Votre question

[Résolu] Publicités intempestives internet explorer

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Février 2009 16:36:37

Bonjour,

Je reçoit des fenetres publicitaires s'ouvrant avec ie. J'utilise uniquement Firefox comme navigateur mais je crois qu'il ne faut pas désinstaller ie.
Je suis sous vista premium.

Que puis je faire pour irradiquer ça ?

Autres pages sur : resolu publicites intempestives internet explorer

a c 327 8 Sécurité
27 Février 2009 16:51:48

Salut,

Il faut déjà identifier l'infection.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit\.
    27 Février 2009 17:05:08

    Quelle rapidité ! Je suis impressioné. Merci en tout cas.

    Voila le rapport log.txt :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by ReNo at 2009-02-27 16:53:17
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 32 GB (32%) free of 102 GB
    Total RAM: 2046 MB (32% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:53:57, on 27/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Windows\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Users\ReNo\Desktop\RSIT.exe
    C:\Program Files\trend micro\ReNo.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [trustfast] "C:\ProgramData\NURB JUNK JUNK.60m8vlu"
    O4 - HKCU\..\Run: [Itch ford four knob] "C:\ProgramData\proc flaw jump.ychd0su"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (file missing)
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 12170 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\User_Feed_Synchronization-{1F18BEA8-D8E0-4CA6-8F85-A4868A1B8959}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-25 1062184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-31 1078552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-10 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
    PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-11-19 806912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-03-10 2436160]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]
    {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-11-19 806912]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-18 815104]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
    ""= []
    "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
    "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-04-24 240640]
    "ECenter"=c:\dell\E-Center\EULALauncher.exe [2006-11-17 17920]
    "PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2006-10-13 184320]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
    "NeroCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
    "dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2007-01-12 292336]
    "MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-11-04 304008]
    "FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-11-04 312200]
    "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
    "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
    "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-03 959976]
    "SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-02-08 303104]
    "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-10-04 86016]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-10-04 8497696]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-10-04 81920]
    "NVHotkey"=C:\Windows\system32\nvHotkey.dll [2007-10-04 86016]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-31 1601304]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2006-11-12 446976]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
    "Cld2000.exe"=C:\Program Files\Calendrier\Cld2000.exe []
    "Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe []
    "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-03-10 171448]
    "trustfast"=C:\ProgramData\NURB JUNK JUNK.60m8vlu [2009-02-26 114704]
    "Itch ford four knob"=C:\ProgramData\proc flaw jump.ychd0su [2009-02-26 12304]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
    QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bd246fd-14d3-11dc-bd78-0019b96ba7ac}]
    shell\AutoRun\command - F:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ee533c4-2f41-11dc-93c5-0019b96ba7ac}]
    shell\AutoRun\command - F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3785a065-c825-11dd-90ad-0019b96ba7ac}]
    shell\AutoRun\command - J:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576f8d54-8c45-11dc-a484-0019b96ba7ac}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a6014a0-9a09-11dd-b8cf-0019b96ba7ac}]
    shell\AutoRun\command - I:\t.com
    shell\explore\command - I:\t.com
    shell\open\command - I:\t.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fc6ffd2-519b-11dc-b71e-0019b96ba7ac}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{734c90e8-df09-11dd-84ef-0019b96ba7ac}]
    shell\AutoRun\command - K:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fc531e9-f82d-11dc-8093-0019b96ba7ac}]
    shell\AutoRun\command - H:\yannh.cmd
    shell\explore\command - H:\yannh.cmd
    shell\open\command - H:\yannh.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad17c62c-f788-11dd-9eab-0019b96ba7ac}]
    shell\AutoRun\command - H:\t.com
    shell\explore\command - H:\t.com
    shell\open\command - H:\t.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cde995dd-30b7-11dd-94e8-0019b96ba7ac}]
    shell\AutoRun\command - I:\PenInkViewer\Viewer_for_Windows\PenInkViewer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9b2f07e-9459-11dd-b657-0019b96ba7ac}]
    shell\AutoRun\command - I:\t.com
    shell\explore\command - I:\t.com
    shell\open\command - I:\t.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd142b00-f607-11dd-9dc2-0019b96ba7ac}]
    shell\AutoRun\command - F:\t.com
    shell\explore\command - F:\t.com
    shell\open\command - F:\t.com


    ======List of files/folders created in the last 1 months======

    2009-02-27 16:53:20 ----D---- C:\Program Files\trend micro
    2009-02-27 16:53:17 ----D---- C:\rsit
    2009-02-26 16:41:29 ----D---- C:\ProgramData\third lies itch ford
    2009-02-26 16:40:56 ----D---- C:\ProgramData\uploadregs
    2009-02-26 16:40:42 ----D---- C:\Program Files\TorrentSpeeder
    2009-02-26 07:19:36 ----A---- C:\Windows\system32\NCTWMAFile.dll
    2009-02-26 07:19:35 ----A---- C:\Windows\system32\NCTAudioFile.dll
    2009-02-26 07:19:35 ----A---- C:\Windows\system32\lame_enc.dll
    2009-02-26 07:19:34 ----A---- C:\Windows\system32\faq.txt
    2009-02-26 07:19:26 ----D---- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
    2009-02-25 23:58:52 ----D---- C:\ProgramData\AVS4YOU
    2009-02-25 23:58:50 ----D---- C:\Users\ReNo\AppData\Roaming\AVS4YOU
    2009-02-25 23:58:19 ----D---- C:\Program Files\Common Files\AVSMedia
    2009-02-25 23:58:18 ----A---- C:\Windows\system32\msxml3a.dll
    2009-02-25 23:58:18 ----A---- C:\Windows\system32\msvcp70.dll
    2009-02-25 23:58:18 ----A---- C:\Windows\system32\cc3270mt.dll
    2009-02-25 23:58:17 ----D---- C:\Program Files\AVS4YOU
    2009-02-25 21:18:03 ----A---- C:\Windows\system32\msvcr70.dll
    2009-02-23 23:40:12 ----D---- C:\ProgramData\ALM
    2009-02-23 22:05:20 ----D---- C:\Program Files\Common Files\Macrovision Shared
    2009-02-23 20:51:37 ----AD---- C:\Adobe suite
    2009-02-15 17:39:17 ----D---- C:\Users\ReNo\AppData\Roaming\vlc
    2009-02-15 17:39:15 ----D---- C:\Program Files\adslTV
    2009-02-15 10:15:14 ----A---- C:\Windows\system32\EncDec.dll
    2009-02-15 10:15:11 ----A---- C:\Windows\system32\psisdecd.dll
    2009-02-11 22:40:56 ----A---- C:\Windows\system32\mshtml.dll
    2009-02-11 22:40:55 ----A---- C:\Windows\system32\ieframe.dll
    2009-02-11 22:40:53 ----A---- C:\Windows\system32\urlmon.dll
    2009-02-11 22:40:52 ----A---- C:\Windows\system32\msfeeds.dll
    2009-02-11 22:40:51 ----A---- C:\Windows\system32\wininet.dll
    2009-02-11 22:40:50 ----A---- C:\Windows\system32\mstime.dll
    2009-02-11 22:40:48 ----A---- C:\Windows\system32\iertutil.dll
    2009-02-11 22:40:45 ----A---- C:\Windows\system32\jsproxy.dll
    2009-02-11 19:17:00 ----D---- C:\Program Files\CCleaner
    2009-02-06 18:52:40 ----A---- C:\Windows\system32\sirenacm.dll
    2009-01-31 11:49:39 ----A---- C:\Windows\system32\avgrsstx.dll

    ======List of files/folders modified in the last 1 months======

    2009-02-27 16:53:24 ----D---- C:\Windows\Temp
    2009-02-27 16:53:20 ----RD---- C:\Program Files
    2009-02-27 16:52:49 ----D---- C:\Windows\Internet Logs
    2009-02-27 16:46:41 ----D---- C:\Users\ReNo\AppData\Roaming\Skype
    2009-02-27 16:05:15 ----SHD---- C:\System Volume Information
    2009-02-27 15:48:34 ----D---- C:\MDT
    2009-02-27 07:52:40 ----D---- C:\Windows\Debug
    2009-02-27 07:52:40 ----D---- C:\Windows
    2009-02-27 07:48:47 ----HD---- C:\ProgramData
    2009-02-26 23:13:21 ----HD---- C:\$AVG8.VAULT$
    2009-02-26 20:18:36 ----SHD---- C:\Windows\Installer
    2009-02-26 18:20:03 ----D---- C:\Program Files\Microsoft Silverlight
    2009-02-26 16:40:48 ----D---- C:\Windows\system32\Tasks
    2009-02-26 07:19:36 ----D---- C:\Windows\System32
    2009-02-26 07:16:58 ----D---- C:\Users\ReNo\AppData\Roaming\utorrent
    2009-02-25 23:58:45 ----D---- C:\Program Files\Mozilla Firefox
    2009-02-25 23:58:19 ----D---- C:\Program Files\Common Files
    2009-02-25 21:02:25 ----RSD---- C:\Windows\assembly
    2009-02-25 20:43:16 ----D---- C:\Windows\system32\catroot2
    2009-02-24 08:01:30 ----D---- C:\Users\ReNo\AppData\Roaming\Adobe
    2009-02-23 23:47:32 ----D---- C:\Program Files\Common Files\Adobe
    2009-02-23 23:45:19 ----D---- C:\Program Files\Adobe
    2009-02-23 22:27:41 ----D---- C:\Windows\winsxs
    2009-02-23 22:22:52 ----D---- C:\ProgramData\Adobe
    2009-02-23 17:51:17 ----D---- C:\Windows\Prefetch
    2009-02-21 08:05:39 ----D---- C:\Program Files\Common Files\microsoft shared
    2009-02-20 18:13:48 ----D---- C:\Windows\inf
    2009-02-20 18:13:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-02-17 17:26:43 ----D---- C:\Windows\Downloaded Installations
    2009-02-15 23:27:40 ----D---- C:\Windows\Microsoft.NET
    2009-02-15 23:27:24 ----D---- C:\Windows\ehome
    2009-02-15 21:35:52 ----D---- C:\Program Files\Messenger Plus! Live
    2009-02-15 10:06:42 ----D---- C:\Windows\system32\catroot
    2009-02-11 23:45:10 ----D---- C:\ProgramData\Microsoft Help
    2009-02-11 23:44:12 ----D---- C:\Program Files\Windows Mail
    2009-02-11 19:32:42 ----D---- C:\Windows\Minidump
    2009-02-04 00:21:12 ----A---- C:\Windows\system32\mrt.exe
    2009-01-31 11:50:14 ----D---- C:\Windows\system32\drivers
    2009-01-31 11:21:14 ----D---- C:\ProgramData\avg8
    2009-01-28 18:15:50 ----D---- C:\ProgramData\ma-config.com
    2009-01-28 18:15:50 ----D---- C:\Program Files\ma-config.com

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-01-31 325128]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-31 27656]
    R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
    R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
    R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-03-03 279440]
    R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
    R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
    R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9432]
    R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
    R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
    R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
    R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
    R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
    R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
    R2 dsunidrv;dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [2006-08-17 7424]
    R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-12 12672]
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256]
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-20 43520]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-20 37376]
    R2 RMCAST;Pilote du protocole RMCAT PGMP; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664]
    R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-12 8192]
    R3 bcm4sbxp;Pilote XP du contrôleur intégré Broadcom 440x 10/100; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-12 986624]
    R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-12 206848]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-10-04 7628608]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
    R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-08 647680]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-18 179256]
    R3 V0260VID;Live! Cam Vista IM; C:\Windows\system32\DRIVERS\V0260Vid.sys [2007-07-18 154784]
    R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-12 659968]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
    S3 axf7u4h7;axf7u4h7; C:\Windows\system32\drivers\axf7u4h7.sys []
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-01-24 14336]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 e1express;Pilote de la connexion réseau Intel(R) PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
    S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys []
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
    S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-03-13 2555392]
    S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-06-28 137216]
    S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-06-28 8320]
    S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-06-28 12288]
    S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-06-28 12288]
    S3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys []
    S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS []
    S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
    S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-05 611664]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-11-04 537480]
    R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-08-20 860160]
    R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-08-20 466944]
    R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
    R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-03-03 79400]
    R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-12 386560]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
    S2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe []
    S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe []
    S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2006-11-07 70656]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-23 654848]
    S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2007-04-24 81408]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-10 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

    -----------------EOF-----------------




    Et le info.txt

    info.txt logfile of random's system information tool 1.05 2009-02-27 16:54:05

    ======Uninstall list======

    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x40c
    µTorrent 1.6 (Build 474)-->C:\Program Files\utorrent\Uninstal.exe
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    926plv32-->MsiExec.exe /I{0FA7B858-E0E1-400B-B5C0-1285F7D6FE5E}
    ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    ACE-HIGH MP3 WAV WMA OGG Converter-->C:\PROGRA~1\ACE-HI~1\UNWISE.EXE C:\PROGRA~1\ACE-HI~1\INSTALL.LOG
    Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
    Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
    Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
    Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
    Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
    Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
    Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}
    Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
    Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
    Adobe Setup-->MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}
    Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
    Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
    Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
    Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
    Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
    Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
    AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
    Ajouter ou supprimer Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Assistant Personnalisation du systéme Dell-->MsiExec.exe /I{9954484F-6EE4-4040-94E3-4B380646F867}
    AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
    Creative Live! Cam Vista IM Driver (1.11.02.00)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0260.uns -unsext NT -plugin V0260Pin.dll -pluginres CtCamPin.crl
    Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
    Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
    Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x40c /remove
    Dell Fax PC-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
    Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
    Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
    DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
    DHTML Editing Component-->MsiExec.exe /X{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
    Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
    Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    Guide de l'utilisateur-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    Intel PROSet Wireless-->Intel PROSet Wireless
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    Language pack for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\Langs\INSTALL.LOG
    Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}
    Manuel d'utilisation de Creative Live! Cam Vista IM (Français)-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Creative\Creative Live! Cam Vista IM\Manuel d'utilisation de Creative Live! Cam Vista IM\French\CTManual.isu"
    Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
    MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x40c -cluninstall
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft Money-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
    mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
    Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MyScript Notes for DANE-ELEC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6378CFE7-D898-4C41-A7DD-4BB54ED80BB7}\setup.exe" -l0x40c -removeonly
    NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
    Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    Outil de diagnostic de modem-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PDFCreator Toolbar-->"C:\Windows\PDFCreator_Toolbar_Uninstaller_5929.exe" _?=C:\Program Files\PDFCreator Toolbar
    PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
    Pro Evolution Soccer 5-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{85C3FA3C-4832-4204-B21E-168E4920936A} /l1036
    QuickSet-->MsiExec.exe /I{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
    Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
    Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
    Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
    Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
    Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
    URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Worms Armageddon-->C:\Windows\IsUninst.exe -f"c:\Team17\Worms Armageddon\Uninst.isu"
    Zattoo 3.3.1 Beta-->C:\Program Files\Zattoo\uninst.exe
    ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

    ======Security center information======

    AV: AVG Anti-Virus Free
    FW: ZoneAlarm Firewall
    AS: AVG Anti-Virus Free (disabled)
    AS: Windows Defender

    System event log

    Computer Name: NeNeO
    Event Code: 7036
    Message: Le service Fournisseur de cliché instantané de logiciel Microsoft est entré dans l'état : arrêté.
    Record Number: 204226
    Source Name: Service Control Manager
    Time Written: 20090227150235.000000-000
    Event Type: Information
    User:

    Computer Name: NeNeO
    Event Code: 7036
    Message: Le service Programme d’installation de modules Windows est entré dans l'état : arrêté.
    Record Number: 204227
    Source Name: Service Control Manager
    Time Written: 20090227150238.000000-000
    Event Type: Information
    User:

    Computer Name: NeNeO
    Event Code: 33
    Message: L'ancien cliché instantané du volume C: a été abandonné pour conserver l'utilisation d'espace disque pour les clichés instantanés de volume C: sous la limite définie par l'utilisateur.
    Record Number: 204228
    Source Name: volsnap
    Time Written: 20090227150514.988254-000
    Event Type: Information
    User:

    Computer Name: NeNeO
    Event Code: 7036
    Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : arrêté.
    Record Number: 204229
    Source Name: Service Control Manager
    Time Written: 20090227151056.000000-000
    Event Type: Information
    User:

    Computer Name: NeNeO
    Event Code: 7036
    Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : en cours d'exécution.
    Record Number: 204230
    Source Name: Service Control Manager
    Time Written: 20090227154609.000000-000
    Event Type: Information
    User:

    Application event log

    Computer Name: NeNeO
    Event Code: 1
    Message: Le service Centre de sécurité Windows a démarré.
    Record Number: 47641
    Source Name: SecurityCenter
    Time Written: 20090227145044.000000-000
    Event Type: Information
    User:

    Computer Name: NeNeO
    Event Code: 102
    Message: InputPersonalization (4776) InkStore: Le moteur de la base de données (6.00.6001.0000) a démarré une nouvelle instance (0).
    Record Number: 47642
    Source Name: ESENT
    Time Written: 20090227145100.000000-000
    Event Type: Information
    User:

    Computer Name: NeNeO
    Event Code: 8194
    Message: Point de restauration correctement créé (Processus = C:\Windows\system32\svchost.exe -k netsvcs ; Description = Windows Update).
    Record Number: 47643
    Source Name: System Restore
    Time Written: 20090227145520.000000-000
    Event Type: Information
    User:

    Computer Name: NeNeO
    Event Code: 8194
    Message: Point de restauration correctement créé (Processus = C:\Windows\system32\svchost.exe -k netsvcs ; Description = Windows Update).
    Record Number: 47644
    Source Name: System Restore
    Time Written: 20090227145550.000000-000
    Event Type: Information
    User:

    Computer Name: NeNeO
    Event Code: 8224
    Message: Le service VSS s’arrête, car le délai d’inactivité est dépassé.
    Record Number: 47645
    Source Name: VSS
    Time Written: 20090227145934.000000-000
    Event Type: Information
    User:

    Security event log

    Computer Name: NeNeO
    Event Code: 4647
    Message: Fermeture de session initiée par l’utilisateur :

    Sujet :
    ID de sécurité : S-1-5-21-4173803271-3975576253-2691326889-1000
    Nom du compte : ReNo
    Domaine du compte : NeNeO
    ID d’ouverture de session : 0x66037

    Cet événement est généré lorsqu’une fermeture de session est initiée, mais que le nombre de références du jeton n’étant pas zéro, la session ouverte ne peut pas être supprimée. Aucune autre activité initiée par l’utilisateur ne peut se produire. Cet événement peut être interprété comme un événement de fermeture de session.
    Record Number: 42233
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081015125703.307846-000
    Event Type: Succès de l'audit
    User:

    Computer Name: NeNeO
    Event Code: 4648
    Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : NENEO$
    Domaine du compte : WORKGROUP
    ID d’ouverture de session : 0x3e7
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Compte dont les informations d’identification ont été utilisées :
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Serveur cible :
    Nom du serveur cible : localhost
    Informations supplémentaires : localhost

    Informations sur le processus :
    ID du processus : 0x2c4
    Nom du processus : C:\Windows\System32\services.exe

    Informations sur le réseau :
    Adresse du réseau : -
    Port : -

    Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
    Record Number: 42234
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081015125705.663446-000
    Event Type: Succès de l'audit
    User:

    Computer Name: NeNeO
    Event Code: 4624
    Message: L’ouverture de session d’un compte s’est correctement déroulée.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : NENEO$
    Domaine du compte : WORKGROUP
    ID d’ouverture de session : 0x3e7

    Type d’ouverture de session : 5

    Nouvelle ouverture de session :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Informations sur le processus :
    ID du processus : 0x2c4
    Nom du processus : C:\Windows\System32\services.exe

    Informations sur le réseau :
    Nom de la station de travail :
    Adresse du réseau source : -
    Port source : -

    Informations détaillées sur l’authentification :
    Processus d’ouverture de session : Advapi
    Package d’authentification : Negotiate
    Services en transit : -
    Nom du package (NTLM uniquement) : -
    Longueur de la clé : 0

    Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

    Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

    Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

    Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

    Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

    Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
    - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
    - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
    - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
    - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
    Record Number: 42235
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081015125705.663446-000
    Event Type: Succès de l'audit
    User:

    Computer Name: NeNeO
    Event Code: 4672
    Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7

    Privilèges : SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 4
    Contenus similaires
    a c 327 8 Sécurité
    27 Février 2009 17:13:23

    Infection Lop (Pubs CiD).

  • Désactive l'UAC le temps de la désinfection.

  • Télécharge Lop S&D sur ton Bureau.
  • Double-clique dessus pour lancer l'installation.
  • Clique droit sur le raccourci Lop S&D présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.
  • Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche) .
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré (C:\lopR.txt).
    27 Février 2009 17:32:53

    Le voila :

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz )
    BIOS : Phoenix ROM BIOS PLUS Version 1.10 A14
    USER : ReNo ( Administrator )
    BOOT : Normal boot
    Antivirus : AVG Anti-Virus Free 8.0 (Activated)
    Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
    C:\ (Local Disk) - NTFS - Total:99 Go (Free:31 Go)
    D:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
    E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
    G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 27/02/2009|17:27 )

    [ UAC => 0 ]

    --------------------\\ Listing des dossiers dans Local

    [22/08/2008|22:47] C:\Users\ReNo\AppData\Local\Adobe
    [12/09/2008|17:03] C:\Users\ReNo\AppData\Local\Apple
    [05/10/2008|21:38] C:\Users\ReNo\AppData\Local\Apple Computer
    [27/04/2007|14:51] C:\Users\ReNo\AppData\Local\Application Data
    [02/10/2008|11:57] C:\Users\ReNo\AppData\Local\d3d9caps.dat
    [20/02/2009|21:00] C:\Users\ReNo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [18/08/2008|23:26] C:\Users\ReNo\AppData\Local\GDIPFONTCACHEV1.DAT
    [27/04/2007|17:40] C:\Users\ReNo\AppData\Local\Google
    [27/04/2007|14:51] C:\Users\ReNo\AppData\Local\Historique
    [27/02/2009|17:15] C:\Users\ReNo\AppData\Local\IconCache.db
    [23/11/2008|15:45] C:\Users\ReNo\AppData\Local\Installer1512
    [23/11/2008|15:29] C:\Users\ReNo\AppData\Local\Installer5508
    [27/04/2007|17:39] C:\Users\ReNo\AppData\Local\MediaDirect
    [25/12/2008|22:58] C:\Users\ReNo\AppData\Local\Microsoft
    [27/05/2007|11:38] C:\Users\ReNo\AppData\Local\Microsoft Games
    [12/08/2008|14:59] C:\Users\ReNo\AppData\Local\Microsoft Help
    [23/08/2008|12:42] C:\Users\ReNo\AppData\Local\MicroVision Applications
    [04/10/2007|16:44] C:\Users\ReNo\AppData\Local\Mozilla
    [12/05/2007|10:27] C:\Users\ReNo\AppData\Local\Powercinema
    [06/05/2007|21:29] C:\Users\ReNo\AppData\Local\Protexis
    [13/03/2008|19:17] C:\Users\ReNo\AppData\Local\PunkBuster
    [23/02/2008|15:46] C:\Users\ReNo\AppData\Local\SupportSoft
    [27/02/2009|17:25] C:\Users\ReNo\AppData\Local\Temp
    [27/04/2007|14:51] C:\Users\ReNo\AppData\Local\Temporary Internet Files
    [19/05/2007|16:39] C:\Users\ReNo\AppData\Local\VirtualStore
    [02/06/2008|20:11] C:\Users\ReNo\AppData\Local\Xenocode
    [08/02/2009|18:55] C:\Users\ReNo\AppData\Local\Zattoo
    [10/11/2008|14:04] C:\Users\ReNo\AppData\Local\ZattooPlayer

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [27/02/2009 07:39][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{1F18BEA8-D8E0-4CA6-8F85-A4868A1B8959}.job
    [27/02/2009 17:18][--ah-----] C:\Windows\tasks\SA.DAT
    [27/02/2009 17:16][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [21/12/2008|20:49] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [23/02/2009|22:22] C:\ProgramData\Adobe
    [23/02/2009|23:40] C:\ProgramData\ALM
    [25/12/2008|22:58] C:\ProgramData\AppData
    [09/09/2007|18:21] C:\ProgramData\Apple
    [09/09/2007|18:29] C:\ProgramData\Apple Computer
    [27/04/2007|14:50] C:\ProgramData\Application Data
    [31/01/2009|11:21] C:\ProgramData\avg8
    [25/02/2009|23:58] C:\ProgramData\AVS4YOU
    [27/04/2007|14:50] C:\ProgramData\Bureau
    [02/08/2008|10:03] C:\ProgramData\CheckPoint
    [24/04/2007|01:21] C:\ProgramData\Corel
    [24/04/2007|01:35] C:\ProgramData\CyberLink
    [26/02/2008|15:35] C:\ProgramData\Dell
    [02/06/2007|22:17] C:\ProgramData\DellFaxCtr
    [27/04/2007|14:50] C:\ProgramData\Documents
    [11/07/2007|18:41] C:\ProgramData\eMule
    [27/04/2007|14:50] C:\ProgramData\Favoris
    [19/08/2008|10:32] C:\ProgramData\FLEXnet
    [24/04/2007|01:34] C:\ProgramData\Google
    [24/04/2007|01:28] C:\ProgramData\Gtek
    [24/04/2007|01:24] C:\ProgramData\InstallShield
    [15/05/2008|18:53] C:\ProgramData\Intel
    [05/06/2008|17:37] C:\ProgramData\Lavasoft
    [03/01/2008|17:22] C:\ProgramData\LogiShrd
    [28/01/2009|18:15] C:\ProgramData\ma-config.com
    [05/03/2008|00:51] C:\ProgramData\McNeel
    [27/04/2007|14:50] C:\ProgramData\Menu D‚marrer
    [26/09/2007|18:37] C:\ProgramData\Messenger Plus!
    [21/12/2008|18:01] C:\ProgramData\Microsoft
    [11/02/2009|23:45] C:\ProgramData\Microsoft Help
    [27/04/2007|14:50] C:\ProgramData\ModŠles
    [26/02/2009|16:40] C:\ProgramData\NURB JUNK JUNK.60m8vlu
    [26/02/2009|16:40] C:\ProgramData\NURB JUNK JUNK.xruzlrk
    [11/10/2008|22:56] C:\ProgramData\NVIDIA
    [08/05/2008|12:40] C:\ProgramData\Office Genuine Advantage
    [26/02/2009|16:41] C:\ProgramData\proc flaw jump.ychd0su
    [15/05/2008|18:54] C:\ProgramData\Roaming
    [23/08/2008|12:42] C:\ProgramData\Roxio
    [05/10/2007|20:03] C:\ProgramData\Skyline
    [01/09/2007|14:00] C:\ProgramData\Skype
    [24/04/2007|01:24] C:\ProgramData\Sonic
    [02/06/2007|22:17] C:\ProgramData\SPL55BB.tmp
    [02/06/2007|22:16] C:\ProgramData\SPL63D7.tmp
    [02/06/2007|22:23] C:\ProgramData\SPLC456.tmp
    [23/02/2008|15:42] C:\ProgramData\SupportSoft
    [25/07/2008|18:08] C:\ProgramData\Symantec
    [26/02/2009|16:41] C:\ProgramData\third lies itch ford
    [26/02/2009|16:41] C:\ProgramData\uploadregs
    [12/10/2008|23:45] C:\ProgramData\WindowsSearch
    [10/03/2008|15:55] C:\ProgramData\WinZip
    [13/03/2008|21:01] C:\ProgramData\WLInstaller

    --------------------\\ Listing des dossiers dans C:\Program Files

    [02/06/2007|22:16] C:\Program Files\Abbyy FineReader 6.0 Sprint
    [26/02/2009|07:19] C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
    [25/01/2009|09:00] C:\Program Files\Activision
    [23/02/2009|23:45] C:\Program Files\Adobe
    [15/02/2009|18:09] C:\Program Files\adslTV
    [15/05/2007|15:01] C:\Program Files\Ahead
    [06/05/2007|17:50] C:\Program Files\Alwil Software
    [12/09/2008|17:03] C:\Program Files\Apple Software Update
    [12/10/2007|16:43] C:\Program Files\Atari
    [31/10/2008|18:17] C:\Program Files\AVG
    [26/02/2009|18:53] C:\Program Files\AVS4YOU
    [24/04/2007|01:33] C:\Program Files\BAE
    [21/12/2008|20:46] C:\Program Files\Bonjour
    [30/10/2008|18:28] C:\Program Files\Broadcom
    [11/02/2009|19:17] C:\Program Files\CCleaner
    [26/10/2008|19:34] C:\Program Files\Cisco
    [25/02/2009|23:58] C:\Program Files\Common Files
    [24/04/2007|00:57] C:\Program Files\CONEXANT
    [08/09/2007|19:41] C:\Program Files\Creative
    [24/04/2007|01:35] C:\Program Files\CyberLink
    [11/07/2007|00:57] C:\Program Files\DAEMON Tools
    [02/06/2007|22:18] C:\Program Files\Dell
    [02/06/2007|22:18] C:\Program Files\Dell PC Fax
    [02/06/2007|22:18] C:\Program Files\Dell Photo AIO Printer 926
    [23/02/2008|15:41] C:\Program Files\Dell Support Center
    [24/04/2007|01:27] C:\Program Files\DellSupport
    [24/04/2007|01:18] C:\Program Files\Digital Line Detect
    [11/07/2007|15:22] C:\Program Files\Direct X
    [25/01/2009|09:00] C:\Program Files\EA GAMES
    [27/04/2007|14:50] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [11/03/2008|19:55] C:\Program Files\Google
    [02/06/2008|20:15] C:\Program Files\InstallShield Installation Information
    [26/10/2008|19:34] C:\Program Files\Intel
    [11/10/2008|10:14] C:\Program Files\Internet Explorer
    [21/12/2008|20:49] C:\Program Files\iPod
    [25/01/2009|09:00] C:\Program Files\IrfanView
    [21/12/2008|20:49] C:\Program Files\iTunes
    [05/12/2008|12:36] C:\Program Files\Java
    [07/04/2008|16:17] C:\Program Files\KONAMI
    [05/06/2008|17:37] C:\Program Files\Lavasoft
    [28/01/2009|18:15] C:\Program Files\ma-config.com
    [10/03/2008|17:25] C:\Program Files\Ma‹do Production
    [04/07/2007|10:57] C:\Program Files\Media Player Classic
    [15/02/2009|21:35] C:\Program Files\Messenger Plus! Live
    [21/12/2008|18:11] C:\Program Files\Microsoft
    [02/03/2008|08:59] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [02/11/2006|13:37] C:\Program Files\Microsoft Games
    [15/05/2007|17:45] C:\Program Files\Microsoft Money 2005
    [27/04/2007|18:46] C:\Program Files\Microsoft Office
    [26/02/2009|18:20] C:\Program Files\Microsoft Silverlight
    [27/04/2007|18:46] C:\Program Files\Microsoft Visual Studio
    [27/04/2007|18:43] C:\Program Files\Microsoft Visual Studio 8
    [15/09/2008|08:51] C:\Program Files\Microsoft Works
    [27/04/2007|18:45] C:\Program Files\Microsoft.NET
    [01/12/2007|09:15] C:\Program Files\mIRC
    [24/04/2007|01:17] C:\Program Files\Modem Diagnostic Tool
    [11/10/2008|10:14] C:\Program Files\Movie Maker
    [27/02/2009|17:22] C:\Program Files\Mozilla Firefox
    [27/04/2007|18:46] C:\Program Files\MSBuild
    [27/04/2007|18:15] C:\Program Files\MSECache
    [24/04/2007|01:12] C:\Program Files\MSXML 4.0
    [24/04/2007|01:16] C:\Program Files\NetWaiting
    [19/11/2008|22:30] C:\Program Files\PDFCreator
    [19/11/2008|22:30] C:\Program Files\PDFCreator Toolbar
    [04/07/2007|12:25] C:\Program Files\Player Tool
    [21/12/2008|20:46] C:\Program Files\QuickTime
    [02/11/2006|13:37] C:\Program Files\Reference Assemblies
    [25/01/2009|09:00] C:\Program Files\Rhinoceros 3.0
    [25/01/2009|09:00] C:\Program Files\Rhinoceros 3.0 Evaluation
    [28/05/2007|09:01] C:\Program Files\Roxio
    [24/04/2007|01:15] C:\Program Files\SigmaTel
    [05/10/2007|20:03] C:\Program Files\Skyline
    [01/09/2007|14:00] C:\Program Files\Skype
    [19/01/2009|10:55] C:\Program Files\SpeedSim
    [24/04/2007|08:51] C:\Program Files\Synaptics
    [13/03/2008|17:26] C:\Program Files\SystemRequirementsLab
    [26/02/2009|16:40] C:\Program Files\TorrentSpeeder
    [27/02/2009|16:53] C:\Program Files\trend micro
    [02/11/2006|14:01] C:\Program Files\Uninstall Information
    [10/03/2008|16:52] C:\Program Files\utorrent
    [04/07/2007|16:13] C:\Program Files\VideoLAN
    [02/06/2008|20:15] C:\Program Files\Vision Objects
    [11/10/2008|10:14] C:\Program Files\Windows Calendar
    [11/10/2008|10:14] C:\Program Files\Windows Collaboration
    [11/10/2008|10:14] C:\Program Files\Windows Defender
    [11/10/2008|10:14] C:\Program Files\Windows Journal
    [21/12/2008|18:09] C:\Program Files\Windows Live
    [21/12/2008|18:09] C:\Program Files\Windows Live SkyDrive
    [11/02/2009|23:44] C:\Program Files\Windows Mail
    [01/11/2008|18:37] C:\Program Files\Windows Media Player
    [27/04/2007|14:50] C:\Program Files\Windows NT
    [11/10/2008|10:14] C:\Program Files\Windows Photo Gallery
    [11/10/2008|10:14] C:\Program Files\Windows Sidebar
    [11/03/2008|19:55] C:\Program Files\WinRAR
    [10/11/2008|13:52] C:\Program Files\Zattoo
    [02/08/2008|10:46] C:\Program Files\Zone Labs

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [23/02/2009|23:47] C:\Program Files\Common Files\Adobe
    [13/05/2007|21:26] C:\Program Files\Common Files\Ahead
    [21/12/2008|20:49] C:\Program Files\Common Files\Apple
    [26/02/2009|18:53] C:\Program Files\Common Files\AVSMedia
    [27/04/2007|18:46] C:\Program Files\Common Files\DESIGNER
    [05/08/2007|17:43] C:\Program Files\Common Files\InstallShield
    [26/10/2008|19:34] C:\Program Files\Common Files\Intel
    [24/04/2007|01:13] C:\Program Files\Common Files\Java
    [03/01/2008|17:25] C:\Program Files\Common Files\LogiShrd
    [23/02/2009|22:05] C:\Program Files\Common Files\Macrovision Shared
    [05/03/2008|00:51] C:\Program Files\Common Files\McNeel Shared
    [21/02/2009|08:05] C:\Program Files\Common Files\microsoft shared
    [24/04/2007|01:24] C:\Program Files\Common Files\Roxio Shared
    [02/11/2006|12:18] C:\Program Files\Common Files\Services
    [01/09/2007|14:00] C:\Program Files\Common Files\Skype
    [24/04/2007|01:26] C:\Program Files\Common Files\Sonic Shared
    [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
    [23/02/2008|15:40] C:\Program Files\Common Files\supportsoft
    [24/04/2007|01:24] C:\Program Files\Common Files\SureThing Shared
    [25/07/2008|19:53] C:\Program Files\Common Files\Symantec Shared
    [11/10/2008|10:14] C:\Program Files\Common Files\System
    [21/12/2008|18:01] C:\Program Files\Common Files\Windows Live
    [13/03/2008|21:05] C:\Program Files\Common Files\WindowsLiveInstaller
    [05/06/2008|17:36] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 77 Processes )

    iexplore.exe ~ [PID:3288]
    iexplore.exe ~ [PID:3404]

    --------------------\\ Recherche avec S_Lop

    C:\ProgramData\NURB JUNK JUNK.60m8vlu
    C:\ProgramData\NURB JUNK JUNK.xruzlrk
    C:\ProgramData\proc flaw jump.ychd0su
    C:\Users\ReNo\AppData\Local\Temp\bis14A9.exe

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\ProgramData\third lies itch ford
    C:\ProgramData\third lies itch ford\Trans Clock.dat
    C:\ProgramData\third lies itch ford\Trans Clock.exe
    C:\Users\ReNo\AppData\Local\Temp\TorrentSpeeder.zip
    C:\Users\ReNo\AppData\Local\Temp\minime.exe
    C:\Users\ReNo\AppData\Local\Temp\HtmlControl.dll
    C:\Program Files\TorrentSpeeder

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "trustfast"="\"C:\\ProgramData\\NURB JUNK JUNK.60m8vlu\""
    "Itch ford four knob"="\"C:\\ProgramData\\proc flaw jump.ychd0su\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-27 17:27:15
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    C:\Users\ReNo\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1241 bytes hidden from API
    scan completed successfully
    hidden processes: 0
    hidden files: 521

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\ReNo\AppData\Roaming\utorrent\civ4patch109plusnodvdcdcrack.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\Civilization 4 IV + Warlords expansion + 1.61 + 2.08 update + nocd crack civ4 civIV.rar.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\Civilization IV 1.61 Update + Crack - PCGAME.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\Civilization.IV.Full.PLUS.Crack.WEBSEED.zip.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\Pro.Cycling.Manager.2008-RELOADED - CRACK ONLY.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\rhino 3D v3.0 + crack + patch fr.rar.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\rld-cbts-crack.only-uolamer.rar.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\Winrar 3.71 French + Keygen.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\[NewTorrents.info]_Civilization.IV.v1.52.CRACK.ONLY-RELOADED.torrent


    [F:420][D:22]-> C:\Users\ReNo\AppData\Local\Temp
    [F:43][D:1]-> C:\Users\ReNo\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:76][D:4]-> C:\Users\ReNo\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:4][D:4]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - 27/02/2009|17:31 - Option : [1]

    --------------------\\ Fin du rapport a 17:31:49
    [ UAC => 1 ]


    a c 327 8 Sécurité
    27 Février 2009 17:39:04

  • Réexécute Lop S&D en tant qu'administrateur.
  • Choisis cette fois-ci l'option 2 (Suppression).
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt).

    (Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
    27 Février 2009 17:46:31

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz )
    BIOS : Phoenix ROM BIOS PLUS Version 1.10 A14
    USER : ReNo ( Administrator )
    BOOT : Normal boot
    Antivirus : AVG Anti-Virus Free 8.0 (Activated)
    Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
    C:\ (Local Disk) - NTFS - Total:99 Go (Free:31 Go)
    D:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
    E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
    G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( 27/02/2009|17:41 )

    [ UAC => 1 ]


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\ProgramData\third lies itch ford\Trans Clock.dat
    Supprime! - C:\ProgramData\third lies itch ford\Trans Clock.exe
    Supprime! - C:\Users\ReNo\AppData\Local\Temp\TorrentSpeeder.zip
    Supprime! - C:\Users\ReNo\AppData\Local\Temp\minime.exe
    Supprime! - C:\Users\ReNo\AppData\Local\Temp\HtmlControl.dll
    Supprime! - C:\ProgramData\NURB JUNK JUNK.60m8vlu
    Supprime! - C:\ProgramData\NURB JUNK JUNK.xruzlrk
    Supprime! - C:\ProgramData\proc flaw jump.ychd0su
    Supprime! - C:\Users\ReNo\AppData\Local\Temp\bis14A9.exe
    Supprime! - C:\ProgramData\third lies itch ford
    Supprime! - C:\Program Files\TorrentSpeeder
    -
    [ Fichier Hosts ] .. Restaure!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listing des dossiers dans Local

    [22/08/2008|22:47] C:\Users\ReNo\AppData\Local\Adobe
    [12/09/2008|17:03] C:\Users\ReNo\AppData\Local\Apple
    [05/10/2008|21:38] C:\Users\ReNo\AppData\Local\Apple Computer
    [27/04/2007|14:51] C:\Users\ReNo\AppData\Local\Application Data
    [02/10/2008|11:57] C:\Users\ReNo\AppData\Local\d3d9caps.dat
    [20/02/2009|21:00] C:\Users\ReNo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [18/08/2008|23:26] C:\Users\ReNo\AppData\Local\GDIPFONTCACHEV1.DAT
    [27/04/2007|17:40] C:\Users\ReNo\AppData\Local\Google
    [27/04/2007|14:51] C:\Users\ReNo\AppData\Local\Historique
    [27/02/2009|17:15] C:\Users\ReNo\AppData\Local\IconCache.db
    [23/11/2008|15:45] C:\Users\ReNo\AppData\Local\Installer1512
    [23/11/2008|15:29] C:\Users\ReNo\AppData\Local\Installer5508
    [27/04/2007|17:39] C:\Users\ReNo\AppData\Local\MediaDirect
    [25/12/2008|22:58] C:\Users\ReNo\AppData\Local\Microsoft
    [27/05/2007|11:38] C:\Users\ReNo\AppData\Local\Microsoft Games
    [12/08/2008|14:59] C:\Users\ReNo\AppData\Local\Microsoft Help
    [23/08/2008|12:42] C:\Users\ReNo\AppData\Local\MicroVision Applications
    [04/10/2007|16:44] C:\Users\ReNo\AppData\Local\Mozilla
    [12/05/2007|10:27] C:\Users\ReNo\AppData\Local\Powercinema
    [06/05/2007|21:29] C:\Users\ReNo\AppData\Local\Protexis
    [13/03/2008|19:17] C:\Users\ReNo\AppData\Local\PunkBuster
    [23/02/2008|15:46] C:\Users\ReNo\AppData\Local\SupportSoft
    [27/02/2009|17:42] C:\Users\ReNo\AppData\Local\Temp
    [27/04/2007|14:51] C:\Users\ReNo\AppData\Local\Temporary Internet Files
    [19/05/2007|16:39] C:\Users\ReNo\AppData\Local\VirtualStore
    [02/06/2008|20:11] C:\Users\ReNo\AppData\Local\Xenocode
    [08/02/2009|18:55] C:\Users\ReNo\AppData\Local\Zattoo
    [10/11/2008|14:04] C:\Users\ReNo\AppData\Local\ZattooPlayer

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [27/02/2009 07:39][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{1F18BEA8-D8E0-4CA6-8F85-A4868A1B8959}.job
    [27/02/2009 17:18][--ah-----] C:\Windows\tasks\SA.DAT
    [27/02/2009 17:16][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [21/12/2008|20:49] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [23/02/2009|22:22] C:\ProgramData\Adobe
    [23/02/2009|23:40] C:\ProgramData\ALM
    [25/12/2008|22:58] C:\ProgramData\AppData
    [09/09/2007|18:21] C:\ProgramData\Apple
    [09/09/2007|18:29] C:\ProgramData\Apple Computer
    [27/04/2007|14:50] C:\ProgramData\Application Data
    [31/01/2009|11:21] C:\ProgramData\avg8
    [25/02/2009|23:58] C:\ProgramData\AVS4YOU
    [27/04/2007|14:50] C:\ProgramData\Bureau
    [02/08/2008|10:03] C:\ProgramData\CheckPoint
    [24/04/2007|01:21] C:\ProgramData\Corel
    [24/04/2007|01:35] C:\ProgramData\CyberLink
    [26/02/2008|15:35] C:\ProgramData\Dell
    [02/06/2007|22:17] C:\ProgramData\DellFaxCtr
    [27/04/2007|14:50] C:\ProgramData\Documents
    [11/07/2007|18:41] C:\ProgramData\eMule
    [27/04/2007|14:50] C:\ProgramData\Favoris
    [19/08/2008|10:32] C:\ProgramData\FLEXnet
    [24/04/2007|01:34] C:\ProgramData\Google
    [24/04/2007|01:28] C:\ProgramData\Gtek
    [24/04/2007|01:24] C:\ProgramData\InstallShield
    [15/05/2008|18:53] C:\ProgramData\Intel
    [05/06/2008|17:37] C:\ProgramData\Lavasoft
    [03/01/2008|17:22] C:\ProgramData\LogiShrd
    [28/01/2009|18:15] C:\ProgramData\ma-config.com
    [05/03/2008|00:51] C:\ProgramData\McNeel
    [27/04/2007|14:50] C:\ProgramData\Menu D‚marrer
    [26/09/2007|18:37] C:\ProgramData\Messenger Plus!
    [21/12/2008|18:01] C:\ProgramData\Microsoft
    [11/02/2009|23:45] C:\ProgramData\Microsoft Help
    [27/04/2007|14:50] C:\ProgramData\ModŠles
    [11/10/2008|22:56] C:\ProgramData\NVIDIA
    [08/05/2008|12:40] C:\ProgramData\Office Genuine Advantage
    [15/05/2008|18:54] C:\ProgramData\Roaming
    [23/08/2008|12:42] C:\ProgramData\Roxio
    [05/10/2007|20:03] C:\ProgramData\Skyline
    [01/09/2007|14:00] C:\ProgramData\Skype
    [24/04/2007|01:24] C:\ProgramData\Sonic
    [02/06/2007|22:17] C:\ProgramData\SPL55BB.tmp
    [02/06/2007|22:16] C:\ProgramData\SPL63D7.tmp
    [02/06/2007|22:23] C:\ProgramData\SPLC456.tmp
    [23/02/2008|15:42] C:\ProgramData\SupportSoft
    [25/07/2008|18:08] C:\ProgramData\Symantec
    [26/02/2009|16:41] C:\ProgramData\uploadregs
    [12/10/2008|23:45] C:\ProgramData\WindowsSearch
    [10/03/2008|15:55] C:\ProgramData\WinZip
    [13/03/2008|21:01] C:\ProgramData\WLInstaller

    --------------------\\ Listing des dossiers dans C:\Program Files

    [02/06/2007|22:16] C:\Program Files\Abbyy FineReader 6.0 Sprint
    [26/02/2009|07:19] C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
    [25/01/2009|09:00] C:\Program Files\Activision
    [23/02/2009|23:45] C:\Program Files\Adobe
    [15/02/2009|18:09] C:\Program Files\adslTV
    [15/05/2007|15:01] C:\Program Files\Ahead
    [06/05/2007|17:50] C:\Program Files\Alwil Software
    [12/09/2008|17:03] C:\Program Files\Apple Software Update
    [12/10/2007|16:43] C:\Program Files\Atari
    [31/10/2008|18:17] C:\Program Files\AVG
    [26/02/2009|18:53] C:\Program Files\AVS4YOU
    [24/04/2007|01:33] C:\Program Files\BAE
    [21/12/2008|20:46] C:\Program Files\Bonjour
    [30/10/2008|18:28] C:\Program Files\Broadcom
    [11/02/2009|19:17] C:\Program Files\CCleaner
    [26/10/2008|19:34] C:\Program Files\Cisco
    [25/02/2009|23:58] C:\Program Files\Common Files
    [24/04/2007|00:57] C:\Program Files\CONEXANT
    [08/09/2007|19:41] C:\Program Files\Creative
    [24/04/2007|01:35] C:\Program Files\CyberLink
    [11/07/2007|00:57] C:\Program Files\DAEMON Tools
    [02/06/2007|22:18] C:\Program Files\Dell
    [02/06/2007|22:18] C:\Program Files\Dell PC Fax
    [02/06/2007|22:18] C:\Program Files\Dell Photo AIO Printer 926
    [23/02/2008|15:41] C:\Program Files\Dell Support Center
    [24/04/2007|01:27] C:\Program Files\DellSupport
    [24/04/2007|01:18] C:\Program Files\Digital Line Detect
    [11/07/2007|15:22] C:\Program Files\Direct X
    [25/01/2009|09:00] C:\Program Files\EA GAMES
    [27/04/2007|14:50] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [11/03/2008|19:55] C:\Program Files\Google
    [02/06/2008|20:15] C:\Program Files\InstallShield Installation Information
    [26/10/2008|19:34] C:\Program Files\Intel
    [11/10/2008|10:14] C:\Program Files\Internet Explorer
    [21/12/2008|20:49] C:\Program Files\iPod
    [25/01/2009|09:00] C:\Program Files\IrfanView
    [21/12/2008|20:49] C:\Program Files\iTunes
    [05/12/2008|12:36] C:\Program Files\Java
    [07/04/2008|16:17] C:\Program Files\KONAMI
    [05/06/2008|17:37] C:\Program Files\Lavasoft
    [28/01/2009|18:15] C:\Program Files\ma-config.com
    [10/03/2008|17:25] C:\Program Files\Ma‹do Production
    [04/07/2007|10:57] C:\Program Files\Media Player Classic
    [15/02/2009|21:35] C:\Program Files\Messenger Plus! Live
    [21/12/2008|18:11] C:\Program Files\Microsoft
    [02/03/2008|08:59] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [02/11/2006|13:37] C:\Program Files\Microsoft Games
    [15/05/2007|17:45] C:\Program Files\Microsoft Money 2005
    [27/04/2007|18:46] C:\Program Files\Microsoft Office
    [26/02/2009|18:20] C:\Program Files\Microsoft Silverlight
    [27/04/2007|18:46] C:\Program Files\Microsoft Visual Studio
    [27/04/2007|18:43] C:\Program Files\Microsoft Visual Studio 8
    [15/09/2008|08:51] C:\Program Files\Microsoft Works
    [27/04/2007|18:45] C:\Program Files\Microsoft.NET
    [01/12/2007|09:15] C:\Program Files\mIRC
    [24/04/2007|01:17] C:\Program Files\Modem Diagnostic Tool
    [11/10/2008|10:14] C:\Program Files\Movie Maker
    [27/02/2009|17:22] C:\Program Files\Mozilla Firefox
    [27/04/2007|18:46] C:\Program Files\MSBuild
    [27/04/2007|18:15] C:\Program Files\MSECache
    [24/04/2007|01:12] C:\Program Files\MSXML 4.0
    [24/04/2007|01:16] C:\Program Files\NetWaiting
    [19/11/2008|22:30] C:\Program Files\PDFCreator
    [19/11/2008|22:30] C:\Program Files\PDFCreator Toolbar
    [04/07/2007|12:25] C:\Program Files\Player Tool
    [21/12/2008|20:46] C:\Program Files\QuickTime
    [02/11/2006|13:37] C:\Program Files\Reference Assemblies
    [25/01/2009|09:00] C:\Program Files\Rhinoceros 3.0
    [25/01/2009|09:00] C:\Program Files\Rhinoceros 3.0 Evaluation
    [28/05/2007|09:01] C:\Program Files\Roxio
    [24/04/2007|01:15] C:\Program Files\SigmaTel
    [05/10/2007|20:03] C:\Program Files\Skyline
    [01/09/2007|14:00] C:\Program Files\Skype
    [19/01/2009|10:55] C:\Program Files\SpeedSim
    [24/04/2007|08:51] C:\Program Files\Synaptics
    [13/03/2008|17:26] C:\Program Files\SystemRequirementsLab
    [27/02/2009|16:53] C:\Program Files\trend micro
    [02/11/2006|14:01] C:\Program Files\Uninstall Information
    [10/03/2008|16:52] C:\Program Files\utorrent
    [04/07/2007|16:13] C:\Program Files\VideoLAN
    [02/06/2008|20:15] C:\Program Files\Vision Objects
    [11/10/2008|10:14] C:\Program Files\Windows Calendar
    [11/10/2008|10:14] C:\Program Files\Windows Collaboration
    [11/10/2008|10:14] C:\Program Files\Windows Defender
    [11/10/2008|10:14] C:\Program Files\Windows Journal
    [21/12/2008|18:09] C:\Program Files\Windows Live
    [21/12/2008|18:09] C:\Program Files\Windows Live SkyDrive
    [11/02/2009|23:44] C:\Program Files\Windows Mail
    [01/11/2008|18:37] C:\Program Files\Windows Media Player
    [27/04/2007|14:50] C:\Program Files\Windows NT
    [11/10/2008|10:14] C:\Program Files\Windows Photo Gallery
    [11/10/2008|10:14] C:\Program Files\Windows Sidebar
    [11/03/2008|19:55] C:\Program Files\WinRAR
    [10/11/2008|13:52] C:\Program Files\Zattoo
    [02/08/2008|10:46] C:\Program Files\Zone Labs

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [23/02/2009|23:47] C:\Program Files\Common Files\Adobe
    [13/05/2007|21:26] C:\Program Files\Common Files\Ahead
    [21/12/2008|20:49] C:\Program Files\Common Files\Apple
    [26/02/2009|18:53] C:\Program Files\Common Files\AVSMedia
    [27/04/2007|18:46] C:\Program Files\Common Files\DESIGNER
    [05/08/2007|17:43] C:\Program Files\Common Files\InstallShield
    [26/10/2008|19:34] C:\Program Files\Common Files\Intel
    [24/04/2007|01:13] C:\Program Files\Common Files\Java
    [03/01/2008|17:25] C:\Program Files\Common Files\LogiShrd
    [23/02/2009|22:05] C:\Program Files\Common Files\Macrovision Shared
    [05/03/2008|00:51] C:\Program Files\Common Files\McNeel Shared
    [21/02/2009|08:05] C:\Program Files\Common Files\microsoft shared
    [24/04/2007|01:24] C:\Program Files\Common Files\Roxio Shared
    [02/11/2006|12:18] C:\Program Files\Common Files\Services
    [01/09/2007|14:00] C:\Program Files\Common Files\Skype
    [24/04/2007|01:26] C:\Program Files\Common Files\Sonic Shared
    [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
    [23/02/2008|15:40] C:\Program Files\Common Files\supportsoft
    [24/04/2007|01:24] C:\Program Files\Common Files\SureThing Shared
    [25/07/2008|19:53] C:\Program Files\Common Files\Symantec Shared
    [11/10/2008|10:14] C:\Program Files\Common Files\System
    [21/12/2008|18:01] C:\Program Files\Common Files\Windows Live
    [13/03/2008|21:05] C:\Program Files\Common Files\WindowsLiveInstaller
    [05/06/2008|17:36] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 78 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-27 17:42:18
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    C:\Users\ReNo\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1241 bytes hidden from API
    scan completed successfully
    hidden processes: 0
    hidden files: 521

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\ReNo\AppData\Roaming\utorrent\civ4patch109plusnodvdcdcrack.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\Civilization 4 IV + Warlords expansion + 1.61 + 2.08 update + nocd crack civ4 civIV.rar.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\Civilization IV 1.61 Update + Crack - PCGAME.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\Civilization.IV.Full.PLUS.Crack.WEBSEED.zip.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\Pro.Cycling.Manager.2008-RELOADED - CRACK ONLY.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\rhino 3D v3.0 + crack + patch fr.rar.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\rld-cbts-crack.only-uolamer.rar.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\Winrar 3.71 French + Keygen.torrent
    C:\Users\ReNo\AppData\Roaming\utorrent\[NewTorrents.info]_Civilization.IV.v1.52.CRACK.ONLY-RELOADED.torrent


    [F:138][D:19]-> C:\Users\ReNo\AppData\Local\Temp
    [F:45][D:1]-> C:\Users\ReNo\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:143][D:4]-> C:\Users\ReNo\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:4][D:4]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - 27/02/2009|17:31 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 27/02/2009|17:45 - Option : [2]

    --------------------\\ Fin du rapport a 17:45:44
    [ UAC => 1 ]


    a c 327 8 Sécurité
    27 Février 2009 17:53:13

  • Télécharge DirLook sur ton Bureau.
  • Clique droit sur DirLook.exe et choisis Exécuter en tant qu'administrateur.
  • Vérifie que les deux cases situées derrière "Show hidden files/folders:" et "BBCode Output:" soient cochées.
  • Copie le texte ci-dessous :

    C:\ProgramData\uploadregs


  • Dans la petite fenêtre de DirLook, faire un clic droit dans la zone blanche et choisir Coller.
    Note : les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de DirLook.

  • Clique sur le bouton DirLook pour lancer la recherche. Lorsque l'outil a terminé cette recherche, le Bloc-notes s'ouvre.
    Note : Dans le Bloc-notes, vérifie dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.

  • Enregistre le rapport sous le nom DirLook1.txt et ferme le Bloc-notes.
  • Ferme DirLook en cliquant sur le bouton Exit puis poste le rapport.
    27 Février 2009 18:03:37

    DirLook.exe v2.0 by jpshortstuff
    Log created at 18:02 on 27/02/2009
    ==================================
    Contents of "C:\ProgramData\uploadregs"

    ---FOLDERS---

    (none found)

    ---FILES---

    Error Creative.exe (585728 bytes - created on 26/02/2009 at 15:40, modified on 26/02/2009 at 15:40) --a---
    zmhupqlx.exe (892928 bytes - created on 26/02/2009 at 15:41, modified on 26/02/2009 at 15:41) --a---

    ==================================
    =EOF=
    a c 327 8 Sécurité
    27 Février 2009 18:06:04

    Dossier infecté par Lop.

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\ProgramData\uploadregs

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    27 Février 2009 18:16:42

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    C:\ProgramData\uploadregs moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\Users\ReNo\AppData\Local\Temp\etilqs_YGe3qhMecMqBO9ZljD15 scheduled to be deleted on reboot.
    File delete failed. C:\Users\ReNo\AppData\Local\Temp\fla5523.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\ReNo\AppData\Local\Temp\~ROMFN_00000F24 scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\Windows\temp\JET19F5.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\TMP00000073910CEDB6EB81BD6F scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\ZLT07eb3.TMP scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\ZLT07eba.TMP scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    File delete failed. C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02272009_180807

    Files moved on Reboot...
    File C:\Users\ReNo\AppData\Local\Temp\etilqs_YGe3qhMecMqBO9ZljD15 not found!
    File C:\Users\ReNo\AppData\Local\Temp\fla5523.tmp not found!
    File C:\Users\ReNo\AppData\Local\Temp\~ROMFN_00000F24 not found!
    C:\Windows\temp\JET19F5.tmp moved successfully.
    File C:\Windows\temp\TMP00000073910CEDB6EB81BD6F not found!
    File C:\Windows\temp\ZLT07eb3.TMP not found!
    File C:\Windows\temp\ZLT07eba.TMP not found!
    C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\urlclassifier3.sqlite moved successfully.
    C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\XUL.mfl moved successfully.
    a c 327 8 Sécurité
    27 Février 2009 18:33:57

  • Supprime Java(TM) 6 Update 11.

  • Mets à jour Adobe Reader.

  • Mets à jour Java.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    27 Février 2009 19:00:24

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1810
    Windows 6.0.6001 Service Pack 1

    27/02/2009 18:59:19
    mbam-log-2009-02-27 (18-59-19).txt

    Type de recherche: Examen rapide
    Eléments examinés: 61917
    Temps écoulé: 7 minute(s), 3 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    a c 327 8 Sécurité
    27 Février 2009 19:01:07

  • Refais un scan RSIT et poste le rapport log.
    27 Février 2009 19:07:11

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by ReNo at 2009-02-27 19:04:31
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 32 GB (32%) free of 102 GB
    Total RAM: 2046 MB (42% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:04:49, on 27/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Windows\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\Users\ReNo\Desktop\RSIT.exe
    C:\Program Files\trend micro\ReNo.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (file missing)
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11812 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\User_Feed_Synchronization-{1F18BEA8-D8E0-4CA6-8F85-A4868A1B8959}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-25 1062184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-31 1078552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-10 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
    PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-11-19 806912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-27 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-03-10 2436160]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]
    {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-11-19 806912]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-18 815104]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
    ""= []
    "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
    "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-04-24 240640]
    "ECenter"=c:\dell\E-Center\EULALauncher.exe [2006-11-17 17920]
    "PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2006-10-13 184320]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
    "NeroCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
    "dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2007-01-12 292336]
    "MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-11-04 304008]
    "FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-11-04 312200]
    "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
    "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
    "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-03 959976]
    "SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-02-08 303104]
    "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-10-04 86016]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-10-04 8497696]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-10-04 81920]
    "NVHotkey"=C:\Windows\system32\nvHotkey.dll [2007-10-04 86016]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-31 1601304]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-27 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2006-11-12 446976]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
    "Cld2000.exe"=C:\Program Files\Calendrier\Cld2000.exe []
    "Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe []
    "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-03-10 171448]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
    QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "FilterAdministratorToken"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bd246fd-14d3-11dc-bd78-0019b96ba7ac}]
    shell\AutoRun\command - F:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ee533c4-2f41-11dc-93c5-0019b96ba7ac}]
    shell\AutoRun\command - F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3785a065-c825-11dd-90ad-0019b96ba7ac}]
    shell\AutoRun\command - J:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576f8d54-8c45-11dc-a484-0019b96ba7ac}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a6014a0-9a09-11dd-b8cf-0019b96ba7ac}]
    shell\AutoRun\command - I:\t.com
    shell\explore\command - I:\t.com
    shell\open\command - I:\t.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fc6ffd2-519b-11dc-b71e-0019b96ba7ac}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{734c90e8-df09-11dd-84ef-0019b96ba7ac}]
    shell\AutoRun\command - K:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fc531e9-f82d-11dc-8093-0019b96ba7ac}]
    shell\AutoRun\command - H:\yannh.cmd
    shell\explore\command - H:\yannh.cmd
    shell\open\command - H:\yannh.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad17c62c-f788-11dd-9eab-0019b96ba7ac}]
    shell\AutoRun\command - H:\t.com
    shell\explore\command - H:\t.com
    shell\open\command - H:\t.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cde995dd-30b7-11dd-94e8-0019b96ba7ac}]
    shell\AutoRun\command - I:\PenInkViewer\Viewer_for_Windows\PenInkViewer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9b2f07e-9459-11dd-b657-0019b96ba7ac}]
    shell\AutoRun\command - I:\t.com
    shell\explore\command - I:\t.com
    shell\open\command - I:\t.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd142b00-f607-11dd-9dc2-0019b96ba7ac}]
    shell\AutoRun\command - F:\t.com
    shell\explore\command - F:\t.com
    shell\open\command - F:\t.com


    ======List of files/folders created in the last 1 months======

    2009-02-27 18:50:57 ----D---- C:\Users\ReNo\AppData\Roaming\Malwarebytes
    2009-02-27 18:50:49 ----D---- C:\ProgramData\Malwarebytes
    2009-02-27 18:50:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-02-27 18:49:41 ----A---- C:\Windows\system32\javaws.exe
    2009-02-27 18:49:41 ----A---- C:\Windows\system32\javaw.exe
    2009-02-27 18:49:41 ----A---- C:\Windows\system32\java.exe
    2009-02-27 18:44:51 ----SHD---- C:\Config.Msi
    2009-02-27 18:08:07 ----D---- C:\_OTMoveIt
    2009-02-27 17:59:53 ----A---- C:\DirLook.txt
    2009-02-27 17:27:01 ----A---- C:\lopR.txt
    2009-02-27 17:26:06 ----D---- C:\Lop SD
    2009-02-27 16:53:20 ----D---- C:\Program Files\trend micro
    2009-02-27 16:53:17 ----D---- C:\rsit
    2009-02-26 07:19:36 ----A---- C:\Windows\system32\NCTWMAFile.dll
    2009-02-26 07:19:35 ----A---- C:\Windows\system32\NCTAudioFile.dll
    2009-02-26 07:19:35 ----A---- C:\Windows\system32\lame_enc.dll
    2009-02-26 07:19:34 ----A---- C:\Windows\system32\faq.txt
    2009-02-26 07:19:26 ----D---- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
    2009-02-25 23:58:52 ----D---- C:\ProgramData\AVS4YOU
    2009-02-25 23:58:50 ----D---- C:\Users\ReNo\AppData\Roaming\AVS4YOU
    2009-02-25 23:58:19 ----D---- C:\Program Files\Common Files\AVSMedia
    2009-02-25 23:58:18 ----A---- C:\Windows\system32\msxml3a.dll
    2009-02-25 23:58:18 ----A---- C:\Windows\system32\msvcp70.dll
    2009-02-25 23:58:18 ----A---- C:\Windows\system32\cc3270mt.dll
    2009-02-25 23:58:17 ----D---- C:\Program Files\AVS4YOU
    2009-02-25 21:18:03 ----A---- C:\Windows\system32\msvcr70.dll
    2009-02-23 23:40:12 ----D---- C:\ProgramData\ALM
    2009-02-23 22:05:20 ----D---- C:\Program Files\Common Files\Macrovision Shared
    2009-02-23 20:51:37 ----AD---- C:\Adobe suite
    2009-02-15 17:39:17 ----D---- C:\Users\ReNo\AppData\Roaming\vlc
    2009-02-15 17:39:15 ----D---- C:\Program Files\adslTV
    2009-02-15 10:15:14 ----A---- C:\Windows\system32\EncDec.dll
    2009-02-15 10:15:11 ----A---- C:\Windows\system32\psisdecd.dll
    2009-02-11 22:40:56 ----A---- C:\Windows\system32\mshtml.dll
    2009-02-11 22:40:55 ----A---- C:\Windows\system32\ieframe.dll
    2009-02-11 22:40:53 ----A---- C:\Windows\system32\urlmon.dll
    2009-02-11 22:40:52 ----A---- C:\Windows\system32\msfeeds.dll
    2009-02-11 22:40:51 ----A---- C:\Windows\system32\wininet.dll
    2009-02-11 22:40:50 ----A---- C:\Windows\system32\mstime.dll
    2009-02-11 22:40:48 ----A---- C:\Windows\system32\iertutil.dll
    2009-02-11 22:40:45 ----A---- C:\Windows\system32\jsproxy.dll
    2009-02-11 19:17:00 ----D---- C:\Program Files\CCleaner
    2009-02-06 18:52:40 ----A---- C:\Windows\system32\sirenacm.dll
    2009-01-31 11:49:39 ----A---- C:\Windows\system32\avgrsstx.dll

    ======List of files/folders modified in the last 1 months======

    2009-02-27 19:04:38 ----D---- C:\Windows\Temp
    2009-02-27 19:00:30 ----D---- C:\Windows\Internet Logs
    2009-02-27 18:50:53 ----D---- C:\Windows\system32\drivers
    2009-02-27 18:50:49 ----RD---- C:\Program Files
    2009-02-27 18:50:49 ----HD---- C:\ProgramData
    2009-02-27 18:50:14 ----SHD---- C:\Windows\Installer
    2009-02-27 18:49:42 ----D---- C:\Windows\System32
    2009-02-27 18:49:15 ----A---- C:\Windows\system32\deploytk.dll
    2009-02-27 18:48:56 ----SHD---- C:\System Volume Information
    2009-02-27 18:47:57 ----D---- C:\ProgramData\Adobe
    2009-02-27 18:46:53 ----D---- C:\Program Files\Common Files\Adobe
    2009-02-27 18:46:09 ----D---- C:\Program Files\Adobe
    2009-02-27 18:13:11 ----D---- C:\MDT
    2009-02-27 17:22:01 ----D---- C:\Program Files\Mozilla Firefox
    2009-02-27 16:55:19 ----D---- C:\Users\ReNo\AppData\Roaming\Skype
    2009-02-27 07:52:40 ----D---- C:\Windows\Debug
    2009-02-27 07:52:40 ----D---- C:\Windows
    2009-02-26 23:13:21 ----HD---- C:\$AVG8.VAULT$
    2009-02-26 18:20:03 ----D---- C:\Program Files\Microsoft Silverlight
    2009-02-26 16:40:48 ----D---- C:\Windows\system32\Tasks
    2009-02-26 07:16:58 ----D---- C:\Users\ReNo\AppData\Roaming\utorrent
    2009-02-25 23:58:19 ----D---- C:\Program Files\Common Files
    2009-02-25 21:02:25 ----RSD---- C:\Windows\assembly
    2009-02-25 20:43:16 ----D---- C:\Windows\system32\catroot2
    2009-02-24 08:01:30 ----D---- C:\Users\ReNo\AppData\Roaming\Adobe
    2009-02-23 22:27:41 ----D---- C:\Windows\winsxs
    2009-02-23 17:51:17 ----D---- C:\Windows\Prefetch
    2009-02-21 08:05:39 ----D---- C:\Program Files\Common Files\microsoft shared
    2009-02-20 18:13:48 ----D---- C:\Windows\inf
    2009-02-20 18:13:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-02-17 17:26:43 ----D---- C:\Windows\Downloaded Installations
    2009-02-15 23:27:40 ----D---- C:\Windows\Microsoft.NET
    2009-02-15 23:27:24 ----D---- C:\Windows\ehome
    2009-02-15 21:35:52 ----D---- C:\Program Files\Messenger Plus! Live
    2009-02-15 10:06:42 ----D---- C:\Windows\system32\catroot
    2009-02-11 23:45:10 ----D---- C:\ProgramData\Microsoft Help
    2009-02-11 23:44:12 ----D---- C:\Program Files\Windows Mail
    2009-02-11 19:32:42 ----D---- C:\Windows\Minidump
    2009-02-04 00:21:12 ----A---- C:\Windows\system32\mrt.exe
    2009-01-31 11:21:14 ----D---- C:\ProgramData\avg8
    2009-01-28 18:15:50 ----D---- C:\ProgramData\ma-config.com
    2009-01-28 18:15:50 ----D---- C:\Program Files\ma-config.com

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-01-31 325128]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-31 27656]
    R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
    R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
    R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-03-03 279440]
    R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
    R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
    R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9432]
    R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
    R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
    R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
    R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
    R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
    R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
    R2 dsunidrv;dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [2006-08-17 7424]
    R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-12 12672]
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256]
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-20 43520]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-20 37376]
    R2 RMCAST;Pilote du protocole RMCAT PGMP; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664]
    R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-12 8192]
    R3 bcm4sbxp;Pilote XP du contrôleur intégré Broadcom 440x 10/100; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-12 986624]
    R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-12 206848]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-10-04 7628608]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
    R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-08 647680]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-18 179256]
    R3 V0260VID;Live! Cam Vista IM; C:\Windows\system32\DRIVERS\V0260Vid.sys [2007-07-18 154784]
    R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-12 659968]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
    S3 akl97bm8;akl97bm8; C:\Windows\system32\drivers\akl97bm8.sys []
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-01-24 14336]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 e1express;Pilote de la connexion réseau Intel(R) PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
    S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys []
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
    S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-03-13 2555392]
    S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-06-28 137216]
    S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-06-28 8320]
    S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-06-28 12288]
    S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-06-28 12288]
    S3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys []
    S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS []
    S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
    S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-05 611664]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-11-04 537480]
    R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-08-20 860160]
    R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-08-20 466944]
    R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
    R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-03-03 79400]
    R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-12 386560]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
    S2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe []
    S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe []
    S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2006-11-07 70656]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-23 654848]
    S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2007-04-24 81408]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-10 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

    -----------------EOF-----------------

    a c 327 8 Sécurité
    27 Février 2009 19:11:01

  • Supprime les traces de Norton avec ceci.

    L'auteur d'UsbFix ayant retiré son programme (UsbFix), je prends la responsabilité de te le faire utiliser. Merci aux autres de ne pas utiliser le lien de téléchargement donné.

  • Télécharge UsbFix sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Clique droit sur le raccourci UsbFix sur ton Bureau et choisis Exécuter en tant qu'administrateur.
  • Choisis l'option 1 (Nettoyage).
  • Le PC va redémarrer.
  • Après redémarrage, poste le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

    (Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
    27 Février 2009 19:39:15

    Voila le rapport
    Mais le bureau ne réapparait pas en tapant "explorer.exe"...

    -------------- UsbFix V2.414.3 ---------------

    * User : ReNo - NENEO
    * Outils mis a jours le 18/01/2009 par Chiquitine29 et Chimay8
    * Recherche effectuée à 19:26:37 le 27/02/2009
    * Windows Vista - Internet Explorer 7.0.6001.18000


    --------------- [ Processus actifs ] ----------------


    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\ZoneLabs\vsmon.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\PresentationSettings.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\dlcxcoms.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Windows\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\system32\runonce.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe
    D: - Lecteur fixe
    E: - Lecteur de CD-ROM
    F: - Lecteur amovible
    H: - Lecteur amovible
    I: - Lecteur amovible
    J: - Lecteur fixe

    +- Contenu de l'autorun : J:\autorun.inf

    [autorun]
    icon=.VolumeIcon.ico


    --------------- [ Lecteur C ] ----------------

    C: - Lecteur fixe

    +- Listing des fichiers présents :

    [18/09/2006 22:43][--a------] C:\autoexec.bat
    [27/02/2009 18:02][--a------] C:\DirLook.txt
    [27/02/2009 18:02][--a------] C:\lopR.txt
    [27/02/2009 18:02][--a------] C:\UsbFix.txt
    [18/09/2006 22:43][--a------] C:\config.sys
    [18/09/2006 22:43][--a------] C:\hiberfil.sys
    [18/09/2006 22:43][--a------] C:\IO.SYS
    [18/09/2006 22:43][--a------] C:\MSDOS.SYS
    [18/09/2006 22:43][--a------] C:\pagefile.sys

    --------------- [ Lecteur D ] ----------------

    D: - Lecteur fixe

    +- Listing des fichiers présents :


    --------------- [ Lecteur E ] ----------------

    E: - Lecteur de CD-ROM

    +- Listing des fichiers présents :


    --------------- [ Lecteur F ] ----------------

    F: - Lecteur amovible

    +- Listing des fichiers présents :


    --------------- [ Lecteur H ] ----------------

    H: - Lecteur amovible

    +- Listing des fichiers présents :


    --------------- [ Lecteur I ] ----------------

    I: - Lecteur amovible

    +- Listing des fichiers présents :


    --------------- [ Lecteur J ] ----------------

    J: - Lecteur fixe

    +- Listing des fichiers présents :

    [26/12/2008 16:05][---hs----] J:\._autorun.inf
    [26/12/2008 16:05][---hs----] J:\autorun.inf

    --------------- [ Registre / Startup ] ----------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    DellSupport="C:\Program Files\DellSupport\DSAgnt.exe" /startup
    ehTray.exe=C:\Windows\ehome\ehTray.exe
    DAEMON Tools="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    Cld2000.exe=C:\Program Files\Calendrier\Cld2000.exe
    Rainlendar2=C:\Program Files\Rainlendar2\Rainlendar2.exe
    DellSupportCenter="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    swg=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
    <NO NAME>=

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    ISUSScheduler="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    <NO NAME>=
    RoxWatchTray="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    ECenter=c:\dell\E-Center\EULALauncher.exe
    PCMService="C:\Program Files\Dell\MediaDirect\PCMService.exe"
    ISUSPM Startup=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    NeroCheck=C:\Windows\system32\NeroCheck.exe
    dlcxmon.exe="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
    MemoryCardManager="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    FaxCenterServer="C:\Program Files\Dell PC Fax\fm3032.exe" /s
    dscactivate="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    DellSupportCenter="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    SigmatelSysTrayApp=sttray.exe
    NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    NVHotkey=rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
    QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
    SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd246fd-14d3-11dc-bd78-0019b96ba7ac}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ee533c4-2f41-11dc-93c5-0019b96ba7ac}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3785a065-c825-11dd-90ad-0019b96ba7ac}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{576f8d54-8c45-11dc-a484-0019b96ba7ac}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a6014a0-9a09-11dd-b8cf-0019b96ba7ac}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a6014a0-9a09-11dd-b8cf-0019b96ba7ac}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a6014a0-9a09-11dd-b8cf-0019b96ba7ac}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fc6ffd2-519b-11dc-b71e-0019b96ba7ac}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{734c90e8-df09-11dd-84ef-0019b96ba7ac}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc531e9-f82d-11dc-8093-0019b96ba7ac}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc531e9-f82d-11dc-8093-0019b96ba7ac}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc531e9-f82d-11dc-8093-0019b96ba7ac}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad17c62c-f788-11dd-9eab-0019b96ba7ac}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad17c62c-f788-11dd-9eab-0019b96ba7ac}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad17c62c-f788-11dd-9eab-0019b96ba7ac}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cde995dd-30b7-11dd-94e8-0019b96ba7ac}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9b2f07e-9459-11dd-b657-0019b96ba7ac}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9b2f07e-9459-11dd-b657-0019b96ba7ac}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9b2f07e-9459-11dd-b657-0019b96ba7ac}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd142b00-f607-11dd-9dc2-0019b96ba7ac}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd142b00-f607-11dd-9dc2-0019b96ba7ac}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd142b00-f607-11dd-9dc2-0019b96ba7ac}\Shell\open\Command

    --------------- [ Nettoyage des disques ] ----------------

    Supprimé ! - [10/08/2008 12:54][---hs----] F:\msvcr71.dll
    Supprimé ! - [26/12/2008 16:05][---hs----] J:\._autorun.inf
    Supprimé ! - [26/12/2008 16:05][---hs----] J:\autorun.inf

    --------------- [ Resumé ] ----------------

    -> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

    [18/09/2006 22:43][--a------] C:\autoexec.bat

    --------------- [ Vaccination ] ----------------

    C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    H:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    I:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    J:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

    --------------- ! Fin du rapport ! ----------------

    a c 327 8 Sécurité
    27 Février 2009 19:41:11

  • Désinstalle UsbFix.

    Redémarre ton PC et dis-moi si tout va bien.
    27 Février 2009 19:49:11

    Tout à l'air d'aller bien, le bureau est revenu.

    Si c'est fini, je te remercie grandement, pour ton efficacité, ta clarté et ta rapidité d'intervention.

    J'aimerais te demander quoi faire pour avoir un bon entretien de mon ordinateur : j'ai AVG 8, Zone Alarm et Ad-aware et j'essaie de faire des analyse régulièrement.

    Merci
    a c 327 8 Sécurité
    27 Février 2009 19:55:31

    1/

  • Désinstalle HijackThis.

  • Télécharge OTCleanIt sur ton Bureau :
  • Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
  • Clique sur CleanUp! puis clique sur Yes à la fenêtre Confirm.
  • Redémarre ton PC comme demandé.


    2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

  • Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    27 Février 2009 19:58:22

    Merci beaucoup !
    a c 327 8 Sécurité
    27 Février 2009 20:00:08

    ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS