDOWS\system32\kbdusa.dll
    2008-09-03 17:52:55 ----RA---- C:\WINDOWS\system32\kbdheb.dll
    2008-09-03 17:52:50 ----RA---- C:\WINDOWS\system32\kbdth3.dll
    2008-09-03 17:52:50 ----RA---- C:\WINDOWS\system32\kbdth2.dll
    2008-09-03 17:52:49 ----RA---- C:\WINDOWS\system32\kbdth1.dll
    2008-09-03 17:52:49 ----RA---- C:\WINDOWS\system32\kbdth0.dll
    2008-09-03 17:52:45 ----A---- C:\WINDOWS\system32\ftlx041e.dll
    2008-09-03 17:48:14 ----RSHD---- C:\RECYCLER
    2008-09-03 10:48:53 ----RA---- C:\WINDOWS\system32\igfxres.dll
    2008-09-03 10:46:36 ----RA---- C:\WINDOWS\system32\igmedkrn.dll
    2008-09-03 10:46:36 ----RA---- C:\WINDOWS\system32\ig4icd32.dll
    2008-09-03 10:46:36 ----RA---- C:\WINDOWS\system32\ig4dev32.dll
    2008-09-01 21:13:00 ----A---- C:\WINDOWS\system32\msvcr71.dll
    2008-09-01 21:13:00 ----A---- C:\WINDOWS\system32\msvcp71.dll
    2008-09-01 21:13:00 ----A---- C:\WINDOWS\system32\mfc71.dll
    2008-09-01 21:13:00 ----A---- C:\WINDOWS\system32\aswBoot.exe
    2008-09-01 21:12:59 ----D---- C:\Program Files\Alwil Software
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igxprd32.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igxpgd32.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igxpdx32.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igxpdv32.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\iglicd32.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igldev32.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxzoom.exe
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxtray.exe
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxsrvc.exe
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxsrvc.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxress.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxpph.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxext.exe
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxexps.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxdo.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxdev.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxCoIn_v4837.dll
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\igfxcfg.exe
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\hkcmd.exe
    2008-09-01 21:01:16 ----RA---- C:\WINDOWS\system32\hccutils.dll
    2008-09-01 21:00:59 ----RA---- C:\WINDOWS\system32\igxpun.exe
    2008-09-01 21:00:59 ----RA---- C:\WINDOWS\system32\difxapi.dll
    2008-09-01 21:00:59 ----D---- C:\WINDOWS\system32\Lang
    2008-09-01 20:46:41 ----D---- C:\WINDOWS\OPTIONS
    2008-09-01 20:46:01 ----R---- C:\WINDOWS\system32\ChCfg.exe
    2008-09-01 20:45:41 ----D---- C:\WINDOWS\system32\RTCOM
    2008-09-01 20:45:39 ----A---- C:\WINDOWS\system32\ksuser.dll
    2008-09-01 20:45:06 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-09-01 20:44:52 ----D---- C:\Program Files\Fichiers communs\InstallShield
    2008-09-01 20:44:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2008-09-01 20:44:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-09-01 20:44:01 ----D---- C:\Program Files\Intel
    2008-09-01 20:43:40 ----D---- C:\Intel
    2008-09-01 20:40:40 ----A---- C:\WINDOWS\system32\mdimon.dll
    2008-09-01 20:39:02 ----D---- C:\Program Files\Fichiers communs\DESIGNER
    2008-09-01 20:38:57 ----D---- C:\Program Files\Microsoft Works
    2008-09-01 20:38:52 ----D---- C:\Program Files\Microsoft Visual Studio
    2008-09-01 20:38:31 ----D---- C:\WINDOWS\SHELLNEW
    2008-09-01 20:38:15 ----D---- C:\Program Files\Microsoft.NET
    2008-09-01 20:38:15 ----D---- C:\Program Files\Microsoft Office
    2008-09-01 20:30:35 ----A---- C:\WINDOWS\system32\h323log.txt
    2008-09-01 20:29:26 ----A---- C:\WINDOWS\system32\irmon.dll
    2008-09-01 20:29:25 ----A---- C:\WINDOWS\system32\wshirda.dll
    2008-09-01 20:29:25 ----A---- C:\WINDOWS\system32\irftp.exe
    2008-09-01 20:28:50 ----A---- C:\WINDOWS\system32\usbui.dll
    2008-09-01 20:27:37 ----SHD---- C:\WINDOWS\Installer
    2008-09-01 20:27:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-09-01 20:27:36 ----D---- C:\Program Files\Fichiers communs\ODBC
    2008-09-01 20:27:34 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
    2008-09-01 20:27:33 ----RD---- C:\Program Files
    2008-09-01 20:27:33 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2008-09-01 20:27:33 ----D---- C:\Program Files\Fichiers communs
    2008-09-01 20:27:30 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
    2008-09-01 20:27:30 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
    2008-09-01 20:27:30 ----RA---- C:\WINDOWS\system32\kbdazel.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdycc.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbduzb.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdur.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdtat.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdru1.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdru.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdmon.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdbu.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdblr.dll
    2008-09-01 20:27:29 ----RA---- C:\WINDOWS\system32\kbdaze.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdhept.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdhe.dll
    2008-09-01 20:27:28 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
    2008-09-01 20:27:27 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
    2008-09-01 20:27:27 ----RA---- C:\WINDOWS\system32\kbdlv.dll
    2008-09-01 20:27:27 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
    2008-09-01 20:27:27 ----RA---- C:\WINDOWS\system32\kbdlt.dll
    2008-09-01 20:27:26 ----RA---- C:\WINDOWS\system32\kbdest.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdycl.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdsl.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdro.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdpl.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdhu.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdcz.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\kbdcr.dll
    2008-09-01 20:27:25 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
    2008-09-01 20:27:21 ----A---- C:\WINDOWS\system32\spxcoins.dll
    2008-09-01 20:27:21 ----A---- C:\WINDOWS\system32\irclass.dll
    2008-09-01 20:27:21 ----A---- C:\WINDOWS\system32\EqnClass.Dll
    2008-09-01 20:27:21 ----A---- C:\WINDOWS\system32\dgsetup.dll
    2008-09-01 20:27:21 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
    2008-09-01 20:27:19 ----N---- C:\WINDOWS\system32\CONFIG.TMP
    2008-09-01 20:27:19 ----A---- C:\WINDOWS\system32\batt.dll
    2008-09-01 20:27:17 ----A---- C:\WINDOWS\system32\storprop.dll
    2008-09-01 20:27:11 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
    2008-09-01 20:25:22 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-09-01 20:25:22 ----D---- C:\WINDOWS\system32\CatRoot
    2008-09-01 20:25:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-09-01 20:24:56 ----SHD---- C:\System Volume Information
    2008-09-01 20:24:56 ----D---- C:\Documents and Settings
    2008-09-01 20:14:36 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-09-01 20:14:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-09-01 20:14:36 ----RSD---- C:\WINDOWS\Fonts
    2008-09-01 20:14:36 ----RD---- C:\WINDOWS\Web
    2008-09-01 20:14:36 ----HD---- C:\WINDOWS\inf
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\WinSxS
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\WBEM
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\twain_32
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Temp
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\wins
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\wbem
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\usmt
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\spool
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\ShellExt
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\Setup
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\ras
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\oobe
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\npp
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\mui
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\inetsrv
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\IME
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\icsxml
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\ias
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\fr-fr
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\fr
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\export
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\drivers
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\dhcp
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\config
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\3com_dmi
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\3076
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\2052
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1054
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1042
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1041
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1037
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1036
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1033
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1031
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1028
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32\1025
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system32
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\system
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\security
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Resources
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\repair
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Provisioning
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\PeerNet
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\pchealth
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Offline Web Pages
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\NLDRV
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Network Diagnostic
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\mui
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\msapps
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\msagent
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Media
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\L2Schemas
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\java
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\ime
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Help
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\ehome
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Driver Cache
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Debug
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Cursors
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Connection Wizard
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\Config
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\AppPatch
    2008-09-01 20:14:36 ----D---- C:\WINDOWS\addins
    2008-09-01 20:14:36 ----D---- C:\WINDOWS
    2008-09-01 18:48:45 ----HD---- C:\Program Files\Uninstall Information
    2008-09-01 18:46:31 ----RSD---- C:\WINDOWS\assembly
    2008-09-01 18:46:19 ----D---- C:\WINDOWS\Microsoft.NET
    2008-09-01 18:46:02 ----D---- C:\WINDOWS\SoftwareDistribution
    2008-09-01 18:46:01 ----D---- C:\WINDOWS\Prefetch
    2008-09-01 18:46:00 ----SD---- C:\WINDOWS\system32\Microsoft
    2008-09-01 18:46:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-09-01 18:40:39 ----D---- C:\WINDOWS\system32\xircom
    2008-09-01 18:40:39 ----D---- C:\Program Files\xerox
    2008-09-01 18:40:39 ----D---- C:\Program Files\netmeeting
    2008-09-01 18:40:39 ----D---- C:\Program Files\microsoft frontpage
    2008-09-01 18:34:14 ----A---- C:\WINDOWS\system32\mapi32.dll
    2008-09-01 18:33:32 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
    2008-09-01 18:33:29 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
    2008-09-01 18:33:26 ----HD---- C:\Program Files\WindowsUpdate
    2008-09-01 18:33:23 ----D---- C:\Program Files\Services en ligne
    2008-09-01 18:33:10 ----A---- C:\WINDOWS\system32\desktop.ini
    2008-09-01 18:33:10 ----A---- C:\WINDOWS\system32\atrace.dll
    2008-09-01 18:33:07 ----A---- C:\WINDOWS\system32\acctres.dll
    2008-09-01 18:33:06 ----D---- C:\Program Files\Fichiers communs\Services
    2008-09-01 18:33:04 ----SD---- C:\WINDOWS\Tasks
    2008-09-01 18:33:04 ----D---- C:\Program Files\Fichiers communs\MSSoap
    2008-09-01 18:33:04 ----A---- C:\WINDOWS\system32\icfgnt5.dll
    2008-09-01 18:33:00 ----D---- C:\WINDOWS\srchasst
    2008-09-01 18:32:59 ----D---- C:\WINDOWS\system32\Macromed
    2008-09-01 18:32:58 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-09-01 18:32:58 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-09-01 18:32:58 ----A---- C:\WINDOWS\system32\wuauserv.dll
    2008-09-01 18:32:58 ----A---- C:\WINDOWS\system32\wuaueng1.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\wups.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\wuauclt1.exe
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\bitsprx4.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\bitsprx3.dll
    2008-09-01 18:32:57 ----A---- C:\WINDOWS\system32\bitsprx2.dll
    2008-09-01 18:32:56 ----A---- C:\WINDOWS\system32\qmgr.dll
    2008-09-01 18:32:40 ----A---- C:\WINDOWS\system32\safrslv.dll
    2008-09-01 18:32:40 ----A---- C:\WINDOWS\system32\safrdm.dll
    2008-09-01 18:32:40 ----A---- C:\WINDOWS\system32\safrcdlg.dll
    2008-09-01 18:32:40 ----A---- C:\WINDOWS\system32\racpldlg.dll
    2008-09-01 18:32:36 ----D---- C:\WINDOWS\system32\Restore
    2008-09-01 18:32:36 ----A---- C:\WINDOWS\system32\srsvc.dll
    2008-09-01 18:32:36 ----A---- C:\WINDOWS\system32\srrstr.dll
    2008-09-01 18:32:36 ----A---- C:\WINDOWS\system32\srclient.dll
    2008-09-01 18:32:36 ----A---- C:\WINDOWS\system32\fltMc.exe
    2008-09-01 18:32:36 ----A---- C:\WINDOWS\system32\fltlib.dll
    2008-09-01 18:32:35 ----A---- C:\WINDOWS\system32\msoert2.dll
    2008-09-01 18:32:35 ----A---- C:\WINDOWS\system32\msoeacct.dll
    2008-09-01 18:32:34 ----A---- C:\WINDOWS\system32\inetres.dll
    2008-09-01 18:32:34 ----A---- C:\WINDOWS\system32\inetcomm.dll
    2008-09-01 18:32:33 ----D---- C:\Program Files\Outlook Express
    2008-09-01 18:32:33 ----A---- C:\WINDOWS\system32\schedsvc.dll
    2008-09-01 18:32:32 ----A---- C:\WINDOWS\system32\mstinit.exe
    2008-09-01 18:32:32 ----A---- C:\WINDOWS\system32\mstask.dll
    2008-09-01 18:32:32 ----A---- C:\WINDOWS\system32\isign32.dll
    2008-09-01 18:32:32 ----A---- C:\WINDOWS\system32\inetcfg.dll
    2008-09-01 18:32:32 ----A---- C:\WINDOWS\system32\icwphbk.dll
    2008-09-01 18:32:32 ----A---- C:\WINDOWS\system32\icwdial.dll
    2008-09-01 18:32:27 ----D---- C:\Program Files\Internet Explorer
    2008-09-01 18:32:27 ----D---- C:\Program Files\Fichiers communs\System
    2008-09-01 18:31:55 ----D---- C:\Program Files\ComPlus Applications
    2008-09-01 18:31:50 ----D---- C:\WINDOWS\Registration
    2008-09-01 18:31:37 ----D---- C:\Program Files\Windows Media Connect 2
    2008-09-01 18:31:36 ----D---- C:\Program Files\Windows Media Player
    2008-09-01 18:31:33 ----D---- C:\Program Files\MSN Gaming Zone
    2008-09-01 18:31:33 ----A---- C:\WINDOWS\system32\write.exe
    2008-09-01 18:31:30 ----A---- C:\WINDOWS\system32\winchat.exe
    2008-09-01 18:31:30 ----A---- C:\WINDOWS\system32\sndvol32.exe
    2008-09-01 18:31:30 ----A---- C:\WINDOWS\system32\hticons.dll
    2008-09-01 18:31:30 ----A---- C:\WINDOWS\system32\avwav.dll
    2008-09-01 18:31:30 ----A---- C:\WINDOWS\system32\avtapi.dll
    2008-09-01 18:31:30 ----A---- C:\WINDOWS\system32\avmeter.dll
    2008-09-01 18:31:28 ----A---- C:\WINDOWS\system32\sol.exe
    2008-09-01 18:31:28 ----A---- C:\WINDOWS\system32\getuname.dll
    2008-09-01 18:31:28 ----A---- C:\WINDOWS\system32\charmap.exe
    2008-09-01 18:31:28 ----A---- C:\WINDOWS\system32\calc.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\winmine.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\usrlogon.cmd
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\tsshutdn.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\tslabels.ini
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\tskill.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\tsdiscon.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\tscon.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\shadow.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\rwinsta.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\reset.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\regini.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\mshearts.exe
    2008-09-01 18:31:27 ----A---- C:\WINDOWS\system32\freecell.exe
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\qwinsta.exe
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\qappsrv.exe
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\msg.exe
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\msdtcprf.ini
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\logoff.exe
    2008-09-01 18:31:26 ----A---- C:\WINDOWS\system32\cdmodem.dll
    2008-09-01 18:31:22 ----A---- C:\WINDOWS\system32\wmimgmt.msc
    2008-09-01 18:31:21 ----A---- C:\WINDOWS\system32\sndrec32.exe
    2008-09-01 18:31:21 ----A---- C:\WINDOWS\system32\mplay32.exe
    2008-09-01 18:31:21 ----A---- C:\WINDOWS\system32\hypertrm.dll
    2008-09-01 18:31:21 ----A---- C:\WINDOWS\system32\accwiz.exe
    2008-09-01 18:31:20 ----D---- C:\Program Files\Windows NT
    2008-09-01 18:31:20 ----A---- C:\WINDOWS\system32\spider.exe
    2008-09-01 18:31:20 ----A---- C:\WINDOWS\system32\mspaint.exe
    2008-09-01 18:31:20 ----A---- C:\WINDOWS\system32\clipbrd.exe
    2008-09-01 18:31:19 ----A---- C:\WINDOWS\system32\tsgqec.dll
    2008-09-01 18:31:19 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
    2008-09-01 18:31:19 ----A---- C:\WINDOWS\system32\rhttpaa.dll
    2008-09-01 18:31:19 ----A---- C:\WINDOWS\system32\aaclient.dll
    2008-09-01 18:31:18 ----A---- C:\WINDOWS\system32\sessmgr.exe
    2008-09-01 18:31:18 ----A---- C:\WINDOWS\system32\remotepg.dll
    2008-09-01 18:31:18 ----A---- C:\WINDOWS\system32\rdshost.exe
    2008-09-01 18:31:18 ----A---- C:\WINDOWS\system32\rdsaddin.exe
    2008-09-01 18:31:18 ----A---- C:\WINDOWS\system32\mstscax.dll
    2008-09-01 18:31:18 ----A---- C:\WINDOWS\system32\mstsc.exe
    2008-09-01 18:31:17 ----D---- C:\WINDOWS\system32\MsDtc
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\termsrv.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\rdpwsx.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\rdpsnd.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\rdpclip.exe
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\rdchost.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\qprocess.exe
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\mtxoci.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\icaapi.dll
    2008-09-01 18:31:17 ----A---- C:\WINDOWS\system32\cfgbkend.dll
    2008-09-01 18:31:16 ----A---- C:\WINDOWS\system32\xolehlp.dll
    2008-09-01 18:31:16 ----A---- C:\WINDOWS\system32\msdtctm.dll
    2008-09-01 18:31:16 ----A---- C:\WINDOWS\system32\msdtcprx.dll
    2008-09-01 18:31:16 ----A---- C:\WINDOWS\system32\msdtclog.dll
    2008-09-01 18:31:16 ----A---- C:\WINDOWS\system32\msdtc.exe
    2008-09-01 18:31:15 ----D---- C:\WINDOWS\system32\Com
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\stclient.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\mtxlegih.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\mtxex.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\mtxdm.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\comrepl.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\comaddin.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\colbact.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\clbcatex.dll
    2008-09-01 18:31:15 ----A---- C:\WINDOWS\system32\catsrvps.dll
    2008-09-01 18:31:14 ----A---- C:\WINDOWS\system32\comuid.dll
    2008-09-01 18:31:14 ----A---- C:\WINDOWS\system32\comsvcs.dll
    2008-09-01 18:31:14 ----A---- C:\WINDOWS\system32\comsnap.dll
    2008-09-01 18:31:14 ----A---- C:\WINDOWS\system32\catsrvut.dll
    2008-09-01 18:31:14 ----A---- C:\WINDOWS\system32\catsrv.dll
    2008-09-01 18:31:13 ----A---- C:\WINDOWS\system32\clbcatq.dll
    2008-09-01 18:31:08 ----A---- C:\WINDOWS\system32\servdeps.dll
    2008-09-01 18:31:08 ----A---- C:\WINDOWS\system32\mmfutil.dll
    2008-09-01 18:31:08 ----A---- C:\WINDOWS\system32\licwmi.dll
    2008-09-01 18:31:08 ----A---- C:\WINDOWS\system32\cmprops.dll
    2008-04-30 10:00:00 ----RA---- C:\WINDOWS\system32\ctl3dv2.dll
    2008-04-30 10:00:00 ----R---- C:\WINDOWS\system32\rsop.msc
    2008-04-30 10:00:00 ----R---- C:\WINDOWS\system32\perfmon.msc
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\zipfldr.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xpsp3res.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xpsp2res.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xpsp1res.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xpob2res.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xmlprovi.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xmlprov.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xmllite.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xenroll.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xcopy.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\xactsrv.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wzcdlg.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wupdmgr.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wudfx.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wudfsvc.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wudfplatform.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wudfhost.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wudfcoinstaller.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wtsapi32.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wstdecod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wsock32.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wsnmp32.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshtcpip.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\WshRm.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshnetbs.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshisn.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wship6.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshfr.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshext.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshcon.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshbth.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wshatm.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wsecedit.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wscsvc.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wscript.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wscntfy.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\ws2help.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\ws2_32.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpnpinst.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\WPDSp.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdshserviceobj.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdshextres.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdshextautoplay.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdshext.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdmtpus.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdmtp.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpdconns.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpd_ci.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wpabaln.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wowexec.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wowdeb.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wow32.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvxencd.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvsencd.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvsdecd.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvencod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvdmod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvdecod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\WMVCore.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvadve.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmvadvd.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmstream.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmspdmoe.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmspdmod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmsdmod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpui.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpsrcwp.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpshell.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpps.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpmde.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmploc.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmphoto.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\WMPEncEn.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpeffects.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpdxm.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpcore.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpcd.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmpasf.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmp.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\WMNetmgr.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmiscmgr.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmiprop.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmidx.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmi.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmerror.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmerrFRA.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmdrmsdk.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmdrmnet.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmdrmdev.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmdmps.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmdmlog.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmasf.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmadmoe.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wmadmod.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wlnotify.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wldap32.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wlanapi.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wkssvc.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\winver.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\wintrust.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\winstrm.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\winsta.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\winsrv.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\winspool.exe
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\winsock.dll
    2008-04-30 10:00:00 ----A---- C:\WINDOWS\system32\winshfhc.dll
    2008-04-30 10:00:00 ----A---- C:\WINDO
    a c 267 8 Sécurité
    28 Février 2009 00:04:31

  • Installe Antivir et mets-le à jour.
  • Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
  • Dans Antivir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet et poste le rapport.
    28 Février 2009 00:14:59

    dsl j'ai une connexion 128 :(  donc ca peut prendre un peu de temps
    28 Février 2009 00:45:06

    :(  des que j'essaye de l'installer ils me disent "erreur, il n'a pas été possible d'établir une connexion internet....."
    je voudrai vous dire aussi que je ne l'ai pas télécharger du lien que vous m'avez donné, parcequ'il bloquait mais g télécharger la meme version de "01.net"
    a c 267 8 Sécurité
    28 Février 2009 00:49:12

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    28 Février 2009 00:51:59

    comment désactiver les protections residentes g supprimé spywaredoctor et g eu du mal a enlevé "avast4" g pu y arriver enfin je crois grace a "unlocker assistant"
    a c 267 8 Sécurité
    28 Février 2009 00:54:57

    Lance ComboFix quand même.
    28 Février 2009 01:14:26

    ComboFix 09-02-27.02 - nacera 2002-02-28 1:02:05.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1015.647 [GMT 1:00]
    Lancé depuis: c:\downloads\ComboFix.exe
    AV: avast! antivirus 4.8.1201 [VPS 080516-1] *On-access scanning enabled* (Outdated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\nacera\Application Data\02000000cc3d6937530C.manifest
    c:\documents and settings\nacera\Application Data\02000000cc3d6937530O.manifest
    c:\documents and settings\nacera\Application Data\02000000cc3d6937530P.manifest
    c:\documents and settings\nacera\Application Data\02000000cc3d6937530S.manifest
    c:\windows\GnuHashes.ini
    c:\windows\IE4 Error Log.txt
    c:\windows\system32\GroupPolicy000.dat
    .
    ---- Exécution préalable -------
    .
    C:\2u.com
    C:\autorun.inf
    c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
    c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
    c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\regedits.exe
    c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\sdcvhost.exe
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DAC970NT
    -------\Service_dac970nt


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-27 au 2009-02-27 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-22 18:11 . 2009-02-22 18:11 10,000 -r-hs---- c:\windows\system32\.vbe
    2009-02-22 18:07 . 2009-02-22 18:09 <REP> d-------- c:\documents and settings\nacera\Application Data\U3
    2009-02-13 12:04 . 2009-02-13 12:04 <REP> d-------- c:\program files\PDFCreator Toolbar
    2009-02-13 12:04 . 2009-02-13 12:04 <REP> d-------- c:\program files\PDFCreator
    2009-02-13 12:04 . 2004-03-09 00:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
    2009-02-13 12:04 . 2005-10-15 12:32 196,608 --a------ c:\windows\system32\pdfcmnnt.dll
    2009-02-13 12:04 . 1998-07-13 01:08 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
    2009-02-13 12:04 . 1998-06-24 00:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
    2009-02-13 12:04 . 1998-07-13 01:08 119,568 --a------ c:\windows\system32\VB6FR.DLL
    2009-02-13 12:04 . 1998-07-13 01:08 59,904 --a------ c:\windows\system32\MSCC2FR.DLL
    2009-02-13 12:04 . 1998-07-06 00:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
    2009-02-13 12:04 . 2009-02-13 12:04 15,397 --a------ c:\program files\settings.dat
    2009-02-07 20:17 . 2009-02-07 20:17 <REP> d-------- c:\documents and settings\All Users\Application Data\UDL
    2009-02-07 20:15 . 2009-02-07 20:15 <REP> d-------- c:\documents and settings\nacera\Application Data\InstallShield
    2009-02-07 20:14 . 2009-02-07 20:14 <REP> d-------- c:\documents and settings\All Users\Application Data\EPSON
    2009-02-07 20:14 . 2006-12-08 03:04 76,800 --a------ c:\windows\system32\E_FLBCAE.DLL
    2009-02-07 20:14 . 2006-04-19 03:00 62,976 --a------ c:\windows\system32\E_FD4BCAE.DLL
    2009-02-07 20:14 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
    2009-02-07 20:14 . 2008-04-13 11:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
    2009-02-07 20:14 . 2008-04-13 11:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
    2009-02-07 20:14 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
    2009-02-07 20:14 . 2008-04-13 11:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
    2009-02-07 20:14 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
    2009-02-07 20:14 . 2008-04-13 11:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
    2009-02-07 20:12 . 2009-02-07 20:17 <REP> d-------- c:\program files\epson
    2009-02-07 20:12 . 2006-12-28 00:00 208,896 --a------ c:\windows\system32\esint7e.dll
    2009-02-07 20:12 . 2006-12-28 00:00 66,560 --a------ c:\windows\system32\eswia7e.dll
    2009-02-07 20:12 . 2006-03-10 00:00 3,584 --a------ c:\windows\system32\eswiaml.dll
    2009-02-05 21:08 . 2009-02-05 21:08 <REP> d-------- c:\program files\MSECache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-27 00:03 --------- d-----w c:\program files\FlashGet
    2009-02-20 09:49 --------- d-----w c:\program files\Peer2Peer-FR
    2009-02-13 11:01 --------- d-----w c:\documents and settings\nacera\Application Data\LimeWire
    2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-02-07 19:18 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2009-01-16 21:36 --------- d-----w c:\program files\Google
    2009-01-11 10:27 --------- d-----w c:\program files\LimeWire
    2008-12-27 01:28 --------- d-----w c:\program files\Microsoft Works
    2002-02-26 19:43 10,000 --sh--r c:\windows\.vbe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2002-02-26 1883672]

    [HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
    2002-02-26 21:00 1883672 --a------ c:\program files\Peer2Peer-FR\tbPee1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2002-02-26 1883672]

    [HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2002-02-26 1883672]

    [HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-30 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-21 39408]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5806104]
    "EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 250368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 211736]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 232216]
    "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-11 2076720]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 2770800]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 389120]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "nltide_3"="advpack.dll" [2008-04-30 c:\windows\system32\advpack.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "USER-6386143AA7"=".vbe" [2009-02-22 c:\windows\system32\.vbe]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    TWL541P.lnk - c:\program files\MAXIPOWER\TWL541P\Mrv8000x.exe [2008-12-08 1007616]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"= 1 (0x1)
    "DisableRegistryTools"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMMyPictures"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMMyPictures"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5806104 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-09-29 17:57 24520488 c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    -r------- 2002-02-26 20:43 16384000 c:\windows\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "DisablePagingExecutive"=dword:00000001
    "SecondLevelDataCache"=dword:00000200
    "UacDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "UacDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\FlashGet\\flashget.exe"= c:\\Program Files\\FlashGet\\FlashGet.exe
    "c:\\WINDOWS\\system32\\userinit.exe"=
    "c:\\WINDOWS\\system32\\igfxtray.exe"=
    "c:\\Program Files\\MAXIPOWER\\TWL541P\\Mrv8000x.exe"=
    "c:\\WINDOWS\\system32\\wuauclt.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Microsoft Office\\OFFICE11\\msohtmed.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\WINDOWS\\system32\\hkcmd.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICAE.EXE"=
    "c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

    R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2008-04-30 16896]
    R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2008-04-30 52736]
    R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2008-04-30 30208]
    R3 W8335PCI;MAXIPOWER TWL541P Wireless NIC;c:\windows\system32\drivers\Mrvw123.sys [2008-12-08 282624]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-04-30 36864]
    S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
    S3 PAC207;Look 110;c:\windows\system32\drivers\PFC027.SYS [2002-02-22 507264]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - DAC970NT
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe
    Notify-88f5ece4530 - c:\windows\System32\iasnap32.dll


    .
    ------- Examen supplémentaire -------
    .
    IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {D02EC146-87C0-4F4B-A661-29BB4B4830F1} = 192.168.1.1,202.96.128.68
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-27 01:05:25
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\wscript.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-02-27 1:08:17 - La machine a redémarré [nacera]
    ComboFix-quarantined-files.txt 2009-02-27 00:08:15

    Avant-CF: 61,579,579,392 octets libres
    Après-CF: 61,857,533,952 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    224 --- E O F --- 2002-02-27 19:00:21
    28 Février 2009 01:15:51

    stp comment puisje supprimer définitivement "avast4"
    28 Février 2009 01:28:39

    bravo tu es un vrai géni
    et maintenant que dois je faire pour l'installation de l'antivirus CHEF??
    28 Février 2009 01:42:15

    ComboFix 09-02-27.02 - nacera 2009-02-27 1:31:22.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1015.689 [GMT 1:00]
    Lancé depuis: c:\downloads\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DAC970NT
    -------\Service_dac970nt


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-27 au 2009-02-27 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-22 18:11 . 2009-02-22 18:11 10,000 -r-hs---- c:\windows\system32\.vbe
    2009-02-22 18:07 . 2009-02-22 18:09 <REP> d-------- c:\documents and settings\nacera\Application Data\U3
    2009-02-13 12:04 . 2009-02-13 12:04 <REP> d-------- c:\program files\PDFCreator Toolbar
    2009-02-13 12:04 . 2009-02-13 12:04 <REP> d-------- c:\program files\PDFCreator
    2009-02-13 12:04 . 2004-03-09 00:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
    2009-02-13 12:04 . 2005-10-15 12:32 196,608 --a------ c:\windows\system32\pdfcmnnt.dll
    2009-02-13 12:04 . 1998-07-13 01:08 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
    2009-02-13 12:04 . 1998-06-24 00:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
    2009-02-13 12:04 . 1998-07-13 01:08 119,568 --a------ c:\windows\system32\VB6FR.DLL
    2009-02-13 12:04 . 1998-07-13 01:08 59,904 --a------ c:\windows\system32\MSCC2FR.DLL
    2009-02-13 12:04 . 1998-07-06 00:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
    2009-02-13 12:04 . 2009-02-13 12:04 15,397 --a------ c:\program files\settings.dat
    2009-02-07 20:17 . 2009-02-07 20:17 <REP> d-------- c:\documents and settings\All Users\Application Data\UDL
    2009-02-07 20:15 . 2009-02-07 20:15 <REP> d-------- c:\documents and settings\nacera\Application Data\InstallShield
    2009-02-07 20:14 . 2009-02-07 20:14 <REP> d-------- c:\documents and settings\All Users\Application Data\EPSON
    2009-02-07 20:14 . 2006-12-08 03:04 76,800 --a------ c:\windows\system32\E_FLBCAE.DLL
    2009-02-07 20:14 . 2006-04-19 03:00 62,976 --a------ c:\windows\system32\E_FD4BCAE.DLL
    2009-02-07 20:14 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
    2009-02-07 20:14 . 2008-04-13 11:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
    2009-02-07 20:14 . 2008-04-13 11:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
    2009-02-07 20:14 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
    2009-02-07 20:14 . 2008-04-13 11:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
    2009-02-07 20:14 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
    2009-02-07 20:14 . 2008-04-13 11:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
    2009-02-07 20:12 . 2009-02-07 20:17 <REP> d-------- c:\program files\epson
    2009-02-07 20:12 . 2006-12-28 00:00 208,896 --a------ c:\windows\system32\esint7e.dll
    2009-02-07 20:12 . 2006-12-28 00:00 66,560 --a------ c:\windows\system32\eswia7e.dll
    2009-02-07 20:12 . 2006-03-10 00:00 3,584 --a------ c:\windows\system32\eswiaml.dll
    2009-02-05 21:08 . 2009-02-05 21:08 <REP> d-------- c:\program files\MSECache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-27 00:32 --------- d-----w c:\program files\FlashGet
    2009-02-20 09:49 --------- d-----w c:\program files\Peer2Peer-FR
    2009-02-13 11:01 --------- d-----w c:\documents and settings\nacera\Application Data\LimeWire
    2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-02-07 19:18 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2009-01-16 21:36 --------- d-----w c:\program files\Google
    2009-01-11 10:27 --------- d-----w c:\program files\LimeWire
    2008-12-27 01:28 --------- d-----w c:\program files\Microsoft Works
    2008-12-25 23:34 29,480 ----a-w c:\windows\system32\msxml3a.dll
    2008-12-14 08:37 410,984 ----a-w c:\windows\system32\deploytk.dll
    2002-02-26 19:43 10,000 --sh--r c:\windows\.vbe
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-27_ 1.05.57.25 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-22 19:00:12 303,104 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
    + 2009-02-27 00:21:41 303,104 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
    + 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
    - 2008-12-10 18:26:20 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
    + 2009-02-27 00:30:28 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
    + 2009-02-27 00:33:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_524.dat
    + 2009-02-27 00:33:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7b4.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2002-02-26 1883672]

    [HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
    2002-02-26 21:00 1883672 --a------ c:\program files\Peer2Peer-FR\tbPee1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2002-02-26 1883672]

    [HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2002-02-26 1883672]

    [HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-30 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-21 39408]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5806104]
    "EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 250368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 211736]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 232216]
    "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-11 2076720]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 2770800]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 389120]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "nltide_3"="advpack.dll" [2008-04-30 c:\windows\system32\advpack.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "USER-6386143AA7"=".vbe" [2009-02-22 c:\windows\system32\.vbe]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    TWL541P.lnk - c:\program files\MAXIPOWER\TWL541P\Mrv8000x.exe [2008-12-08 1007616]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"= 1 (0x1)
    "DisableRegistryTools"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMMyPictures"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMMyPictures"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5806104 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-09-29 17:57 24520488 c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    -r------- 2002-02-26 20:43 16384000 c:\windows\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "DisablePagingExecutive"=dword:00000001
    "SecondLevelDataCache"=dword:00000200
    "UacDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "UacDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\FlashGet\\flashget.exe"= c:\\Program Files\\FlashGet\\FlashGet.exe
    "c:\\WINDOWS\\system32\\userinit.exe"=
    "c:\\WINDOWS\\system32\\igfxtray.exe"=
    "c:\\Program Files\\MAXIPOWER\\TWL541P\\Mrv8000x.exe"=
    "c:\\WINDOWS\\system32\\wuauclt.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Microsoft Office\\OFFICE11\\msohtmed.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\WINDOWS\\system32\\hkcmd.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICAE.EXE"=
    "c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

    R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2008-04-30 16896]
    R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2008-04-30 52736]
    R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2008-04-30 30208]
    R3 W8335PCI;MAXIPOWER TWL541P Wireless NIC;c:\windows\system32\drivers\Mrvw123.sys [2008-12-08 282624]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-04-30 36864]
    S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
    S3 PAC207;Look 110;c:\windows\system32\drivers\PFC027.SYS [2002-02-22 507264]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - DAC970NT
    .
    .
    ------- Examen supplémentaire -------
    .
    IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {D02EC146-87C0-4F4B-A661-29BB4B4830F1} = 192.168.1.1,202.96.128.68
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-27 01:33:35
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\wscript.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-02-27 1:35:21 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-02-27 00:35:19
    ComboFix2.txt 2009-02-27 00:08:18

    Avant-CF: 61 867 614 208 octets libres
    Après-CF: 61,856,239,616 octets libres

    206 --- E O F --- 2002-02-27 19:00:21
    a c 267 8 Sécurité
    28 Février 2009 01:46:39

    Je ne parlais pas de ComboFix.

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Installe Antivir et mets-le à jour.
  • Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
  • Dans Antivir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet et poste le rapport.
    28 Février 2009 08:16:41

    destrio comment je dois taper combofix /u??
    et puis j'ai retelechargé avec flashget, antivir, mais dès que je veux l'ouvrir il me dit qu'il est utilisé par un autre processeur.........je sais que je t'embete dsl
    dis moi qu'est que ca veut dire, c'est un gros virus c'est ca???
    28 Février 2009 08:20:24

    ah oui c'est bon j'ai désinstallé combofix
    28 Février 2009 09:05:00

    et ben ecoute j'ai enfin réussi a télécharger antivir jusqu'au bout, meme les mises a jours
    mais le probleme c'est qu'a chaque fois que je l'ouvrais il se refermait tt seul et maintenant je ne peut meme plus l'ouvrir :( 
    a c 267 8 Sécurité
    28 Février 2009 16:25:46

    On va essayer d'autres choses.

    --> Télécharge le scanner portable AVPTool sur ton Bureau.
    --> Lance l'exécutable intitulé setup_7.0xxxxx en double-cliquant dessus.
    --> Réponds Oui à la question Do you want to continue installation ?.
    --> Clique sur Next pour les deux fenêtres suivantes : AVPTool s'installe sur ton Bureau dans un dossier nommé Kaspersky Lab Tool.
    --> L'outil se lance tout seul : coche toutes les cases dans l'onglet Automatic Scan.
    --> Clique maintenant sur Scan. Le scan commence, une nouvelle fenêtre s'ouvre indiquant la progression du balayage en pourcentage.
    --> A la fin du scan, AVPTool signale les objets infectés par l'intermédiaire d'un pop-up : coche alors Apply to all et clique sur Disinfect ou sur Delete selon ce que propose la fenêtre.
    --> Une fois les infections traitées par l'intermédiaire des pop-ups, il se peut que des fichiers malsains n'aient pas été supprimés : ils apparaissent en rouge dans la liste : clique alors sur le bouton Neutralize all de la fenêtre de progression du scan : si une pop-up indique qu'il faut redémarrer, accepte en cliquant sur OK.
    --> Rends-toi maintenant dans l'onglet Events de la fenêtre de progression du scan et décoche Show all events.
    --> Clique enfin sur Reports puis Save to file et enregistre le rapport sur ton Bureau sous le nom Rapport AVPTool.
    --> Ferme les fenêtres d'AVPTool : un message apparaît proposant de désinstaller le logiciel : choisis Yes.
    --> Un message d'alerte indique que le PC doit être redémarré pour finir la désinstallation. À la question Would you like to restart now, réponds Oui et laisse ton ordinateur redémarrer en Mode normal.
    --> Poste le rapport dans ta prochaine réponse.
    28 Février 2009 20:17:44

    DESTRIOOOOOOOOOO a l'aide, ce matin avant que tu me reponde à un moment j'ai redémaré mon PC et ensuite ya des fenetres qui me sont apparues et je pensais que c'etait des virus et j'ai tt supprimé et finalement j'ai supprimé msn, flashget et surtout la connexion parceque des que j'allume mon pc c'est toutes ces applications qui apparaissent....je suis bete.....................;que dois je faire maintenant????
    j'arrive plus a me connecté
    ps: la je suis connécté grace a un laptop en wifi chez moi
    a c 267 8 Sécurité
    28 Février 2009 20:20:15

    Essaie ceci :

  • Télécharge WinsockXPFix sur ton Bureau.

  • Double-clique sur WinsockXPFix.exe.
  • Tout d'abord, clique sur le boutton ReG-Backup. Cela sauvegardera ton registre par précaution.
  • Clique sur OK, et encore une fois. Tu verras une fenêtre de sauvegarde de ton registre, tu cliqueras une nouvelle fois sur OK.

  • Retourne à la fenêtre principale.
  • Clique sur Fix.
  • Clique sur Yes.
  • Il se lancera pendant une minute ou deux et un bip se fera entendre et tu verras cette fenêtre.
  • Finalement, clique sur OK et laisse ton PC redémarrer. Lorsqu'il aura redémarré, essaie d'aller sur Internet.
    28 Février 2009 20:22:59

    oui mais comment faire sans connexion pour telecharger ce que tu m'as demandé
    a c 267 8 Sécurité
    28 Février 2009 20:23:53

    Avec une clé USB par exemple.
    28 Février 2009 20:38:02

    j'ai fait ce que tu m'as di ca marche pas :( 
    28 Février 2009 20:38:48

    on pourrait peut etre restaurer le systeme non??
    a c 267 8 Sécurité
    28 Février 2009 20:39:25

    Tu peux toujours essayer d'utiliser la restauration système.
    28 Février 2009 20:41:22

    et comment dois je faire??
    a c 267 8 Sécurité
    28 Février 2009 20:43:45

    Menu Démarrer > Tous les programmes > Accessoires > Outils système > Restauration du système.
    28 Février 2009 20:45:18

    je vais te parraitre un peu lourde mais : et apres??
    dsl de t'apprendre que je suis nulle en informatique
    a c 267 8 Sécurité
    28 Février 2009 20:49:29

    Après, tu choisis une date dans le calendrier pour ta restauration et tu restaures. Je ne peux pas te guider plus précisément.
    28 Février 2009 20:58:16

    c'est bon j'ai réstauré et ca MARCHE!! merci
    et ensuite je fais quoi pour mon probleme d'anti virus
    parcontre j'ai des fenetres qui apparaissent pour tout les programmes et je clique soit sur ignorer soit su reparer, quand est ce que je peux savoir si c'est un programme ou un virus???
    a c 267 8 Sécurité
    28 Février 2009 20:59:24

    Fais le scan avec AVPTool.
    28 Février 2009 22:43:49

    Scan
    ----
    Scanned: 309145
    Detected: 3
    Untreated: 0
    Start time: 27/02/2009 21:45:32
    Duration: 00:49:17
    Finish time: 27/02/2009 22:34:49


    Detected
    --------
    Status Object
    ------ ------
    disinfected: Trojan program Trojan-Downloader.WMA.GetCodec.u File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Incomplete\Preview-T-3545427-parody toi moi (256k 44800).mp3
    disinfected: Trojan program Trojan-Downloader.WMA.GetCodec.u File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Saved\parody toi moi (256k 44800).mp3
    deleted: virus EICAR-Test-File File: C:\Documents and Settings\nacera\Local Settings\temp\Av-test.txt


    Events
    ------
    Time Name Status Reason
    ---- ---- ------ ------
    27/02/2009 21:46:33 File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Incomplete\Preview-T-3545427-parody toi moi (256k 44800).mp3 detected Trojan program 'Trojan-Downloader.WMA.GetCodec.u'
    27/02/2009 21:46:33 File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Incomplete\Preview-T-3545427-parody toi moi (256k 44800).mp3 not disinfected postponed
    27/02/2009 21:46:33 File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Saved\parody toi moi (256k 44800).mp3 detected Trojan program 'Trojan-Downloader.WMA.GetCodec.u'
    27/02/2009 21:46:33 File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Saved\parody toi moi (256k 44800).mp3 not disinfected postponed
    27/02/2009 21:49:19 File: C:\Documents and Settings\nacera\Local Settings\temp\Av-test.txt detected virus 'EICAR-Test-File'
    27/02/2009 21:49:19 File: C:\Documents and Settings\nacera\Local Settings\temp\Av-test.txt not disinfected postponed
    27/02/2009 21:49:48 File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Incomplete\Preview-T-3545427-parody toi moi (256k 44800).mp3 detected Trojan program 'Trojan-Downloader.WMA.GetCodec.u'
    27/02/2009 21:49:48 File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Incomplete\Preview-T-3545427-parody toi moi (256k 44800).mp3 not disinfected postponed
    27/02/2009 21:49:48 File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Saved\parody toi moi (256k 44800).mp3 detected Trojan program 'Trojan-Downloader.WMA.GetCodec.u'
    27/02/2009 21:49:48 File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Saved\parody toi moi (256k 44800).mp3 not disinfected postponed
    27/02/2009 22:13:11 File: C:\Documents and Settings\nacera\Local Settings\temp\Av-test.txt detected virus 'EICAR-Test-File'
    27/02/2009 22:13:11 File: C:\Documents and Settings\nacera\Local Settings\temp\Av-test.txt not disinfected postponed
    27/02/2009 22:13:41 File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Incomplete\Preview-T-3545427-parody toi moi (256k 44800).mp3 detected Trojan program 'Trojan-Downloader.WMA.GetCodec.u'
    27/02/2009 22:13:41 File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Incomplete\Preview-T-3545427-parody toi moi (256k 44800).mp3 not disinfected postponed
    27/02/2009 22:13:41 File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Saved\parody toi moi (256k 44800).mp3 detected Trojan program 'Trojan-Downloader.WMA.GetCodec.u'
    27/02/2009 22:13:41 File: C:\Documents and Settings\nacera\Mes documents\LimeWire\Saved\parody toi moi (256k 44800).mp3 not disinfected postponed
    27/02/2009 22:34:19 File: c:\documents and settings\nacera\mes documents\limewire\incomplete\preview-t-3545427-parody toi moi (256k 44800).mp3 detected Trojan program 'Trojan-Downloader.WMA.GetCodec.u'
    27/02/2009 22:34:29 File: c:\documents and settings\nacera\mes documents\limewire\incomplete\preview-t-3545427-parody toi moi (256k 44800).mp3 disinfected Trojan program 'Trojan-Downloader.WMA.GetCodec.u'
    27/02/2009 22:34:29 File: c:\documents and settings\nacera\mes documents\limewire\saved\parody toi moi (256k 44800).mp3 detected Trojan program 'Trojan-Downloader.WMA.GetCodec.u'
    27/02/2009 22:34:44 File: c:\documents and settings\nacera\mes documents\limewire\saved\parody toi moi (256k 44800).mp3 disinfected Trojan program 'Trojan-Downloader.WMA.GetCodec.u'
    27/02/2009 22:34:44 File: c:\documents and settings\nacera\local settings\temp\av-test.txt detected virus 'EICAR-Test-File'
    27/02/2009 22:34:44 File: c:\documents and settings\nacera\local settings\temp\av-test.txt not disinfected cannot be disinfected
    27/02/2009 22:34:49 File: c:\documents and settings\nacera\local settings\temp\av-test.txt deleted


    Statistics
    ----------
    Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
    ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
    All objects 167509 3 3 0 0 1562 348 0 13
    System memory 2641 0 0 0 0 2 5 0 0
    Startup objects 565 0 0 0 0 0 11 0 0
    Disk boot sectors 6 0 0 0 0 0 0 0 0
    Mes documents 274 2 2 0 0 1 0 0 0
    Mail databases 0 0 0 0 0 0 0 0 0
    Poste de travail 154567 1 1 0 0 1238 244 0 11
    Disque local (C:)  9456 0 0 0 0 321 88 0 2
    Disque local (D:)  0 0 0 0 0 0 0 0 0
    Look 110 (E:)  0 0 0 0 0 0 0 0 0
    NACERA (F:)  0 0 0 0 0 0 0 0 0
    Disque amovible (G:)  0 0 0 0 0 0 0 0 0
    Disque amovible (H:)  0 0 0 0 0 0 0 0 0
    Disque amovible (I:)  0 0 0 0 0 0 0 0 0
    Disque amovible (J:)  0 0 0 0 0 0 0 0 0


    Settings
    --------
    Parameter Value
    --------- -----
    Security Level Recommended
    Action Prompt for action when the scan is complete
    Run mode Manually
    File types Scan all files
    Scan only new and changed files No
    Scan archives All
    Scan embedded OLE objects All
    Skip if object is larger than No
    Skip if scan takes longer than No
    Parse email formats No
    Scan password-protected archives No
    Enable iChecker technology No
    Enable iSwift technology No
    Show detected threats on "Detected" tab Yes
    Rootkits search Yes
    Deep rootkits search No
    Use heuristic analyzer Yes


    Quarantine
    ----------
    Status Object Size Added
    ------ ------ ---- -----


    Backup
    ------
    Status Object Size
    ------ ------ ----
    a c 267 8 Sécurité
    28 Février 2009 22:54:40

    On va faire un peu de tri.


    1/

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit\.
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS