Se connecter / S'enregistrer
Votre question

[résolu]Pop up incessant plus virus...

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Mars 2009 21:16:43

Bonsoir,
Je pense que mon ordinateur est infecté car je reçois beaucoup de pop up,
Pourriez-vous m'aider à les supprimer?
Voici un rapport Hijachtis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:33, on 02/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\??crosoft.NET\w?auboot.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: (no name) - {A266981C-778A-0421-F73A-79A2E2ED4CC3} - C:\WINDOWS\system32\physigz.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE62CC4A-7289-0727-F73A-79A2E3B91AC2} - C:\WINDOWS\system32\nje.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SYSTMON.EXE] C:\WINDOWS\system32\drivers\SYSTMON.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Tsra] "C:\DOCUME~1\COMPAQ~1\APPLIC~1\WNSXS~1\svchost.exe" -vt ndrv
O4 - HKCU\..\Run: [Ksdxa] "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?icrosoft.NET\n?tdde.exe"
O4 - HKCU\..\Run: [Cmppdea] C:\WINDOWS\?ystem32\w?auclt.exe
O4 - HKCU\..\Run: [Dine] "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?ssembly\i?xplore.exe"
O4 - HKCU\..\Run: [Eihbr] C:\WINDOWS\system32\?dobe\?pool32.exe
O4 - HKCU\..\Run: [Btcalg] "C:\Program Files\??crosoft\w?nword.exe"
O4 - HKCU\..\Run: [Mwypsqvp] C:\WINDOWS\system32\??crosoft\??xplore.exe
O4 - HKCU\..\Run: [Izda] C:\WINDOWS\system32\s?stem32\?hkdsk.exe
O4 - HKCU\..\Run: [Micmst] "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\??crosoft.NET\w?auboot.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{3C77432E-0B74-1036-0509-050203200021}] "C:\Program Files\Fichiers communs\{3C77432E-0B74-1036-0509-050203200021}\Update.exe" te-110-12-0000073
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1....
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 9750 bytes

Autres pages sur : resolu pop incessant virus

a c 267 8 Sécurité
a b 9 Windows
2 Mars 2009 21:30:55

Salut,

Il y a du EoRezo, du Purity, etc.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    2 Mars 2009 21:51:44

    Bonsoir,

    Qu'est ce que le EoRezo et le Purity?

    Voici le rapport log.txt:




    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Compaq_Propriétaire at 2009-03-02 21:49:02
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 74 GB (50%) free of 146 GB
    Total RAM: 503 MB (34% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:49:04, on 02/03/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\??crosoft.NET\w?auboot.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
    O2 - BHO: (no name) - {A266981C-778A-0421-F73A-79A2E2ED4CC3} - C:\WINDOWS\system32\physigz.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {AE62CC4A-7289-0727-F73A-79A2E3B91AC2} - C:\WINDOWS\system32\nje.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SYSTMON.EXE] C:\WINDOWS\system32\drivers\SYSTMON.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Tsra] "C:\DOCUME~1\COMPAQ~1\APPLIC~1\WNSXS~1\svchost.exe" -vt ndrv
    O4 - HKCU\..\Run: [Ksdxa] "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?icrosoft.NET\n?tdde.exe"
    O4 - HKCU\..\Run: [Cmppdea] C:\WINDOWS\?ystem32\w?auclt.exe
    O4 - HKCU\..\Run: [Dine] "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?ssembly\i?xplore.exe"
    O4 - HKCU\..\Run: [Eihbr] C:\WINDOWS\system32\?dobe\?pool32.exe
    O4 - HKCU\..\Run: [Btcalg] "C:\Program Files\??crosoft\w?nword.exe"
    O4 - HKCU\..\Run: [Mwypsqvp] C:\WINDOWS\system32\??crosoft\??xplore.exe
    O4 - HKCU\..\Run: [Izda] C:\WINDOWS\system32\s?stem32\?hkdsk.exe
    O4 - HKCU\..\Run: [Micmst] "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\??crosoft.NET\w?auboot.exe"
    O4 - HKCU\..\Policies\Explorer\Run: [{3C77432E-0B74-1036-0509-050203200021}] "C:\Program Files\Fichiers communs\{3C77432E-0B74-1036-0509-050203200021}\Update.exe" te-110-12-0000073
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPU...
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1....
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

    --
    End of file - 9911 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Symantec NetDetect.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{216A7CAC-2E9B-4F70-AB77-6F9B575C1DE3}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
    EoBho Class - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
    ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A266981C-778A-0421-F73A-79A2E2ED4CC3}]
    C:\WINDOWS\system32\physigz.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-08-09 2018368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE62CC4A-7289-0727-F73A-79A2E3B91AC2}]
    C:\WINDOWS\system32\nje.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-13 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-08-09 2018368]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-19 266497]
    "SYSTMON.EXE"=C:\WINDOWS\system32\drivers\SYSTMON.EXE []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
    "Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-08 68856]
    "Tsra"=C:\DOCUME~1\COMPAQ~1\APPLIC~1\WNSXS~1\svchost.exe -vt ndrv []
    "Ksdxa"=C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?icrosoft.NET\n?tdde.exe []
    "Cmppdea"=C:\WINDOWS\?ystem32\w?auclt.exe []
    "Dine"=C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?ssembly\i?xplore.exe []
    "Eihbr"=C:\WINDOWS\system32\?dobe\?pool32.exe []
    "Btcalg"=C:\Program Files\??crosoft\w?nword.exe []
    "Mwypsqvp"=C:\WINDOWS\system32\??crosoft\??xplore.exe []
    "Izda"=C:\WINDOWS\system32\s?stem32\?hkdsk.exe []
    "Micmst"=C:\Documents and Settings\Compaq_Propriétaire\Mes documents\??crosoft.NET\w?auboot.exe [2008-05-29 230400]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "{3C77432E-0B74-1036-0509-050203200021}"=C:\Program Files\Fichiers communs\{3C77432E-0B74-1036-0509-050203200021}\Update.exe te-110-12-0000073 []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
    VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico

    C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    PowerReg Scheduler.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\nanouch\incredimail_install.exe"="C:\Documents and Settings\Compaq_Propriétaire\Mes documents\nanouch\incredimail_install.exe:*:Enabled:IncrediMail Installer"
    "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\31exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\31exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\27exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\27exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\42exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\42exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\75exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\75exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\82exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\82exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\13exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\13exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\84exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\84exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\45exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\45exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\37exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\37exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\99exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\99exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\53exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\53exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\88exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\88exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\14exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\14exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\76exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\76exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\23exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\23exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\Program Files\MaxTV\maxtv.exe"="C:\Program Files\MaxTV\maxtv.exe:*:Enabled:MaxTV Online"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\68exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\68exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\77exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\77exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\65exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\65exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\4exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\4exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\89exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\89exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\33exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\33exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\81exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\81exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\34exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\34exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\11exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\11exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\36exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\36exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\62exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\62exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\44exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\44exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\6exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\6exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\58exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\58exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\48exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\48exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\50exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\50exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\28exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\28exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\90exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\90exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\73exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\73exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\12exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\12exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\72exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\72exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\3exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\3exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\97exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\97exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\79exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\79exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\78exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\78exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\18exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\18exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\46exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\46exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\95exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\95exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\29exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\29exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\16exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\16exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\83exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\83exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\74exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\74exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\51exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\51exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\43exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\43exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\96exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\96exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\52exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\52exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\59exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\59exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\25exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\25exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\29exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\29exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\49exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\49exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\64exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\64exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\77exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\77exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\18exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\18exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\15exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\15exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2exinjs.a9.exe:*:Enabled:Microsoft Update"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e131085-44ef-11db-953a-0003c961750e}]
    shell\Auto\command - K:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e131086-44ef-11db-953a-0003c961750e}]
    shell\Auto\command - L:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24e9cae5-f92b-11da-94f3-0003c961750e}]
    shell\Auto\command - F:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c7b0b1c-6f63-11dc-96b9-0003c961750e}]
    shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{825216ec-0465-11db-9505-0003c961750e}]
    shell\Auto\command - K:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f2fb2c5-d962-11dc-973e-0003c961750e}]
    shell\Auto\command - F:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99cfe8b8-1b6e-11dd-9785-0003c961750e}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eeaaf57-635c-11dc-96a8-0003c961750e}]
    shell\Auto\command - F:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a923b831-47a4-11da-93f8-0003c961750e}]
    shell\Auto\command - F:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b261f011-772a-11db-9578-0003c961750e}]
    shell\AutoRun\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\SYSTMON.EXE
    shell\open\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\SYSTMON.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd3dbb29-fb42-11dc-9765-0003c961750e}]
    shell\Auto\command - F:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9496bed-6e61-11dc-96b6-0003c961750e}]
    shell\Auto\command - F:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb6db39a-ada5-11dd-981c-0003c961750e}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3b17587-1c28-11dd-9786-0003c961750e}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3b1758a-1c28-11dd-9786-0003c961750e}]
    shell\Auto\command - F:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e67c7780-65a2-11da-9423-0003c961750e}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e76e845f-0d62-11dd-9774-0003c961750e}]
    shell\Auto\command - F:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f010502f-f23a-11db-9624-0003c961750e}]
    shell\Auto\command - F:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4a368bf-7018-11db-9571-0003c961750e}]
    shell\Auto\command - F:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc5c6d92-413c-11dc-9698-0003c961750e}]
    shell\Auto\command - F:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


    ======List of files/folders created in the last 1 months======

    2009-03-02 21:49:02 ----D---- C:\rsit
    2009-03-02 21:13:17 ----D---- C:\Program Files\Trend Micro
    2009-02-25 07:17:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-11 23:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

    ======List of files/folders modified in the last 1 months======

    2009-03-02 21:13:43 ----D---- C:\WINDOWS\Prefetch
    2009-03-02 21:13:17 ----D---- C:\Program Files
    2009-03-02 21:11:51 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-02 20:08:14 ----D---- C:\WINDOWS\Temp
    2009-03-02 08:55:40 ----D---- C:\WINDOWS\system32
    2009-03-02 08:55:40 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-03-01 22:46:54 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-01 20:05:31 ----D---- C:\WINDOWS
    2009-02-25 07:18:03 ----HD---- C:\WINDOWS\inf
    2009-02-25 07:17:57 ----D---- C:\WINDOWS\system32\dllcache
    2009-02-25 07:10:38 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-02-25 07:10:32 ----HD---- C:\WINDOWS\$hf_mig$
    2009-02-23 20:43:00 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2009-02-23 20:42:59 ----D---- C:\WINDOWS\system32\CatRoot
    2009-02-22 17:39:27 ----D---- C:\Code Route 4 (E)
    2009-02-18 20:18:21 ----D---- C:\WINDOWS\system32\fr-fr
    2009-02-18 20:18:21 ----D---- C:\Program Files\Internet Explorer
    2009-02-11 23:05:04 ----SHD---- C:\WINDOWS\Installer
    2009-02-11 23:05:04 ----HD---- C:\Config.Msi
    2009-02-11 23:05:03 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-02-11 23:03:59 ----A---- C:\WINDOWS\imsins.BAK
    2009-02-11 23:03:24 ----D---- C:\WINDOWS\ie7updates
    2009-02-04 00:21:12 ----AC---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072]
    R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244]
    R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
    R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-08-18 110080]
    R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-10-15 71168]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-08-13 379456]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
    S3 DCamUSBDXGTech;Dual-Mode DSC (Video Camera); C:\WINDOWS\System32\Drivers\GT891x1.SYS []
    S3 GT890x;Dual-Mode DSC (Still Camera); C:\WINDOWS\System32\Drivers\GT890x.SYS []
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
    S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMD031.sys [2003-04-01 35319]
    S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
    R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
    R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2005-11-13 54784]
    R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
    R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2006-04-20 1520688]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
    R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
    S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-10-22 69120]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe [2002-12-24 65536]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]

    -----------------EOF-----------------










    Voici le rapport info.txt:

    info.txt logfile of random's system information tool 1.05 2009-03-02 21:49:10

    ======Uninstall list======

    -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAB2EE2E-EF1F-4410-BA50-C3BFBE651F92}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAB2EE2E-EF1F-4410-BA50-C3BFBE651F92}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c /remove
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
    Agere Systems PCI Soft Modem-->agrsmdel
    Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    Cisco Systems VPN Client 4.8.01.0300-->MsiExec.exe /X{D25122BC-A60E-4663-B602-B01718F12044}
    ClickImpôts first step 2007 2007.2.512-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F9748F-70D6-4AC3-85E0-04607F26B989}\Setup.exe" -l0x40c
    Compel Adaptec WinASPI-->"C:\Program Files\WinASPI\unins000.exe"
    Compléments d'aide et de support-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
    Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Correctif Windows XP - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
    Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
    Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
    Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
    Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Correctif Windows XP - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
    Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
    Correctif Windows XP - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Creative Mass Storage Drivers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x40c /remove
    Creative MediaSource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x40c /remove
    Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
    Creative Zen Nano Plus-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA63612E-0458-416A-ADCD-B2349194F20F}\SETUP.EXE" -l0x40c /remove
    CueClub-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\Real\RealGames\CueClub\setup.exe"
    Diablo II Shareware-->C:\WINDOWS\DIIDUnin.exe C:\WINDOWS\DIIDUnin.dat
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Encyclopédie Microsoft Encarta 2000-->"C:\Program Files\Microsoft Encarta\Encyclopédie Encarta 2000\unee2000.exe" /uninstall
    Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
    ffdshow-->"C:\Program Files\ffdshow\uninstall.exe"
    GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
    Google Earth-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
    Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
    HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
    HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
    HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
    HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
    HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
    InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
    InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
    J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    LimeWire 4.18.8-->"F:\Logiciels\Limewire\uninstall.exe"
    LiveBox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}\Setup.exe" -l0x40c
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Wind
    Contenus similaires
    a c 267 8 Sécurité
    a b 9 Windows
    2 Mars 2009 21:56:06

    Citation :
    Qu'est ce que le EoRezo et le Purity?

    ---> Je t'expliquerai un peu plus tard mais tu as d'autres infections.

    Message édité par Destrio5.
    2 Mars 2009 22:24:29

    J'écris ce message depuis un autre ordinateur:

    J'ai fait tout ce que tu m'a demandé de faire, lorsque l'ordinateur a redémarré, UsbFix s'est lancé comme prévu.
    Il m'a demander d'insérer un cd, j'ai donc fais annuler car je ne savais pas de quel cd il s'agissait, et maintenant l'ordinateur est bloqué avec une fenêtre rouge ouvert où il est marqué "suppression des fichiers / dossiers...
    Que dois-je faire? dois-je le fermer?
    a c 267 8 Sécurité
    a b 9 Windows
    2 Mars 2009 22:27:26

    Citation :
    Il m'a demander d'insérer un cd, j'ai donc fais annuler car je ne savais pas de quel cd il s'agissait

    ---> C'est un bogue, il suffit de cliquer plusieurs fois sur Continuer.

    Il est bloqué depuis combien de temps ?
    2 Mars 2009 22:27:28

    Des messages d'erreurs apparaissent: "exception processing message c0012....."
    Je dois annuler, continuer ou recommencer?
    2 Mars 2009 22:27:47

    Depuis 10 bonnes minutes
    a c 267 8 Sécurité
    a b 9 Windows
    2 Mars 2009 22:29:45

    Mets Continuer plusieurs fois. Je pense qu'il va se débloquer sinon redémarre le PC.
    2 Mars 2009 22:32:07

    C'est bon finalement il s'est débloqué.
    En se rallumant, Avira a trouvé un virus "TR/Dldr.PurityScan.FK"

    Voici le rapport UsbFix:




    -------------- UsbFix V2.414.3 ---------------

    * User : Compaq_Propri‚taire - PRESARIO_SR1520
    * Outils mis a jours le 18/01/2009 par Chiquitine29 et Chimay8
    * Recherche effectuée à 22:10:20 le 02/03/2009
    * Windows Xp - Internet Explorer 7.0.5730.13


    --------------- [ Processus actifs ] ----------------


    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe

    D: - Lecteur fixe

    F: - Lecteur fixe

    K: - Lecteur amovible


    +- Contenu de l'autorun : D:\autorun.inf

    [autorun]
    OPEN=setupSNK.exe
    ICON=\SMRTNTKY\fcw.ico
    ACTION=Assistant Réseau sans fil

    +- Contenu de l'autorun : K:\autorun.inf

    [AutoRun]
    open=AdobeR.exe e
    shellexecute=AdobeR.exe e
    shell\Auto\command=AdobeR.exe e
    shell=Auto

    --------------- [ Lecteur C ] ----------------

    C: - Lecteur fixe


    +- Listing des fichiers présents :

    [06/06/2006 20:21][--a------] C:\AUTOEXEC.BAT
    [05/08/2004 13:00][-rahs----] C:\NTDETECT.COM
    [19/10/2005 08:51][-rahs----] C:\boot.ini
    [19/10/2005 08:51][-rahs----] C:\trace.ini
    [17/02/2008 15:01][--a------] C:\temp.txt
    [17/02/2008 15:01][--a------] C:\UsbFix.txt
    [23/11/2004 22:21][--a------] C:\CONFIG.SYS
    [23/11/2004 22:21][--a------] C:\hiberfil.sys
    [23/11/2004 22:21][--a------] C:\IO.SYS
    [23/11/2004 22:21][--a------] C:\MSDOS.SYS
    [23/11/2004 22:21][--a------] C:\pagefile.sys

    --------------- [ Lecteur D ] ----------------

    D: - Lecteur fixe


    +- Listing des fichiers présents :

    [28/07/2001 07:07][---hs----] D:\AUTOEXEC.BAT
    [25/07/2001 23:00][---hs----] D:\NTDETECT.COM
    [30/11/2004 13:01][---hs----] D:\Info.exe
    [30/11/2004 13:01][---hs----] D:\setupSNK.exe
    [09/01/2002 20:52][---hs----] D:\BOOT.INI
    [09/01/2002 20:52][---hs----] D:\Desktop.ini
    [09/01/2002 20:52][---hs----] D:\WINBOM.INI
    [21/06/2006 19:35][--a------] D:\Autorun.inf
    [10/09/2002 17:21][---hs----] D:\Folder.htt
    [28/07/2001 07:07][---hs----] D:\CONFIG.SYS
    [28/07/2001 07:07][---hs----] D:\IO.SYS
    [28/07/2001 07:07][---hs----] D:\MSDOS.SYS

    --------------- [ Lecteur F ] ----------------

    F: - Lecteur fixe


    +- Listing des fichiers présents :


    --------------- [ Lecteur K ] ----------------

    K: - Lecteur amovible


    +- Listing des fichiers présents :

    [25/05/2008 13:56][--ahs----] K:\AUTORUN.INF

    --------------- [ Registre / Startup ] ----------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
    Creative Detector=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
    Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    Tsra="C:\DOCUME~1\COMPAQ~1\APPLIC~1\WNSXS~1\svchost.exe" -vt ndrv
    Ksdxa="C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?icrosoft.NET\n?tdde.exe"
    Cmppdea=C:\WINDOWS\?ystem32\w?auclt.exe
    Dine="C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?ssembly\i?xplore.exe"
    Eihbr=C:\WINDOWS\system32\?dobe\?pool32.exe
    Btcalg="C:\Program Files\??crosoft\w?nword.exe"
    Mwypsqvp=C:\WINDOWS\system32\??crosoft\??xplore.exe
    Izda=C:\WINDOWS\system32\s?stem32\?hkdsk.exe
    Micmst="C:\Documents and Settings\Compaq_Propriétaire\Mes documents\??crosoft.NET\w?auboot.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
    iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    SYSTMON.EXE=C:\WINDOWS\system32\drivers\SYSTMON.EXE

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e131085-44ef-11db-953a-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e131086-44ef-11db-953a-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e9cae5-f92b-11da-94f3-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c7b0b1c-6f63-11dc-96b9-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f2fb2c5-d962-11dc-973e-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99cfe8b8-1b6e-11dd-9785-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9eeaaf57-635c-11dc-96a8-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a923b831-47a4-11da-93f8-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b261f011-772a-11db-9578-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b261f011-772a-11db-9578-0003c961750e}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd3dbb29-fb42-11dc-9765-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9496bed-6e61-11dc-96b6-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b17587-1c28-11dd-9786-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b1758a-1c28-11dd-9786-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e67c7780-65a2-11da-9423-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e76e845f-0d62-11dd-9774-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f010502f-f23a-11db-9624-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4a368bf-7018-11db-9571-0003c961750e}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc5c6d92-413c-11dc-9698-0003c961750e}\Shell\AutoRun\command

    --------------- [ Nettoyage des disques ] ----------------

    Supprimé ! - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\CmdLineExt02.dll
    Supprimé ! - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R‚pertoire temporaire 1 pour [PC Game] Warcraft 3 - Reign of Chaos ITA + Serial + Crack.zip
    Supprimé ! - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R‚pertoire temporaire 2 pour [PC Game] Warcraft 3 - Reign of Chaos ITA + Serial + Crack.zip
    Supprimé ! - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R‚pertoire temporaire 3 pour [PC Game] Warcraft 3 - Reign of Chaos ITA + Serial + Crack.zip
    Supprimé ! - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\SIntf32.dll
    Supprimé ! - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\nsp20B.tmp\System.dll
    Supprimé ! - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R‚pertoire temporaire 1 pour [PC Game] Warcraft 3 - Reign of Chaos ITA + Serial + Crack.zip\WARCRAFT III+CD-KEY+NO.CD....ITA!!!!!!!!!!!!!.SCAMBIO SOLO CON QUELLO KE M'INTERESSA
    Supprimé ! - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R‚pertoire temporaire 1 pour [PC Game] Warcraft 3 - Reign of Chaos ITA + Serial + Crack.zip\WARCRAFT III+CD-KEY+NO.CD....ITA!!!!!!!!!!!!!.SCAMBIO SOLO CON QUELLO KE M'INTERESSA\Warcraft III.ccd
    Supprimé ! - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R‚pertoire temporaire 2 pour [PC Game] Warcraft 3 - Reign of Chaos ITA + Serial + Crack.zip\WARCRAFT III+CD-KEY+NO.CD....ITA!!!!!!!!!!!!!.SCAMBIO SOLO CON QUELLO KE M'INTERESSA
    Supprimé ! - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R‚pertoire temporaire 2 pour [PC Game] Warcraft 3 - Reign of Chaos ITA + Serial + Crack.zip\WARCRAFT III+CD-KEY+NO.CD....ITA!!!!!!!!!!!!!.SCAMBIO SOLO CON QUELLO KE M'INTERESSA\Warcraft III.ccd
    Supprimé ! - [10/09/2002 17:21][---hs----] D:\Folder.htt
    Supprimé ! - [30/11/2004 13:01][---hs----] D:\info.exe
    Supprimé ! - [21/06/2006 19:35][--a------] D:\autorun.inf
    Supprimé ! - [20/12/2008 15:26][---hs----] F:\msvcr71.dll
    Supprimé ! - [12/06/2007 15:24][---hs----] K:\msvcr71.dll
    Supprimé ! - [25/05/2008 13:56][--ahs----] K:\autorun.inf

    --------------- [ Resumé ] ----------------

    -> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

    [06/06/2006 20:21][--a------] C:\AUTOEXEC.BAT
    [05/08/2004 13:00][-rahs----] C:\NTDETECT.COM
    [19/10/2005 08:51][-rahs----] C:\boot.ini
    [19/10/2005 08:51][-rahs----] C:\trace.ini
    [28/07/2001 07:07][---hs----] D:\AUTOEXEC.BAT
    [25/07/2001 23:00][---hs----] D:\NTDETECT.COM
    [04/08/2004 00:55][--a------] D:\setupSNK.exe
    [09/01/2002 20:52][---hs----] D:\BOOT.INI
    [09/01/2002 20:52][---hs----] D:\Desktop.ini
    [09/01/2002 20:52][---hs----] D:\WINBOM.INI

    --------------- [ Vaccination ] ----------------

    C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    K:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

    --------------- ! Fin du rapport ! ----------------

    a c 267 8 Sécurité
    a b 9 Windows
    2 Mars 2009 22:43:16

    Citation :
    "TR/Dldr.PurityScan.FK"

    ---> Je ne sais pas si tu as remarqué qu'il y a le mot Purity dans le mot ;) 


    1/

  • Désinstalle UsbFix.

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log


    2/

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
  • Double-clique sur le raccourci d'Ad-Remover situé sur ton Bureau.
    (Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
  • Au menu principal, choisis l'option A.
  • Poste le rapport qui apparaît à la fin (C:\Ad-report(date).log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    2 Mars 2009 23:04:50

    J'ai lancé comme prévu OTMoveIt3, le programme s'est exécuté normalement, mais il s'est bloqué, et mon ordinateur aussi (j'écris d'un autre pc). Dois-je le redémarrer?
    Je crois que le programme a fini de s'exécuter, mais ma bar de tach ne réapparait pas et quand je click, rien ne se passe...
    2 Mars 2009 23:06:51

    Finalement j'ai trouvé comment le redémarrer avec la fenêtre.... le rapport arrive!
    2 Mars 2009 23:16:24

    Voici le rapport OTMoveIt3:

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\Аdobe moved successfully.
    C:\WINDOWS\Ѕуmantec moved successfully.
    C:\WINDOWS\sуmbols moved successfully.
    C:\WINDOWS\ѕystem moved successfully.
    C:\WINDOWS\ѕystem32 moved successfully.
    C:\WINDOWS\Τаsks moved successfully.
    C:\WINDOWS\system32\Αdobe moved successfully.
    C:\WINDOWS\system32\Аdobe moved successfully.
    C:\WINDOWS\system32\Fоnts moved successfully.
    C:\WINDOWS\system32\Μіcrosoft moved successfully.
    C:\WINDOWS\system32\Мicrosoft moved successfully.
    C:\WINDOWS\system32\sуstem32 moved successfully.
    C:\WINDOWS\system32\Тasks moved successfully.
    C:\WINDOWS\system32\WіnSxS moved successfully.
    C:\Program Files\Αdobe moved successfully.
    C:\Program Files\ΑрpPatch\ΑрpPatch moved successfully.
    C:\Program Files\ΑрpPatch moved successfully.
    C:\Program Files\Μіcrosoft moved successfully.
    C:\Program Files\Outerinfo\FF\components moved successfully.
    C:\Program Files\Outerinfo\FF moved successfully.
    C:\Program Files\Outerinfo moved successfully.
    C:\Program Files\Ѕуmantec moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Аdobe moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Fоnts moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Міcrosoft.NET moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\sуmbols moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Міcrosoft moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Οracle moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Ѕуmantec moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\ѕуstem moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\WіnSxS moved successfully.
    File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\etilqs_iuWDTBMabDUIcsSrjYnR scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03022009_225823

    Files moved on Reboot...
    File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\etilqs_iuWDTBMabDUIcsSrjYnR not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.













    Voici le rapport Ad-Remover:


    ------- LOGFILE OF AD-REMOVER 1.1.1.5 | ONLY XP/VISTA -------

    Updated by C_XX on 25/02/2009 at 20:30

    Start at: 23:11:06 | Lun 02/03/2009 | Boot mode: Normal Boot
    Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
    Computer Name: PRESARIO_SR1520
    Current User: Compaq_Propri‚taire - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - D:\ (File System: FAT32)
    - F:\ (File System: FAT32)
    - K:\ (File System: FAT)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\System32\

    --- Running Processes: 40

    +-----------------| Boonty/Boonty Games Elements Found:

    Service: Boonty Games
    .
    HKCR\boontybox
    HKCU\Software\Boonty
    HKLM\Software\Boonty
    HKLM\Software\Classes\boontybox
    HKLM\System\ControlSet001\Services\Boonty Games
    HKLM\System\CurrentControlSet\Services\Boonty Games
    HKLM\System\ControlSet003\Services\Boonty Games
    .
    C:\Program Files\Boonty
    C:\Program Files\BoontyGames
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Documents and Settings\All Users\Application Data\BOONTY

    +-----------------| Eorezo Elements Found:

    HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKCU\Software\EoRezo
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\Software\EoRezo
    HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\Software\Classes\EoRezoBHO.EoBho
    HKLM\Software\Classes\EoRezoBHO.EoBho.1
    HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
    .
    C:\Program Files\EoRezo
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\EoRezo
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Eorezo

    +-----------------| Infected Poker Softwares Elements Found:

    HKCU\Software\pacificpoker
    HKCU\Software\pokerinstaller
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pacific Poker
    .
    C:\Program Files\PacificPoker
    C:\Program Files\PacificPoker4
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Microsoft\Internet Explorer\Quick Launch\Pacific Poker.lnk
    C:\Documents and Settings\Compaq_Propri‚taire\Menudm~1\Progra~1\Pacific Poker
    C:\Documents and Settings\Compaq_Propri‚taire\Menudm~1\Pacific Poker.lnk
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Microsoft\Internet Explorer\Quick Launch\Pacific Poker.lnk
    C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Pacific Poker.lnk
    C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Pacific Poker.lnk

    +-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

    .
    HKCU\Software\FunWebProducts
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}
    HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}
    .
    C:\Program Files\Mozilla Firefox\Plugins\NPMyWebS.dll
    C:\Program Files\Internet Explorer\msimg32.dll

    +-----------------| It's TV Elements Found:

    HKCU\Software\ItsLabel
    HKLM\Software\ItsLabel
    HKU\S-1-5-21-214370685-1489417322-724335121-1008\Software\ItsLabel
    .
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\ItsLabel
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\ItsLabel

    +-----------------| Sweetim Elements Found:

    .

    +-----------------| Other Adwares Found:

    .
    .

    +-----------------| Added Scan:

    ---- Mozilla FireFox Version 3.0.6 ----

    ProfilePath: 35ngzbxs.default
    .
    .
    .
    .
    .
    .

    ---- Internet Explorer Version 7.0.5730.13 ----

    +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Search bar: hxxp://www.google.com/ie
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

    +-[HKEY_USERS\S-1-5-21-214370685-1489417322-724335121-1008\..\Internet Explorer\Main]

    Search bar: hxxp://www.google.com/ie
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start page: hxxp://fr.msn.com/

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: hxxp://ieframe.dll/tabswelcome.htm

    +---------------------------------------------------------------------------+

    [~5564 Bytes] - C:\Ad-Report-Scan-02.03.2009.log

    - C:\Program Files\Ad-remover\TOOLS\BACKUP
    - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

    End at: 23:13:01 | 02/03/2009
    .
    +-----------------| E.O.F - 116 Lines
    .
    a c 267 8 Sécurité
    a b 9 Windows
    2 Mars 2009 23:18:12

    PacificPoker4 a été détecté, je peux te le faire retirer ?
    2 Mars 2009 23:21:13

    Bien sur, je n'y joue plus...
    a c 267 8 Sécurité
    a b 9 Windows
    2 Mars 2009 23:25:31

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur le raccourci d'Ad-Remover pour le lancer.
    (Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)

  • Au menu principal, choisis l'option B.

  • Coche A à l'écran de sélection :



  • Puis choisis S, le programme va travailler.

  • Poste le rapport qui apparaît à la fin (C:\Ad-report.log).

    /!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide /!\
    2 Mars 2009 23:35:51

    Voici le rapport Ad-Remover:



    ------- LOGFILE OF AD-REMOVER 1.1.1.5 | ONLY XP/VISTA -------

    Updated by C_XX on 25/02/2009 at 20:30

    *** LIMITED TO ***

    Boonty/BoontyGames
    Eorezo
    Infected Poker Softwares
    FunWebProduct/MyWay/MyWebSearch
    It's TV
    Sweetim
    Other Adwares

    ******************

    Start at: 23:28:35 | Lun 02/03/2009 | Boot mode: Normal Boot
    Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
    Computer Name: PRESARIO_SR1520
    Current User: Compaq_Propri‚taire - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - D:\ (File System: FAT32)
    - F:\ (File System: FAT32)
    - K:\ (File System: FAT)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\System32\

    --- Running Processes: 37

    (!) ---- IE start pages/Tabs reset

    +--------------------| Boonty/Boonty Games Elements Deleted :

    Service: "Boonty Games"
    .
    HKCR\boontybox
    HKCU\Software\Boonty
    HKLM\Software\Boonty
    HKLM\System\ControlSet003\Services\Boonty Games
    .
    C:\Program Files\Boonty
    C:\Program Files\Services en ligne\Boonty
    C:\Program Files\BoontyGames
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Documents and Settings\All Users\Application Data\BOONTY

    +-----------------| Eorezo Elements Deleted :

    HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKCU\Software\EoRezo
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\Software\EoRezo
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
    .
    C:\Program Files\EoRezo
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\EoRezo

    +-----------------| Infected Poker Softwares Elements Deleted :

    HKCU\Software\pacificpoker
    HKCU\Software\pokerinstaller
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pacific Poker
    .
    C:\Program Files\PacificPoker

    +-----------------| FunWebProducts/MyWay/MyWebSearch Elements Deleted :

    .
    HKCU\Software\FunWebProducts
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}
    HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}
    .
    C:\Program Files\Mozilla Firefox\Plugins\NPMyWebS.dll

    +-----------------| It's TV Elements Deleted :

    HKCU\Software\ItsLabel
    HKLM\Software\ItsLabel
    .
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\ItsLabel

    +-----------------| Sweetim Elements Deleted :

    .

    +-----------------| Other Adwares Deleted:

    .
    .

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.


    +-----------------| Added Scan :

    ---- Mozilla FireFox Version 3.0.6 ----

    ProfilePath: 35ngzbxs.default
    .
    .
    .
    .
    .
    .

    ---- Internet Explorer Version 7.0.5730.13 ----

    +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

    +-[HKEY_USERS\S-1-5-21-214370685-1489417322-724335121-1008\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://fr.msn.com/

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: hxxp://ieframe.dll/tabswelcome.htm

    +---------------------------------------------------------------------------+

    [~5127 Bytes] - C:\Ad-Report-Clean-02.03.2009.log
    [~5786 Bytes] - C:\Ad-Report-Scan-02.03.2009.log

    - C:\Program Files\Ad-remover\TOOLS\BACKUP
    - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

    End at: 23:32:49 | 02/03/2009
    .
    +-----------------| E.O.F - 115 Lines
    .
    a c 267 8 Sécurité
    a b 9 Windows
    2 Mars 2009 23:39:55

  • Désinstalle Ad-Remover.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    2 Mars 2009 23:55:17

    Voici le rapport MBAM:


    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1814
    Windows 5.1.2600 Service Pack 2

    02/03/2009 23:54:09
    mbam-log-2009-03-02 (23-54-09).txt

    Type de recherche: Examen rapide
    Eléments examinés: 65776
    Temps écoulé: 5 minute(s), 22 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{3c77432e-0b74-1036-0509-050203200021} (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully.
    a c 267 8 Sécurité
    a b 9 Windows
    2 Mars 2009 23:59:34

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Désinstalle les programmes suivants :
    - J2SE Runtime Environment 5.0 Update 11
    - J2SE Runtime Environment 5.0 Update 5
    - J2SE Runtime Environment 5.0 Update 6
    - J2SE Runtime Environment 5.0 Update 9
    - J2SE Runtime Environment 5.0
    - Java 6 Update 3
    - Java SE Runtime Environment 6 Update 1

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Refais un scan RSIT et poste le rapport log.
    3 Mars 2009 00:24:11

    Un scan RSIT??? Tu veux dire un scanMBAM?
    3 Mars 2009 00:34:43

    Voici le rapport RSIT:


    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Compaq_Propriétaire at 2009-03-03 00:34:05
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 75 GB (52%) free of 146 GB
    Total RAM: 503 MB (36% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:34:12, on 03/03/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
    O2 - BHO: (no name) - {A266981C-778A-0421-F73A-79A2E2ED4CC3} - C:\WINDOWS\system32\physigz.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {AE62CC4A-7289-0727-F73A-79A2E3B91AC2} - C:\WINDOWS\system32\nje.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SYSTMON.EXE] C:\WINDOWS\system32\drivers\SYSTMON.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Tsra] "C:\DOCUME~1\COMPAQ~1\APPLIC~1\WNSXS~1\svchost.exe" -vt ndrv
    O4 - HKCU\..\Run: [Ksdxa] "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?icrosoft.NET\n?tdde.exe"
    O4 - HKCU\..\Run: [Cmppdea] C:\WINDOWS\?ystem32\w?auclt.exe
    O4 - HKCU\..\Run: [Dine] "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?ssembly\i?xplore.exe"
    O4 - HKCU\..\Run: [Eihbr] C:\WINDOWS\system32\?dobe\?pool32.exe
    O4 - HKCU\..\Run: [Btcalg] "C:\Program Files\??crosoft\w?nword.exe"
    O4 - HKCU\..\Run: [Mwypsqvp] C:\WINDOWS\system32\??crosoft\??xplore.exe
    O4 - HKCU\..\Run: [Izda] C:\WINDOWS\system32\s?stem32\?hkdsk.exe
    O4 - HKCU\..\Run: [Micmst] "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\??crosoft.NET\w?auboot.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPU...
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1....
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

    --
    End of file - 9119 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Symantec NetDetect.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{216A7CAC-2E9B-4F70-AB77-6F9B575C1DE3}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
    ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A266981C-778A-0421-F73A-79A2E2ED4CC3}]
    C:\WINDOWS\system32\physigz.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-08-09 2018368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE62CC4A-7289-0727-F73A-79A2E3B91AC2}]
    C:\WINDOWS\system32\nje.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-13 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-03 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-03 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-08-09 2018368]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-19 266497]
    "SYSTMON.EXE"=C:\WINDOWS\system32\drivers\SYSTMON.EXE []
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-03 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]
    "Uninstall getPlus(R) for Adobe"=C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
    "Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-08 68856]
    "Tsra"=C:\DOCUME~1\COMPAQ~1\APPLIC~1\WNSXS~1\svchost.exe -vt ndrv []
    "Ksdxa"=C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?icrosoft.NET\n?tdde.exe []
    "Cmppdea"=C:\WINDOWS\?ystem32\w?auclt.exe []
    "Dine"=C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?ssembly\i?xplore.exe []
    "Eihbr"=C:\WINDOWS\system32\?dobe\?pool32.exe []
    "Btcalg"=C:\Program Files\??crosoft\w?nword.exe []
    "Mwypsqvp"=C:\WINDOWS\system32\??crosoft\??xplore.exe []
    "Izda"=C:\WINDOWS\system32\s?stem32\?hkdsk.exe []
    "Micmst"=C:\Documents and Settings\Compaq_Propriétaire\Mes documents\??crosoft.NET\w?auboot.exe []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
    VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico

    C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    PowerReg Scheduler.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\nanouch\incredimail_install.exe"="C:\Documents and Settings\Compaq_Propriétaire\Mes documents\nanouch\incredimail_install.exe:*:Enabled:IncrediMail Installer"
    "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\31exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\31exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\27exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\27exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\42exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\42exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\75exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\75exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\82exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\82exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\13exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\13exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\84exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\84exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\45exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\45exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\37exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\37exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\99exinjs.a7.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\99exinjs.a7.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\53exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\53exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\88exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\88exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\14exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\14exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\76exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\76exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\23exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\23exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\Program Files\MaxTV\maxtv.exe"="C:\Program Files\MaxTV\maxtv.exe:*:Enabled:MaxTV Online"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\68exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\68exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\77exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\77exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\65exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\65exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\4exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\4exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\89exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\89exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\33exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\33exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\81exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\81exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\34exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\34exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\11exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\11exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\36exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\36exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\62exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\62exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\44exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\44exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\6exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\6exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\58exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\58exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\48exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\48exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\50exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\50exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\28exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\28exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\90exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\90exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\73exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\73exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\12exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\12exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\72exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\72exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\3exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\3exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\97exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\97exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\79exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\79exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\78exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\78exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\18exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\18exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\46exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\46exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\95exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\95exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\29exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\29exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\16exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\16exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\83exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\83exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\74exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\74exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\51exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\51exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\43exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\43exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\96exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\96exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\52exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\52exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\59exinjs.a8.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\59exinjs.a8.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\25exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\25exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\29exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\29exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\49exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\49exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\64exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\64exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\77exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\77exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\18exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\18exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\15exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\15exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2exinjs.a9.exe:*:Enabled:Microsoft Update"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======List of files/folders created in the last 1 months======

    2009-03-03 00:14:34 ----D---- C:\Program Files\NOS
    2009-03-03 00:14:34 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
    2009-03-03 00:13:29 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-03-03 00:13:29 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-03-03 00:13:29 ----A---- C:\WINDOWS\system32\java.exe
    2009-03-03 00:13:29 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-03-02 23:47:09 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
    2009-03-02 23:47:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-02 23:47:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-03-02 23:10:31 ----D---- C:\Program Files\Ad-remover
    2009-03-02 22:58:23 ----D---- C:\_OTMoveIt
    2009-03-02 22:27:55 ----HD---- C:\autorun.inf
    2009-03-02 22:10:20 ----A---- C:\UsbFix.txt
    2009-03-02 22:07:48 ----D---- C:\Program Files\UsbFix
    2009-03-02 21:49:02 ----D---- C:\rsit
    2009-03-02 21:13:17 ----D---- C:\Program Files\Trend Micro
    2009-02-25 07:17:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-11 23:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

    ======List of files/folders modified in the last 1 months======

    2009-03-03 00:34:11 ----D---- C:\WINDOWS\Prefetch
    2009-03-03 00:23:15 ----SHD---- C:\WINDOWS\Installer
    2009-03-03 00:23:14 ----HD---- C:\Config.Msi
    2009-03-03 00:23:14 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-03-03 00:22:42 ----D---- C:\Program Files\Fichiers communs\Adobe
    2009-03-03 00:21:12 ----D---- C:\Program Files\Adobe
    2009-03-03 00:19:57 ----D---- C:\WINDOWS\system32
    2009-03-03 00:14:46 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-03 00:14:34 ----D---- C:\Program Files
    2009-03-03 00:13:31 ----D---- C:\WINDOWS\Temp
    2009-03-03 00:13:03 ----D---- C:\Program Files\Java
    2009-03-03 00:11:17 ----D---- C:\Program Files\Fichiers communs
    2009-03-02 23:54:09 ----D---- C:\WINDOWS
    2009-03-02 23:54:09 ----D---- C:\Program Files\Internet Explorer
    2009-03-02 23:47:06 ----D---- C:\WINDOWS\system32\drivers
    2009-03-02 23:46:31 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-03-02 23:40:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-02 23:29:26 ----D---- C:\Program Files\Services en ligne
    2009-03-02 23:09:47 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-02-25 07:18:03 ----HD---- C:\WINDOWS\inf
    2009-02-25 07:17:57 ----D---- C:\WINDOWS\system32\dllcache
    2009-02-25 07:10:32 ----HD---- C:\WINDOWS\$hf_mig$
    2009-02-23 20:43:00 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2009-02-23 20:42:59 ----D---- C:\WINDOWS\system32\CatRoot
    2009-02-22 17:39:27 ----D---- C:\Code Route 4 (E)
    2009-02-18 20:18:21 ----D---- C:\WINDOWS\system32\fr-fr
    2009-02-11 23:05:03 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-02-11 23:03:59 ----A---- C:\WINDOWS\imsins.BAK
    2009-02-11 23:03:24 ----D---- C:\WINDOWS\ie7updates
    2009-02-04 00:21:12 ----AC---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072]
    R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244]
    R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
    R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-08-18 110080]
    R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
    R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-10-15 71168]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-08-13 379456]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
    S3 DCamUSBDXGTech;Dual-Mode DSC (Video Camera); C:\WINDOWS\System32\Drivers\GT891x1.SYS []
    S3 GT890x;Dual-Mode DSC (Still Camera); C:\WINDOWS\System32\Drivers\GT890x.SYS []
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
    S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMD031.sys [2003-04-01 35319]
    S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
    R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
    R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2005-11-13 54784]
    R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
    R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2006-04-20 1520688]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-03 152984]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
    R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
    S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
    S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe [2002-12-24 65536]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]

    -----------------EOF-----------------
    a c 267 8 Sécurité
    a b 9 Windows
    3 Mars 2009 00:45:19

    1/

  • Cherche ce fichier : C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe
  • Double-clique sur ce fichier.
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)

    O2 - BHO: (no name) - {A266981C-778A-0421-F73A-79A2E2ED4CC3} - C:\WINDOWS\system32\physigz.dll (file missing)

    O2 - BHO: (no name) - {AE62CC4A-7289-0727-F73A-79A2E3B91AC2} - C:\WINDOWS\system32\nje.dll (file missing)

    O4 - HKLM\..\Run: [SYSTMON.EXE] C:\WINDOWS\system32\drivers\SYSTMON.EXE

    O4 - HKCU\..\Run: [Tsra] "C:\DOCUME~1\COMPAQ~1\APPLIC~1\WNSXS~1\svchost.exe" -vt ndrv

    O4 - HKCU\..\Run: [Ksdxa] "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?icrosoft.NET\n?tdde.exe"

    O4 - HKCU\..\Run: [Cmppdea] C:\WINDOWS\?ystem32\w?auclt.exe

    O4 - HKCU\..\Run: [Dine] "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\?ssembly\i?xplore.exe"

    O4 - HKCU\..\Run: [Eihbr] C:\WINDOWS\system32\?dobe\?pool32.exe

    O4 - HKCU\..\Run: [Btcalg] "C:\Program Files\??crosoft\w?nword.exe"

    O4 - HKCU\..\Run: [Mwypsqvp] C:\WINDOWS\system32\??crosoft\??xplore.exe

    O4 - HKCU\..\Run: [Izda] C:\WINDOWS\system32\s?stem32\?hkdsk.exe

    O4 - HKCU\..\Run: [Micmst] "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\??crosoft.NET\w?auboot.exe"

  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.


    2/

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe pour le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\31exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\27exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\42exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\75exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\82exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\13exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\84exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\45exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\37exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\99exinjs.a7.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\53exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\88exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\14exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\76exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\23exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\68exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\77exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\65exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\4exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\89exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\33exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\81exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\34exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\11exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\36exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\62exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\44exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\6exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\58exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\48exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\50exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\28exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\90exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\73exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\12exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\72exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\3exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\97exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\79exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\78exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\18exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\46exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\95exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\29exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\16exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\83exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\74exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\51exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\43exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\96exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\52exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\59exinjs.a8.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\25exinjs.a9.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\29exinjs.a9.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\49exinjs.a9.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\64exinjs.a9.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\77exinjs.a9.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\18exinjs.a9.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\15exinjs.a9.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a9.exe"=-
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2exinjs.a9.exe"=-

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    3 Mars 2009 00:59:09

    Voici le rapport OtMoveIt3:



    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\31exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\27exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\42exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\75exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\82exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\13exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\84exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\45exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\37exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\99exinjs.a7.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\53exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\88exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\14exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\76exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\23exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\68exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\77exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\65exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\4exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\89exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\33exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\81exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\34exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\11exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\36exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\62exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\44exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\6exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\58exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\48exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\50exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\28exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\90exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\73exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\12exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\72exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\3exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\97exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\79exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\78exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\18exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\46exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\95exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\29exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\16exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\83exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\74exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\51exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\43exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\96exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\52exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\59exinjs.a8.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\25exinjs.a9.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\29exinjs.a9.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\49exinjs.a9.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\64exinjs.a9.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\77exinjs.a9.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\18exinjs.a9.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\15exinjs.a9.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\93exinjs.a9.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2exinjs.a9.exe deleted successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\etilqs_jaZOKbBrD7yHUiQyuRiv scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF6787.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f74.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03032009_005135

    Files moved on Reboot...
    File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\etilqs_jaZOKbBrD7yHUiQyuRiv not found!
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF6787.tmp moved successfully.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_f74.dat not found!
    C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\XUL.mfl moved successfully.
    a c 267 8 Sécurité
    a b 9 Windows
    3 Mars 2009 01:05:54

    Antivir existe en français, ça t'intéresse ?
    3 Mars 2009 13:01:13

    Pourquoi pas! Mon pc n'a plus de virus?
    a c 267 8 Sécurité
    a b 9 Windows
    3 Mars 2009 13:04:03

  • Désinstalle Antivir version anglaise puis redémarre ton PC.

  • Installe Antivir et mets-le à jour.
  • Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
  • Dans Antivir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet et poste le rapport.

    Tutoriel : http://www.libellules.ch/tuto_antivir.php#Scan_disque_d...
    3 Mars 2009 20:05:54

    Voici le rapport Antivir:





    Avira AntiVir Personal
    Date de création du fichier de rapport : mardi 3 mars 2009 18:22

    La recherche porte sur 1281455 souches de virus.

    Détenteur de la licence :Avira AntiVir PersonalEdition Classic
    Numéro de série : 0000149996-ADJIE-0001
    Plateforme : Windows XP
    Version de Windows :( Service Pack 3) [5.1.2600]
    Mode Boot : Démarré normalement
    Identifiant : SYSTEM
    Nom de l'ordinateur :p RESARIO_SR1520

    Informations de version :
    BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 03/03/2009 17:21:04
    AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
    LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:21:05
    ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 17:21:05
    ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 03/03/2009 17:21:05
    ANTIVIR3.VDF : 7.1.2.113 59392 Bytes 03/03/2009 17:21:05
    Version du moteur: 8.2.0.98
    AEVDF.DLL : 8.1.1.0 106868 Bytes 03/03/2009 17:21:05
    AESCRIPT.DLL : 8.1.1.56 352634 Bytes 03/03/2009 17:21:05
    AESCN.DLL : 8.1.1.7 127347 Bytes 03/03/2009 17:21:05
    AERDL.DLL : 8.1.1.3 438645 Bytes 03/03/2009 17:21:05
    AEPACK.DLL : 8.1.3.8 397684 Bytes 03/03/2009 17:21:05
    AEOFFICE.DLL : 8.1.0.36 196987 Bytes 03/03/2009 17:21:05
    AEHEUR.DLL : 8.1.0.100 1618295 Bytes 03/03/2009 17:21:05
    AEHELP.DLL : 8.1.2.2 119158 Bytes 03/03/2009 17:21:05
    AEGEN.DLL : 8.1.1.22 336245 Bytes 03/03/2009 17:21:05
    AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
    AECORE.DLL : 8.1.6.6 176501 Bytes 03/03/2009 17:21:05
    AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
    AVREP.DLL : 8.0.0.2 98344 Bytes 03/03/2009 17:21:05
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
    RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

    Configuration pour la recherche actuelle :
    Nom de la tâche..................: Contrôle intégral du système
    Fichier de configuration.........: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
    Documentation....................: bas
    Action principale................: interactif
    Action secondaire................: ignorer
    Recherche sur les secteurs d'amorçage maître: marche
    Recherche sur les secteurs d'amorçage: marche
    Secteurs d'amorçage..............: C:, D:,
    Recherche dans les programmes actifs: marche
    Recherche en cours sur l'enregistrement: marche
    Recherche de Rootkits............: marche
    Fichier mode de recherche........: Sélection de fichiers intelligente
    Recherche sur les archives.......: marche
    Limiter la profondeur de récursivité: 20
    Archive Smart Extensions.........: marche
    Heuristique de macrovirus........: marche
    Heuristique fichier..............: moyen

    Début de la recherche : mardi 3 mars 2009 18:22

    La recherche d'objets cachés commence.
    '78368' objets ont été contrôlés, '0' objets cachés ont été trouvés.

    La recherche sur les processus démarrés commence :
    Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'hpqste08.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'hpqtra08.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'CTDetect.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'msmsgs.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'mdm.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'cvpnd.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'CTSVCCDA.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'CDAC11BA.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
    '36' processus ont été contrôlés avec '36' modules

    La recherche sur les secteurs d'amorçage maître commence :
    Secteur d'amorçage maître HD0
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD1
    [INFO] Aucun virus trouvé !
    [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt.
    Secteur d'amorçage maître HD2
    [INFO] Aucun virus trouvé !
    [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt.
    Secteur d'amorçage maître HD3
    [INFO] Aucun virus trouvé !
    [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt.
    Secteur d'amorçage maître HD4
    [INFO] Aucun virus trouvé !
    [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt.

    La recherche sur les secteurs d'amorçage commence :
    Secteur d'amorçage 'C:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'D:\'
    [INFO] Aucun virus trouvé !

    La recherche sur les renvois aux fichiers exécutables (registre) commence.
    Le registre a été contrôlé ( '53' fichiers).


    La recherche sur les fichiers sélectionnés commence :

    Recherche débutant dans 'C:\' <PRESARIO>
    C:\hiberfil.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Mes numérisations\2007-07 (juil.).ace
    [0] Type d'archive: ACE
    --> 2007-07 (juil.)\Numツriser0003.jpg
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    C:\Documents and Settings\Compaq_Propriétaire\Shared\girl like you armand van.mp3
    [RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a1f6d81.qua' !
    C:\Documents and Settings\Compaq_Propriétaire\Shared\tom snare waterfall 2008.mp3
    [RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a1a6d8d.qua' !
    C:\Program Files\eMule\Incoming\2_Diablo II.zip
    [0] Type d'archive: ZIP
    --> Diablo II/d2load.exe
    [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen
    [AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26001
    [AVERTISSEMENT] Erreur dans l'initialisation de la quarantaine !
    [REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4badf94d.qua' !
    C:\Program Files\Téléchargement Limewire\street sound.mp3
    [RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a1f76d9.qua' !
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP895\A0076269.exe
    [RESULTAT] Contient le cheval de Troie TR/ATRAPS.Gen
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49dd7760.qua' !
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP896\A0076279.exe
    [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49dd7761.qua' !
    Recherche débutant dans 'D:\' <PRESARIO_RP>


    Fin de la recherche : mardi 3 mars 2009 20:01
    Temps nécessaire: 1:39:05 Heure(s)

    La recherche a été effectuée intégralement

    10061 Les répertoires ont été contrôlés
    431723 Des fichiers ont été contrôlés
    6 Des virus ou programmes indésirables ont été trouvés
    0 Des fichiers ont été classés comme suspects
    0 Des fichiers ont été supprimés
    0 Des virus ou programmes indésirables ont été réparés
    6 Les fichiers ont été déplacés dans la quarantaine
    0 Les fichiers ont été renommés
    2 Impossible de contrôler des fichiers
    431715 Fichiers non infectés
    14893 Les archives ont été contrôlées
    8 Avertissements
    6 Consignes
    78368 Des objets ont été contrôlés lors du Rootkitscan
    0 Des objets cachés ont été trouvés

    a c 267 8 Sécurité
    a b 9 Windows
    3 Mars 2009 20:38:26

    Ton PC va comment ?

  • Refais un scan RSIT et poste le rapport log.
    3 Mars 2009 20:50:28

    Apparemment mieux merci.
    Voici le rapport RSIT:



    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Compaq_Propriétaire at 2009-03-03 20:49:32
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 74 GB (51%) free of 146 GB
    Total RAM: 503 MB (37% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:49:42, on 03/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPU...
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1....
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

    --
    End of file - 8586 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Symantec NetDetect.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{216A7CAC-2E9B-4F70-AB77-6F9B575C1DE3}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-08-09 2018368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-13 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-03 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-03 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-08-09 2018368]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-03 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
    "Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-08 68856]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
    VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico

    C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    PowerReg Scheduler.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Documents and Settings\Compaq_Propriétaire\Mes documents\nanouch\incredimail_install.exe"="C:\Documents and Settings\Compaq_Propriétaire\Mes documents\nanouch\incredimail_install.exe:*:Enabled:IncrediMail Installer"
    "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\MaxTV\maxtv.exe"="C:\Program Files\MaxTV\maxtv.exe:*:Enabled:MaxTV Online"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\28exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\28exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\73exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\73exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\13exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\13exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\1exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\1exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\95exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\95exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\78exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\78exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\72exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\72exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\99exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\99exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\8exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\8exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\62exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\62exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\66exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\66exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\76exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\76exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\57exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\71exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\71exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\61exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\61exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\14exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\14exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\54exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\54exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\79exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\79exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\27exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\27exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\85exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\84exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\84exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\70exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\70exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\23exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\23exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\41exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\41exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\43exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\43exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\68exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\68exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\32exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\32exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\98exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\98exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\87exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\87exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\11exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\11exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\53exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\53exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\20exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\20exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\47exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\47exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\6exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\6exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\40exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\40exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\65exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\65exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\51exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\51exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\69exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\37exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\37exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\24exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\24exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\67exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\67exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\60exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\60exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\22exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\22exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\90exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\90exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe"="C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe:*:Enabled:D fbhd"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\58exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\58exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\38exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\4exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\4exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\75exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\75exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\3exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\3exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\26exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\26exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\36exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\36exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\31exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\31exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\63exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\63exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\17exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\17exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\44exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\44exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\55exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\55exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\12exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\12exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\48exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\48exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\59exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\59exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\89exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\89exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\88exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\88exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\92exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\92exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\74exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\74exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\21exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\21exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\82exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\82exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\83exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\83exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\33exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\33exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\10exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\10exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\81exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\81exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\56exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\56exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\39exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\39exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\30exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\34exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\34exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\35exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\35exinjs.a9.exe:*:Enabled:Microsoft Update"
    "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\16exinjs.a9.exe"="C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\16exinjs.a9.exe:*:Enabled:Microsoft Update"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======List of files/folders created in the last 1 months======

    2009-03-03 18:17:24 ----D---- C:\Program Files\Avira
    2009-03-03 18:17:24 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-03-03 17:59:54 ----D---- C:\WINDOWS\Prefetch
    2009-03-03 13:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-03-03 13:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-03-03 13:52:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2009-03-03 13:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2009-03-03 13:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2009-03-03 13:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2009-03-03 13:51:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2009-03-03 13:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2009-03-03 13:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2009-03-03 13:50:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2009-03-03 13:50:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2009-03-03 13:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2009-03-03 13:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2009-03-03 13:50:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2009-03-03 13:49:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2009-03-03 13:49:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2009-03-03 13:49:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2009-03-03 13:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2009-03-03 13:49:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2009-03-03 13:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2009-03-03 13:48:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2009-03-03 13:45:18 ----A---- C:\WINDOWS\setuplog.txt
    2009-03-03 13:43:28 ----D---- C:\WINDOWS\l2schemas
    2009-03-03 13:43:27 ----D---- C:\WINDOWS\system32\fr
    2009-03-03 13:43:27 ----D---- C:\WINDOWS\system32\bits
    2009-03-03 13:38:49 ----D---- C:\WINDOWS\ServicePackFiles
    2009-03-03 13:28:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2009-03-03 13:28:37 ----D---- C:\WINDOWS\EHome
    2009-03-03 00:14:34 ----D---- C:\Program Files\NOS
    2009-03-03 00:14:34 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
    2009-03-03 00:13:29 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-03-03 00:13:29 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-03-03 00:13:29 ----A---- C:\WINDOWS\system32\java.exe
    2009-03-03 00:13:29 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-03-02 23:47:09 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
    2009-03-02 23:47:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-02 23:47:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-03-02 23:10:31 ----D---- C:\Program Files\Ad-remover
    2009-03-02 22:58:23 ----D---- C:\_OTMoveIt
    2009-03-02 22:27:55 ----HD---- C:\autorun.inf
    2009-03-02 22:10:20 ----A---- C:\UsbFix.txt
    2009-03-02 22:07:48 ----D---- C:\Program Files\UsbFix
    2009-03-02 21:49:02 ----D---- C:\rsit
    2009-03-02 21:13:17 ----D---- C:\Program Files\Trend Micro
    2009-02-25 07:17:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
    2009-02-11 23:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

    ======List of files/folders modified in the last 1 months======

    2009-03-03 20:17:24 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-03 20:11:45 ----SHD---- C:\WINDOWS\Installer
    2009-03-03 20:11:44 ----HD---- C:\Config.Msi
    2009-03-03 20:01:44 ----D---- C:\WINDOWS\Temp
    2009-03-03 19:26:45 ----D---- C:\Program Files\Téléchargement Limewire
    2009-03-03 18:17:30 ----D---- C:\WINDOWS\system32\drivers
    2009-03-03 18:17:24 ----D---- C:\Program Files
    2009-03-03 18:12:40 ----D---- C:\WINDOWS\system32
    2009-03-03 18:12:39 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-03-03 18:08:41 ----D---- C:\WINDOWS
    2009-03-03 18:07:49 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-03 18:01:39 ----AC---- C:\WINDOWS\OEWABLog.txt
    2009-03-03 18:00:29 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-03 17:59:28 ----D---- C:\WINDOWS\system32\Setup
    2009-03-03 17:59:28 ----D---- C:\WINDOWS\AppPatch
    2009-03-03 17:59:28 ----D---- C:\Program Files\Messenger
    2009-03-03 17:59:27 ----D---- C:\WINDOWS\system32\wbem
    2009-03-03 17:59:26 ----RSD---- C:\WINDOWS\Fonts
    2009-03-03 17:58:41 ----D---- C:\WINDOWS\security
    2009-03-03 15:16:51 ----HD---- C:\WINDOWS\inf
    2009-03-03 15:16:38 ----HD---- C:\WINDOWS\$hf_mig$
    2009-03-03 13:54:23 ----D---- C:\WINDOWS\system32\CatRoot
    2009-03-03 13:53:04 ----D---- C:\WINDOWS\system32\dllcache
    2009-03-03 13:44:14 ----D---- C:\WINDOWS\WinSxS
    2009-03-03 13:43:57 ----D---- C:\WINDOWS\network diagnostic
    2009-03-03 13:43:57 ----D---- C:\WINDOWS\ime
    2009-03-03 13:43:56 ----D---- C:\WINDOWS\Help
    2009-03-03 13:43:30 ----D---- C:\WINDOWS\system32\usmt
    2009-03-03 13:43:30 ----D---- C:\WINDOWS\system32\fr-fr
    2009-03-03 13:43:27 ----D---- C:\WINDOWS\PeerNet
    2009-03-03 13:43:26 ----D---- C:\Program Files\Movie Maker
    2009-03-03 13:38:39 ----D---- C:\WINDOWS\system32\Restore
    2009-03-03 13:38:39 ----D---- C:\WINDOWS\system32\npp
    2009-03-03 13:38:38 ----D---- C:\WINDOWS\msagent
    2009-03-03 13:38:36 ----D---- C:\WINDOWS\srchasst
    2009-03-03 13:38:35 ----D---- C:\Program Files\NetMeeting
    2009-03-03 13:38:33 ----D---- C:\WINDOWS\system32\Com
    2009-03-03 13:38:31 ----D---- C:\Program Files\Windows Media Player
    2009-03-03 13:38:30 ----D---- C:\Program Files\Windows NT
    2009-03-03 13:38:30 ----D---- C:\Program Files\Outlook Express
    2009-03-03 13:38:27 ----D---- C:\Program Files\Fichiers communs\System
    2009-03-03 13:38:07 ----D---- C:\WINDOWS\system32\oobe
    2009-03-03 13:38:01 ----D---- C:\WINDOWS\system
    2009-03-03 13:33:22 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-03-03 00:23:14 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-03-03 00:22:42 ----D---- C:\Program Files\Fichiers communs\Adobe
    2009-03-03 00:21:12 ----D---- C:\Program Files\Adobe
    2009-03-03 00:13:03 ----D---- C:\Program Files\Java
    2009-03-03 00:11:17 ----D---- C:\Program Files\Fichiers communs
    2009-03-02 23:54:09 ----D---- C:\Program Files\Internet Explorer
    2009-03-02 23:29:26 ----D---- C:\Program Files\Services en ligne
    2009-02-22 17:39:27 ----D---- C:\Code Route 4 (E)
    2009-02-11 23:05:03 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-02-11 23:03:24 ----D---- C:\WINDOWS\ie7updates
    2009-02-04 00:21:12 ----AC---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-03 75072]
    R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244]
    R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
    R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-08-18 110080]
    R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-10-15 71168]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-08-13 379456]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
    S3 DCamUSBDXGTech;Dual-Mode DSC (Video Camera); C:\WINDOWS\System32\Drivers\GT891x1.SYS []
    S3 GT890x;Dual-Mode DSC (Still Camera); C:\WINDOWS\System32\Drivers\GT890x.SYS []
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
    S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMD031.sys [2003-04-01 35319]
    S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
    R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2005-11-13 54784]
    R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
    R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2006-04-20 1520688]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-03 152984]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
    R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
    S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe [2002-12-24 65536]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------
    a c 267 8 Sécurité
    a b 9 Windows
    3 Mars 2009 22:24:39

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    3 Mars 2009 22:43:33

    Voici le rapport ComboFix:



    ComboFix 09-03-02.03 - Compaq_Propriétaire 2009-03-03 22:32:27.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.503.127 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Outerinfo
    c:\documents and settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    c:\documents and settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    c:\documents and settings\Compaq_Propriétaire\Mes documents\SSEMBL~1
    c:\documents and settings\Compaq_Propriétaire\ravmonlog
    c:\program files\Fichiers communs\{3C774~1
    c:\program files\Fichiers communs\{3C774~1\888Bar.dll
    c:\program files\Fichiers communs\{3C774~1\Activate.exe
    c:\program files\Fichiers communs\{3C774~1\services.dll
    c:\program files\Fichiers communs\{3C774~1\Uninst.exe
    c:\windows\system32\taskkill.exe
    c:\windows\system32\wnsapisv32.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-03 18:17 . 2009-03-03 18:17 <REP> d-------- c:\program files\Avira
    2009-03-03 18:17 . 2009-03-03 18:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-03-03 13:43 . 2009-03-03 13:43 <REP> d-------- c:\windows\system32\fr
    2009-03-03 13:43 . 2009-03-03 13:43 <REP> d-------- c:\windows\system32\bits
    2009-03-03 13:43 . 2009-03-03 13:43 <REP> d-------- c:\windows\l2schemas
    2009-03-03 13:38 . 2009-03-03 13:44 <REP> d-------- c:\windows\ServicePackFiles
    2009-03-03 13:28 . 2009-03-03 13:28 <REP> d-------- c:\windows\EHome
    2009-03-03 00:14 . 2009-03-03 00:53 <REP> d-------- c:\program files\NOS
    2009-03-03 00:14 . 2009-03-03 00:53 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
    2009-03-03 00:13 . 2009-03-03 00:13 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-03-03 00:13 . 2009-03-03 00:13 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-03-02 23:47 . 2009-03-02 23:47 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-02 23:47 . 2009-03-02 23:47 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes
    2009-03-02 23:47 . 2009-03-02 23:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-02 23:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-02 23:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-02 23:10 . 2009-03-02 23:45 <REP> d-------- c:\program files\Ad-remover
    2009-03-02 22:58 . 2009-03-02 22:58 <REP> d-------- C:\_OTMoveIt
    2009-03-02 22:07 . 2009-03-02 22:57 <REP> d-------- c:\program files\UsbFix
    2009-03-02 21:49 . 2009-03-02 21:49 <REP> d-------- C:\rsit
    2009-03-02 21:13 . 2009-03-02 21:13 <REP> d-------- c:\program files\Trend Micro
    2009-02-20 08:03 . 2009-02-20 08:03 4,286 --a------ c:\windows\system32\EuropaCasino1.ico
    2009-02-18 03:46 . 2009-02-19 15:36 30,525 --a------ c:\windows\system32\CelldoradoIconUK.ico
    2009-02-18 03:46 . 2009-02-19 15:36 30,514 --a------ c:\windows\system32\ZoneAlarmIconUS.ico
    2009-02-18 03:45 . 2009-02-19 15:36 30,514 --a------ c:\windows\system32\ZoneAlarmIconUK.ico
    2009-02-18 03:45 . 2009-02-19 15:46 30,503 --a------ c:\windows\system32\TuneclubIconDE.ico

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-03 18:26 --------- d-----w c:\program files\Téléchargement Limewire
    2009-03-02 23:22 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-03-02 23:13 --------- d-----w c:\program files\Java
    2009-03-02 22:29 --------- d-----w c:\program files\Services en ligne
    2009-02-11 22:05 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
    2009-01-09 20:02 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Image Zone Express
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
    2008-12-20 22:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
    2008-12-20 22:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
    2008-12-20 22:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
    2008-12-20 22:47 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
    2008-12-20 22:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
    2008-12-20 22:47 105,984 ----a-w c:\windows\system32\dllcache\url.dll
    2008-12-20 22:47 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
    2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
    2008-12-19 09:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
    2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
    2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
    2006-11-09 20:36 49,624 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
    2006-11-08 21:05 560 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\ViewerApp.dat
    2005-11-22 17:14 594 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2006-02-24 08:38 952 -csha-w c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-03 148888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "VIDC.GTCC"= GTCODEC.DLL

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\svchost.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13539:TCP"= 13539:TCP:NortonAV
    "16667:TCP"= 16667:TCP:NortonAV
    "17924:TCP"= 17924:TCP:NortonAV
    "15561:TCP"= 15561:TCP:NortonAV
    "14233:TCP"= 14233:TCP:NortonAV
    "17723:TCP"= 17723:TCP:NortonAV
    "12716:TCP"= 12716:TCP:NortonAV
    "12781:TCP"= 12781:TCP:NortonAV
    "17903:TCP"= 17903:TCP:NortonAV
    "16532:TCP"= 16532:TCP:NortonAV
    "16140:TCP"= 16140:TCP:NortonAV
    "12690:TCP"= 12690:TCP:NortonAV
    "18629:TCP"= 18629:TCP:NortonAV
    "12929:TCP"= 12929:TCP:NortonAV
    "18228:TCP"= 18228:TCP:NortonAV
    "14290:TCP"= 14290:TCP:NortonAV
    "18568:TCP"= 18568:TCP:NortonAV
    "13765:TCP"= 13765:TCP:NortonAV
    "18999:TCP"= 18999:TCP:NortonAV
    "16473:TCP"= 16473:TCP:NortonAV
    "12181:TCP"= 12181:TCP:NortonAV
    "15643:TCP"= 15643:TCP:NortonAV
    "13174:TCP"= 13174:TCP:NortonAV
    "15870:TCP"= 15870:TCP:NortonAV
    "15128:TCP"= 15128:TCP:NortonAV
    "13983:TCP"= 13983:TCP:NortonAV
    "14286:TCP"= 14286:TCP:NortonAV
    "13467:TCP"= 13467:TCP:NortonAV
    "15888:TCP"= 15888:TCP:NortonAV
    "14106:TCP"= 14106:TCP:NortonAV
    "14627:TCP"= 14627:TCP:NortonAV
    "16430:TCP"= 16430:TCP:NortonAV
    "12386:TCP"= 12386:TCP:NortonAV
    "13822:TCP"= 13822:TCP:NortonAV
    "18792:TCP"= 18792:TCP:NortonAV
    "13026:TCP"= 13026:TCP:NortonAV
    "13109:TCP"= 13109:TCP:NortonAV
    "14724:TCP"= 14724:TCP:NortonAV
    "18200:TCP"= 18200:TCP:NortonAV
    "14121:TCP"= 14121:TCP:NortonAV
    "14817:TCP"= 14817:TCP:NortonAV
    "12552:TCP"= 12552:TCP:NortonAV
    "15960:TCP"= 15960:TCP:NortonAV
    "14507:TCP"= 14507:TCP:NortonAV
    "16141:TCP"= 16141:TCP:NortonAV
    "17672:TCP"= 17672:TCP:NortonAV
    "18273:TCP"= 18273:TCP:NortonAV
    "13575:TCP"= 13575:TCP:NortonAV
    "13115:TCP"= 13115:TCP:NortonAV
    "17353:TCP"= 17353:TCP:NortonAV
    "18130:TCP"= 18130:TCP:NortonAV
    "18671:TCP"= 18671:TCP:NortonAV
    "15881:TCP"= 15881:TCP:NortonAV
    "13932:TCP"= 13932:TCP:NortonAV
    "14549:TCP"= 14549:TCP:NortonAV
    "17589:TCP"= 17589:TCP:NortonAV
    "17216:TCP"= 17216:TCP:NortonAV
    "16746:TCP"= 16746:TCP:NortonAV
    "18936:TCP"= 18936:TCP:NortonAV
    "13328:TCP"= 13328:TCP:NortonAV
    "14657:TCP"= 14657:TCP:NortonAV
    "16794:TCP"= 16794:TCP:NortonAV
    "17167:TCP"= 17167:TCP:NortonAV
    "15816:TCP"= 15816:TCP:NortonAV
    "12421:TCP"= 12421:TCP:NortonAV
    "14660:TCP"= 14660:TCP:NortonAV
    "12631:TCP"= 12631:TCP:NortonAV
    "13796:TCP"= 13796:TCP:NortonAV
    "18156:TCP"= 18156:TCP:NortonAV
    "18206:TCP"= 18206:TCP:NortonAV
    "18565:TCP"= 18565:TCP:NortonAV
    "17463:TCP"= 17463:TCP:NortonAV
    "17770:TCP"= 17770:TCP:NortonAV
    "13998:TCP"= 13998:TCP:NortonAV
    "16696:TCP"= 16696:TCP:NortonAV
    "14133:TCP"= 14133:TCP:NortonAV
    "14833:TCP"= 14833:TCP:NortonAV
    "13794:TCP"= 13794:TCP:NortonAV
    "12277:TCP"= 12277:TCP:NortonAV
    "12897:TCP"= 12897:TCP:NortonAV
    "17865:TCP"= 17865:TCP:NortonAV
    "16397:TCP"= 16397:TCP:NortonAV
    "12622:TCP"= 12622:TCP:NortonAV
    "16483:TCP"= 16483:TCP:NortonAV
    "13944:TCP"= 13944:TCP:NortonAV
    "13518:TCP"= 13518:TCP:NortonAV
    "18625:TCP"= 18625:TCP:NortonAV
    "12648:TCP"= 12648:TCP:NortonAV
    "17767:TCP"= 17767:TCP:NortonAV
    "13197:TCP"= 13197:TCP:NortonAV
    "14903:TCP"= 14903:TCP:NortonAV
    "12613:TCP"= 12613:TCP:NortonAV
    "16773:TCP"= 16773:TCP:NortonAV
    "17085:TCP"= 17085:TCP:NortonAV
    "15920:TCP"= 15920:TCP:NortonAV
    "17023:TCP"= 17023:TCP:NortonAV
    "18055:TCP"= 18055:TCP:NortonAV
    "15597:TCP"= 15597:TCP:NortonAV
    "18330:TCP"= 18330:TCP:NortonAV
    "15018:TCP"= 15018:TCP:NortonAV
    "14137:TCP"= 14137:TCP:NortonAV
    "15761:TCP"= 15761:TCP:NortonAV
    "17633:TCP"= 17633:TCP:NortonAV
    "14487:TCP"= 14487:TCP:NortonAV
    "14231:TCP"= 14231:TCP:NortonAV
    "13139:TCP"= 13139:TCP:NortonAV
    "17266:TCP"= 17266:TCP:NortonAV
    "13151:TCP"= 13151:TCP:NortonAV
    "17328:TCP"= 17328:TCP:NortonAV
    "14391:TCP"= 14391:TCP:NortonAV
    "17998:TCP"= 17998:TCP:NortonAV
    "18717:TCP"= 18717:TCP:NortonAV
    "16199:TCP"= 16199:TCP:NortonAV
    "14379:TCP"= 14379:TCP:NortonAV
    "14481:TCP"= 14481:TCP:NortonAV
    "12064:TCP"= 12064:TCP:NortonAV
    "16133:TCP"= 16133:TCP:NortonAV
    "16877:TCP"= 16877:TCP:NortonAV
    "17807:TCP"= 17807:TCP:NortonAV
    "12668:TCP"= 12668:TCP:NortonAV
    "14877:TCP"= 14877:TCP:NortonAV
    "14051:TCP"= 14051:TCP:NortonAV
    "16184:TCP"= 16184:TCP:NortonAV
    "12562:TCP"= 12562:TCP:NortonAV
    "12502:TCP"= 12502:TCP:NortonAV
    "18857:TCP"= 18857:TCP:NortonAV
    "13161:TCP"= 13161:TCP:NortonAV
    "12364:TCP"= 12364:TCP:NortonAV
    "13864:TCP"= 13864:TCP:NortonAV
    "15667:TCP"= 15667:TCP:NortonAV
    "13902:TCP"= 13902:TCP:NortonAV
    "17337:TCP"= 17337:TCP:NortonAV
    "15518:TCP"= 15518:TCP:NortonAV
    "13452:TCP"= 13452:TCP:NortonAV
    "15061:TCP"= 15061:TCP:NortonAV
    "14279:TCP"= 14279:TCP:NortonAV
    "15294:TCP"= 15294:TCP:NortonAV
    "17363:TCP"= 17363:TCP:NortonAV
    "13264:TCP"= 13264:TCP:NortonAV
    "14355:TCP"= 14355:TCP:NortonAV
    "17006:TCP"= 17006:TCP:NortonAV
    "16790:TCP"= 16790:TCP:NortonAV
    "18760:TCP"= 18760:TCP:NortonAV
    "17456:TCP"= 17456:TCP:NortonAV
    "15015:TCP"= 15015:TCP:NortonAV
    "14643:TCP"= 14643:TCP:NortonAV
    "18093:TCP"= 18093:TCP:NortonAV
    "18191:TCP"= 18191:TCP:NortonAV
    "16767:TCP"= 16767:TCP:NortonAV
    "13312:TCP"= 13312:TCP:NortonAV
    "15699:TCP"= 15699:TCP:NortonAV
    "13366:TCP"= 13366:TCP:NortonAV
    "14958:TCP"= 14958:TCP:NortonAV
    "14072:TCP"= 14072:TCP:NortonAV
    "13921:TCP"= 13921:TCP:NortonAV
    "15505:TCP"= 15505:TCP:NortonAV
    "12739:TCP"= 12739:TCP:NortonAV
    "16522:TCP"= 16522:TCP:NortonAV
    "13715:TCP"= 13715:TCP:NortonAV
    "18186:TCP"= 18186:TCP:NortonAV
    "18297:TCP"= 18297:TCP:NortonAV
    "16962:TCP"= 16962:TCP:NortonAV
    "12036:TCP"= 12036:TCP:NortonAV
    "12858:TCP"= 12858:TCP:NortonAV
    "14462:TCP"= 14462:TCP:NortonAV

    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2005-12-30 379456]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2006-09-15 87824]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2006-09-15 85696]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - ANTIVIRSCHEDULER
    *NewlyCreated* - ANTIVIRSERVICE
    *NewlyCreated* - AVGIO
    *NewlyCreated* - AVGNTFLT
    *NewlyCreated* - AVIPBB
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

    2009-03-03 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE []

    2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{216A7CAC-2E9B-4F70-AB77-6F9B575C1DE3}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe


    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Fichiers communs\Microsoft Shared\Information Retrieval\itss51.dll
    DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\35ngzbxs.default\
    FF - prefs.js: browser.startup.homepage - www.google.fr
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-03 22:35:25
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2009-03-03 22:38:05
    ComboFix-quarantined-files.txt 2009-03-03 21:37:42

    Avant-CF: 77 838 491 648 octets libres
    Après-CF: 77,920,141,312 octets libres

    332 --- E O F --- 2009-03-03 12:53:14
    a c 267 8 Sécurité
    a b 9 Windows
    3 Mars 2009 23:00:20

    1/

  • Désinstalle HijackThis.
  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

  • Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

    Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    3 Mars 2009 23:12:41

    Voici le rapport Tools Cleaner2:


    [ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Combofix.txt: trouvé !
    C:\UsbFix.txt: trouvé !
    C:\Combofix: trouvé !
    C:\Rsit: trouvé !
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\Rsit.exe: trouvé !
    C:\Program Files\HijackThis: trouvé !
    C:\Program Files\UsbFix: trouvé !
    C:\Program Files\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\HijackThis\hijackthis.log: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Program Files\HijackThis\HijackThis.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\UsbFix.txt: supprimé !
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\Rsit.exe: supprimé !
    C:\Program Files\HijackThis\hijackthis.log: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\Combofix: supprimé !
    C:\Rsit: supprimé !
    C:\Program Files\HijackThis: supprimé !
    C:\Program Files\UsbFix: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Restauration annulée !
    a c 267 8 Sécurité
    a b 9 Windows
    3 Mars 2009 23:16:13

    Tu peux supprimer ToolsCleaner et passer à la suite.
    3 Mars 2009 23:33:11

    J'ai réalisé le 2 sans problème, je ne crois pas qu'il y avait de rapport à poster.
    Dois-je vraiment réalisé l'étape 3, et est elle vraiment sans danger, v=car elle m'a l'air un peu compliqué!
    a c 267 8 Sécurité
    a b 9 Windows
    3 Mars 2009 23:46:35

    L'étape 3 est sans danger et n'est pas compliqué.
    3 Mars 2009 23:49:41

    D'accord,
    Je l'a ferrai demain matin.
    Bonne nuit
    a c 267 8 Sécurité
    a b 9 Windows
    3 Mars 2009 23:51:06

    Ok, bonne nuit ;) 
    4 Mars 2009 14:19:27

    Bonjour,
    C'est bon j'ai réalisé l'étape 3 sans aucune difficulté. Merci beaucoup pour ton aide Destrio5, mon pc va mieux. Je serai plus prudent à l'avenir.
    a c 267 8 Sécurité
    a b 9 Windows
    4 Mars 2009 16:01:20

    Ok. Essaie Adblock.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS