Se connecter / S'enregistrer
Votre question

Pub intempestives PC lent [Résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Janvier 2009 16:32:49

Bonjour
Depuis un certain temps je reçois des Pub INTEMPESTIVES mon Antivirus G-DATA 2009 ne trouve rien ni Spybot. J’ai nettoyé le PC avec TUNEUP 2008 mais cela ne règle pas mon problème. Je ne sais plus comment faire pour remédier à ce problème, de plus parfois ma souris hachure dans ses déplacements, de même lorsque j’écoute de la musique le son hachure au point ou l’écoute devient impossible. Je compte sur vous pour m’aider à régler se problème Soyez indulgent avec un retraité au grand âge.
Ma configuration matérielle
C.M :Gigabyte X48- DQ6
Proc : Intel 2 core quad q9650
4 go de ram
Win XP Familial
Merci pour votre aide

Autres pages sur : pub intempestives lent resolu

8 Janvier 2009 09:59:29

Merci de m'aider voici mon rapport


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:11, on 08/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jacques\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: milehighads - {5262860b-be9d-c70d-f1ee-af145c648bbb} - C:\WINDOWS\system32\nss14.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CT...
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12008 bytes
Contenus similaires
a b 8 Sécurité
8 Janvier 2009 15:10:30

Re,

Ce n'est pas clean.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    9 Janvier 2009 16:14:57

    Voici avec un peu de retard...le rapport de Malwarebyte's anti-malware

    Malwarebytes' Anti-Malware 1.32
    Version de la base de données: 1627
    Windows 5.1.2600 Service Pack 3

    07/01/2009 23:14:01
    mbam-log-2009-01-07 (23-14-01).txt

    Type de recherche: Examen complet (C:\|M:\|)
    Eléments examinés: 438172
    Temps écoulé: 5 hour(s), 34 minute(s), 52 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    M:\LOGICIEL\powerdvd 8\Nouveau dossier\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    M:\TOTAL\Maxtor backup\JACQUES\D\SAUVEGARDE GENERAL DE TOUS LES DD\SVG\Logiciel\A_GRAVER\Log_Son\Sony Sound Forge 7.0\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    M:\TOTAL\Maxtor backup\JACQUES\F\SVG\Logiciel\A_GRAVER\Log_Son\Sony Sound Forge 7.0\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    9 Janvier 2009 18:14:41

    Reposte un rapport Hijackthis.
    9 Janvier 2009 18:53:59

    Merci encore.. pardon si je ne suis pas trés réactif sur le forum j'ai plein d'occupation en ce moment.
    voici donc un second rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:52:14, on 09/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
    C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\SFR\Media Center\MediaCenter.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SFR\Media Center\httpd\httpd.exe
    C:\Program Files\SFR\Media Center\httpd\httpd.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\System32\TuneUpDefragService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jacques\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: milehighads - {5262860b-be9d-c70d-f1ee-af145c648bbb} - C:\WINDOWS\system32\nsk1E.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CT...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
    O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 12156 bytes
    a b 8 Sécurité
    10 Janvier 2009 13:11:56

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    10 Janvier 2009 17:32:07

    Voici le rapport de ComboFix


    ComboFix 09-01-09.03 - Jacques 2009-01-10 17:25:36.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3326.2507 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Jacques\Mes documents\TELECHARGEMENT\ComboFix\ComboFix.exe
    * Un nouveau point de restauration a été créé
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
    c:\documents and settings\All Users\Application Data\vlc-0.9.6-win32.exe
    c:\documents and settings\Jacques\Application Data\inst.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-10 au 2009-01-10 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\Jacques\Application Data\Malwarebytes
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-07 16:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-07 16:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-07 09:42 . 2009-01-07 09:42 <REP> d-------- c:\documents and settings\Jacques\Application Data\TuneUp Software
    2009-01-07 09:42 . 2009-01-07 09:42 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
    2009-01-07 09:42 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
    2009-01-07 09:41 . 2009-01-07 09:45 <REP> d-------- c:\program files\TuneUp Utilities 2008
    2009-01-07 09:41 . 2009-01-07 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-01-07 09:30 . 2009-01-07 09:30 <REP> d-------- c:\program files\AxBx
    2009-01-05 20:02 . 2009-01-05 20:02 681,472 --a------ c:\windows\system32\nsk1E.dll
    2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\program files\JAM Software
    2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\documents and settings\Jacques\Application Data\JAM Software
    2009-01-03 12:34 . 2009-01-09 18:56 156 --a------ c:\windows\Twunk001.MTX
    2009-01-03 12:34 . 2009-01-09 18:56 4 --a------ c:\windows\Twain001.Mtx
    2009-01-03 12:34 . 2009-01-03 12:34 0 --a------ c:\windows\Twunk002.MTX
    2009-01-03 10:15 . 2009-01-09 15:31 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe
    2009-01-03 10:15 . 2009-01-03 10:15 68,513 --a------ c:\windows\system32\pujaruyrydgs.dll-uninst.exe
    2009-01-03 10:15 . 2009-01-03 10:15 47,576 --a------ c:\windows\system32\rmnajrfcoebsfdb.exe
    2009-01-02 13:46 . 2009-01-02 17:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\PixVue
    2009-01-02 08:28 . 2008-04-01 13:23 118,520 --------- c:\windows\system32\pxinsi64.exe
    2009-01-02 08:28 . 2008-04-01 13:23 118,056 --------- c:\windows\system32\pxcpyi64.exe
    2008-12-28 09:08 . 2008-12-28 09:08 0 --a------ c:\windows\nsreg.dat
    2008-12-28 08:41 . 2008-12-28 08:41 <REP> d-------- c:\documents and settings\Jacques\Application Data\Windows Live Writer
    2008-12-27 19:31 . 2008-12-27 19:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\Fichiers communs\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
    2008-12-27 16:55 . 2009-01-02 18:40 <REP> d-------- c:\program files\Incomplete
    2008-12-27 16:32 . 2008-12-27 16:32 68,424 --a------ c:\windows\system32\drivers\GRD.sys
    2008-12-27 16:30 . 2009-01-10 17:28 82,761,760 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2008-12-27 16:30 . 2009-01-10 17:28 1,138,208 --ahs---- c:\windows\system32\drivers\fidbox2.dat
    2008-12-27 16:30 . 2009-01-10 10:36 975,464 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2008-12-27 16:30 . 2009-01-10 10:36 112,892 --ahs---- c:\windows\system32\drivers\fidbox2.idx
    2008-12-27 16:04 . 2008-12-27 16:25 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys
    2008-12-27 16:04 . 2008-12-27 16:25 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
    2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\G DATA
    2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\Fichiers communs\G DATA
    2008-12-27 16:03 . 2008-12-27 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
    2008-12-27 16:03 . 2008-12-29 08:48 <REP> d--hs---- C:\#GDATA.Trash.Store#
    2008-12-27 16:03 . 2008-12-27 16:31 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
    2008-12-27 16:03 . 2008-12-27 16:03 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
    2008-12-19 16:34 . 2008-12-19 16:34 <REP> d-------- c:\program files\Xvid
    2008-12-19 16:34 . 2008-12-04 21:42 815,104 --a------ c:\windows\system32\xvidcore.dll
    2008-12-19 16:34 . 2008-12-04 21:46 180,224 --a------ c:\windows\system32\xvidvfw.dll
    2008-12-19 16:34 . 2008-12-13 20:01 77,824 --a------ c:\windows\system32\xvid.ax
    2008-12-18 10:02 . 2008-12-18 10:02 <REP> d-------- c:\documents and settings\Jacques\Application Data\muvee Technologies
    2008-12-18 10:02 . 2008-12-18 10:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Creative
    2008-12-18 09:39 . 2008-12-18 09:39 <REP> d-------- c:\program files\iTunes
    2008-12-18 09:39 . 2009-01-02 17:55 <REP> d-------- c:\program files\iPod
    2008-12-18 09:39 . 2008-12-18 09:39 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-18 09:39 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
    2008-12-18 09:39 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
    2008-12-18 09:38 . 2008-12-18 09:38 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
    2008-12-18 09:37 . 2009-01-02 17:25 <REP> d-------- c:\program files\Fichiers communs\Apple
    2008-12-18 09:21 . 2008-12-18 09:21 <REP> d-------- c:\documents and settings\Jacques\Application Data\Creative
    2008-12-18 09:19 . 2000-05-22 09:58 647,872 --------- c:\windows\system32\Mscomct2.ocx
    2008-12-18 09:19 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe
    2008-12-18 09:19 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
    2008-12-18 09:17 . 2008-12-18 09:17 <REP> d-------- c:\windows\CtDrvInstall
    2008-12-18 09:17 . 2006-01-16 18:00 24,576 -ra------ c:\windows\system32\P1370Aor.dll
    2008-12-18 09:16 . 2008-12-18 09:16 <REP> d-------- c:\documents and settings\All Users\Application Data\muvee Technologies
    2008-12-18 09:15 . 2005-07-06 18:07 36,864 -ra------ c:\windows\system32\CtCamMgr.dll
    2008-12-18 09:15 . 2005-10-23 18:01 24,576 --------- c:\windows\system32\CTWEBFUN.DLL
    2008-12-18 09:14 . 2008-12-18 09:30 <REP> d-------- c:\program files\Creative
    2008-12-18 08:22 . 2009-01-10 15:35 <REP> d-------- c:\documents and settings\Jacques\Tracing
    2008-12-18 08:21 . 2008-12-18 08:21 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-12-18 08:21 . 2008-12-18 08:21 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
    2008-12-18 08:20 . 2008-12-18 08:20 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
    2008-12-18 08:18 . 2008-12-18 08:18 <REP> d-------- c:\program files\Windows Live SkyDrive
    2008-12-18 08:18 . 2008-12-18 08:18 <REP> d-------- c:\program files\Microsoft
    2008-12-17 10:34 . 2008-12-17 10:34 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2008-12-15 10:18 . 2008-12-15 10:18 <REP> d-------- c:\program files\Activision
    2008-12-15 10:15 . 2008-12-15 10:15 <REP> d--hs---- c:\windows\ftpcache
    2008-12-11 09:18 . 2008-04-14 03:33 221,184 --a------ c:\windows\system32\wmpns.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-07 08:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2009-01-05 12:26 --------- d-----w c:\program files\eMule
    2009-01-02 16:30 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-02 16:28 --------- d-----w c:\program files\Bonjour
    2008-12-29 16:17 --------- d-----w c:\program files\LimeWire
    2008-12-29 08:50 --------- d-----w c:\documents and settings\Jacques\Application Data\LimeWire
    2008-12-29 07:47 --------- d-----w c:\documents and settings\Jacques\Application Data\uTorrent
    2008-12-28 16:58 --------- d-----w c:\program files\Google
    2008-12-28 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-12-27 15:35 --------- d-----w c:\documents and settings\Jacques\Application Data\vlc
    2008-12-27 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2008-12-18 08:38 --------- d-----w c:\program files\QuickTime
    2008-12-18 07:21 --------- d-----w c:\program files\Windows Live
    2008-12-17 19:10 --------- d-----w c:\documents and settings\Jacques\Application Data\EPSON
    2008-12-16 11:36 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-14 18:56 --------- d-----w c:\program files\SFR
    2008-12-14 09:17 --------- d-----w c:\program files\Java
    2008-12-08 20:20 16,608 ----a-w c:\windows\gdrv.sys
    2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
    2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
    2008-12-01 05:58 --------- d-----w c:\program files\CyberLink
    2008-12-01 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
    2008-11-28 16:13 --------- d-----w c:\documents and settings\Jacques\Application Data\Winamp
    2008-11-28 15:51 --------- d-----w c:\program files\Winamp
    2008-11-28 15:49 --------- d-----w c:\program files\Fichiers communs\CyberLink
    2008-11-28 15:47 29,480 ----a-w c:\windows\system32\msxml3a.dll
    2008-11-26 00:04 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
    2008-11-26 00:04 --------- d-----w c:\program files\Fichiers communs\Nikon
    2008-11-25 23:44 --------- d-----w c:\documents and settings\Jacques\Application Data\Nikon
    2008-11-25 23:44 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
    2008-11-25 23:44 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
    2008-11-24 10:52 --------- d-----w c:\program files\Foxmail
    2008-11-13 10:09 --------- d-----w c:\program files\EPSON Print CD
    2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-10-24 13:40 22,328 ----a-w c:\documents and settings\Jacques\Application Data\PnkBstrK.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-12 17:34 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
    2008-10-12 14:24 4,608 ----a-w c:\windows\system32\w95inf32.dll
    2008-10-12 14:24 2,272 ----a-w c:\windows\system32\w95inf16.dll
    2008-10-06 18:24 47,360 ----a-w c:\documents and settings\Jacques\Application Data\pcouffin.sys
    2009-01-05 19:02 652,288 ----a-w c:\program files\mozilla firefox\components\nsmilehighads.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}]
    2009-01-05 20:02 681472 --a------ c:\windows\system32\nsk1E.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
    "Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-27 91432]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
    "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
    -ra------ 2008-04-11 19:50 347648 c:\documents and settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    --a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "53773:TCP"= 53773:TCP:emule tcp
    "16399:UDP"= 16399:UDP:emule udp

    R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-27 22272]
    R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-27 68424]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-30 93696]
    R3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-08-15 1407976]
    R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-27 48712]
    R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-27 32328]
    R3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
    R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
    R4 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904]
    R4 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
    R4 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
    R4 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-27 51016]
    S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
    S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-02 14336]
    S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-02 13312]
    S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-12-18 93056]
    S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-12-18 4992]
    S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-12-18 179328]
    S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
    \Shell\AutoRun\command - J:\Launch.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-10 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    ShellIconOverlayIdentifiers-{3E57A8B6-849B-476E-A3E9-CFCE49E3662A} - (no file)
    ShellIconOverlayIdentifiers-{E3F36090-0540-418f-8136-074D5B255B59} - (no file)
    ShellIconOverlayIdentifiers-{E1C1BE26-35A8-4999-A3A6-235CB7BD558B} - (no file)
    ShellIconOverlayIdentifiers-{2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51} - (no file)
    ShellIconOverlayIdentifiers-{BCA5FB3A-9FC1-4465-ACE3-8C2072449164} - (no file)
    ShellIconOverlayIdentifiers-{F0C13C81-FB8D-464e-873F-F8FF999E3EEC} - (no file)
    ShellIconOverlayIdentifiers-{0117FFFB-91FD-414E-AC34-A00531032006} - (no file)
    HKLM-Run-Device Detector - DevDetect.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel
    FF - ProfilePath - c:\documents and settings\Jacques\Application Data\Mozilla\Firefox\Profiles\4z3izwmv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Yoog Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
    FF - component: c:\program files\Mozilla Firefox\components\nsmilehighads.dll
    FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-10 17:28:25
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1960408961-117609710-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:70,cd,3d,9f,fb,04,c1,88,c0,3e,16,1e,95,be,42,cc,fa,39,1c,35,e6,
    2d,56,91,6c,33,af,ce,f6,84,81,11,ec,51,3a,92,4c,df,b4,99,e4,d6,00,b8,34,a8,\
    "rkeysecu"=hex:90,35,3a,83,0b,f6,a1,91,59,e3,93,c8,c6,aa,5b,5e

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:fa,1f,4e,6a,ec,41,da,68,df,fc,f3,f4,de,48,a5,31,bb,39,42,b8,86,
    01,c2,3b,5b,da,78,a1,ba,6d,f1,8d,29,20,7d,eb,8e,55,d4,52,64,e4,9c,d9,a3,d9,\

    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:c5,20,54,f3,8a,c4,b9,7c,43,ed,04,81,39,df,4c,0d,b0,38,34,9a,85,
    f1,ad,a4,17,a6,76,aa,18,8c,73,f1,58,ad,64,0c,51,f6,0b,17,79,65,c6,db,0d,1e,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(880)
    c:\windows\system32\Ati2evxx.dll
    .
    Heure de fin: 2009-01-10 17:30:07
    ComboFix-quarantined-files.txt 2009-01-10 16:30:04

    Avant-CF: 29 651 673 088 octets libres
    Après-CF: 29,972,561,920 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    309 --- E O F --- 2008-12-18 13:48:37
    a b 8 Sécurité
    11 Janvier 2009 15:27:15

    Reposte un rapport Hijackthis.
    11 Janvier 2009 18:21:42

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:21:16, on 11/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\SFR\Media Center\MediaCenter.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SFR\Media Center\httpd\httpd.exe
    C:\Program Files\SFR\Media Center\httpd\httpd.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\VSO\Image Resizer\Resize.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Nikon\Camera Control Pro 2\NControlPro.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jacques\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: milehighads - {5262860b-be9d-c70d-f1ee-af145c648bbb} - C:\WINDOWS\system32\nsk1E.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'Default user')
    O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CT...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
    O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 12430 bytes
    a b 8 Sécurité
    12 Janvier 2009 17:18:55

    Quels sont tes problèmes maintenant ?
    12 Janvier 2009 18:16:40

    J'ai encore des pages de pub qui s'ouvrent de temps en temps, par contre le PC est plus véloce et la musique ne hachure plus, la souris est fluide.
    MSN se ferme tout seul et une annotation de MSN s'ouvre en bas à droite de l'écran avec un message du style " Msn ne peut pas s'ouvrir car vous êtes déjà connecté....ce qui n'est pas le cas! et bien évidement je suis obligé de le relancer. Au bout d'un certain temps le phénomène se reproduit ... Mais bon pour le reste c'est mieux..Merci ! Y a t-il encore quelque chose à faire?
    a b 8 Sécurité
    12 Janvier 2009 18:38:51

    Je pense pas que cela soit lié à une infection.

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    14 Janvier 2009 10:06:12

    J'ai fais un scan avec Kaspersky..trouvé 6 infections ... Impossible de d'enregistré le rapport ?? (Prob avec kaspersky? je ne sais pas !) j'efface et je recommence je refai une tentatve ce matin ...sachant que le scan dure des plombes...GROS DD 1.4 To
    14 Janvier 2009 13:41:54

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Wednesday, January 14, 2009 1:40:04 PM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.84.2
    Dernière mise à jour de la base antivirus Kaspersky : 14/01/2009
    Enregistrements dans la base antivirus Kaspersky : 1452140
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\
    L:\
    R:\

    Statistiques de l'analyse:
    Total d'objets analysés: 235293
    Nombre de virus trouvés: 1
    Nombre d'objets infectés: 49 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 02:44:08

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Documents and Settings\All Users\Application Data\CyberLink\BDNAV\BRF.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\DRM\drmstore.hds L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Messenger\ContactsLog.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{25bb2f8c-9310-4d37-9089-9b1bc3c4fbb8}\DBStore\contacts.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{25bb2f8c-9310-4d37-9089-9b1bc3c4fbb8}\DBStore\LogFiles\edb.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{25bb2f8c-9310-4d37-9089-9b1bc3c4fbb8}\DBStore\tempedb.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{a8a639f1-324f-4d1e-b2c4-c7c4754ff48d}\DBStore\contacts.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{a8a639f1-324f-4d1e-b2c4-c7c4754ff48d}\DBStore\LogFiles\edb.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{a8a639f1-324f-4d1e-b2c4-c7c4754ff48d}\DBStore\LogFiles\edbtmp.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{a8a639f1-324f-4d1e-b2c4-c7c4754ff48d}\DBStore\tempedb.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Neuf\Media Center\access.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Application Data\Neuf\Media Center\error.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Historique\History.IE5\MSHist012009011420090115\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\temp\~DFF0BC.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\ntuser.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Jacques\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Program Files\G DATA\TotalCare\Firewall\GdFwSvc.dat L'objet est verrouillé ignoré
    C:\Program Files\G DATA\TotalCare\Firewall\LiveStrm.dat L'objet est verrouillé ignoré
    C:\Program Files\G DATA\TotalCare\Firewall\Modules.dat L'objet est verrouillé ignoré
    C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt L'objet est verrouillé ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe Rsrc-Package: infecté - 6 ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe Rsrc-Package: infecté - 6 ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe Rsrc-Package: infecté - 6 ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe Rsrc-Package: infecté - 6 ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe Rsrc-Package: infecté - 6 ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe Rsrc-Package: infecté - 6 ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe Rsrc-Package: infecté - 6 ignoré
    C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP239\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\fidbox.dat L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\fidbox.idx L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\fidbox2.dat L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\fidbox2.idx L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\Perflib_Perfdata_4ec.dat L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\tmp00000241\tmp00000000 L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
    D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d2c538efe92ae7beda8bd254b09dfb8e_1d5628a0-efd1-4f60-b409-452fd67e3908 L'objet est verrouillé ignoré
    D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_1d5628a0-efd1-4f60-b409-452fd67e3908 L'objet est verrouillé ignoré
    D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    D:\Windows\CSC\v2.0.6\pq L'objet est verrouillé ignoré
    D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl L'objet est verrouillé ignoré
    D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl L'objet est verrouillé ignoré
    D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl L'objet est verrouillé ignoré
    D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl L'objet est verrouillé ignoré
    E:\52f07297c4e25054ab3454\update\update.exe L'objet est verrouillé ignoré
    E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
    E:\d5c09c7537c90a61c21b1e25a86a\update\update.exe L'objet est verrouillé ignoré
    E:\f34bb2532dc3a950af1e9abb\update\update.exe L'objet est verrouillé ignoré
    E:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    E:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP239\change.log L'objet est verrouillé ignoré

    Analyse terminée.
    a b 8 Sécurité
    14 Janvier 2009 16:58:24

    Il te suffit de désactiver puis réactiver la restauration du système :) 
    15 Janvier 2009 12:58:40

    j'avoue ne pas bien saisir le but de cette manoeuvre, et si je dois la faire avant de refaire un scan...ou là maintenant après le scan de Kaspersky? pardon de mon ignorance.
    a b 8 Sécurité
    15 Janvier 2009 17:16:59

    On a ainsi vider la restauration du système qui avait des points de restauration infectés.
    16 Janvier 2009 15:54:21

    Ok c'est noté.....
    pour l'heure le PC semble tourner correctement mis à part ce message qui arrive de temps en temps... "ATTENTION! Si votre ordinateur est infectés vous pouvez souffrir de la perte de donéees, du fonctionnement instable....Antivirus 2009 va effectuer un balayage rapide et 100% gratuit....voulez vous ..etc...

    18 Janvier 2009 12:05:08

    re-
    ben finalment mon prob est tjs présent... je pensai être sorti d'affaire, mais non!
    Tjs des pubs et hier, encore une foi ma souris hachurait et impossible d'écouter de la musique via :Winamp ou Vlc...
    Après un reboot tout de nouveau OK ! Mis à par les pubs qui arrivent de tps en tps
    Ce n'est peut-être pas une infection car du coté de mon Antivirus rien à signalé, ni par spyboot - ad-aware ou Malwarebyte.
    Je vais certainement reformater...mais cela ne m'enchante pas!
    a b 8 Sécurité
    18 Janvier 2009 13:35:11

    Reposte un rapport Hijackthis pour voir.
    19 Janvier 2009 10:21:56

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:20:33, on 19/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\SFR\Media Center\MediaCenter.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\SFR\Media Center\httpd\httpd.exe
    C:\Program Files\SFR\Media Center\httpd\httpd.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTCJE.EXE
    C:\Program Files\Foxmail\Foxmail.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jacques\Mes documents\TELECHARGEMENT\hitjackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: milehighads - {5262860b-be9d-c70d-f1ee-af145c648bbb} - C:\WINDOWS\system32\nsk1E.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'Default user')
    O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CT...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
    O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
    O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
    O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 12644 bytes
    19 Janvier 2009 10:26:33

    une info si cela peut aider .La page de pub qui vient de s'ouvrit à l'instant sur mon bureau est :" Contextual ads by Milehighads"
    a b 8 Sécurité
    19 Janvier 2009 22:05:21

    J'ai le problème en visu' on va attaquer.

    Télécharge Random's System Information Tool (RSIT) par (random/random[/#f]) et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt [#ff0000](affiché)

  • ainsi que de info.txt (réduit dans la Barre des Tâches).
  • Veille bien à poster l'intégralité des rapports. Vérifie qu'ils soient complets une fois que tu les as postés.

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    20 Janvier 2009 09:22:25

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Jacques at 2009-01-20 09:20:20
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 28 GB (31%) free of 90 GB
    Total RAM: 3326 MB (72% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:21:05, on 20/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\SFR\Media Center\MediaCenter.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\SFR\Media Center\httpd\httpd.exe
    C:\Program Files\SFR\Media Center\httpd\httpd.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Foxmail\Foxmail.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\Documents and Settings\Jacques\Bureau\RSIT.exe
    C:\Documents and Settings\Jacques\Mes documents\TELECHARGEMENT\hitjackThis\Jacques.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: milehighads - {5262860b-be9d-c70d-f1ee-af145c648bbb} - C:\WINDOWS\system32\nsk1E.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'Default user')
    O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CT...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
    O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
    O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
    O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 12695 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Maintenance en 1 clic.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
    G DATA WebFilter - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll [2008-09-08 656968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}]
    milehighads - C:\WINDOWS\system32\nsk1E.dll [2009-01-05 681472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
    {0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll [2008-09-08 656968]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
    "PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
    "BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe []
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-04-01 36352]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "GDFirewallTray"=C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe [2008-09-09 1037992]
    "G DATA AntiVirus Trayapplication"=C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe [2008-11-24 958024]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "Adobe Photo Downloader"=C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "Gadwin PrintScreen"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2007-08-20 495616]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312]
    "Neuf Media Center"=C:\Program Files\SFR\Media Center\MediaCenter.exe [2008-10-10 726336]
    "Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
    "Uniblue Registry Booster"=C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe [2006-09-28 1396736]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
    C:\Documents and Settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe [2008-04-11 347648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]

    C:\Documents and Settings\Jacques\Menu Démarrer\Programmes\Démarrage
    Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
    "C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
    "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
    "C:\Program Files\SFR\Media Center\httpd\httpd.exe"="C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
    shell\AutoRun\command - J:\Launch.exe


    ======List of files/folders created in the last 1 months======

    2009-01-20 09:20:20 ----D---- C:\rsit
    2009-01-19 22:22:29 ----A---- C:\WINDOWS\oodcnt.INI
    2009-01-19 18:02:04 ----D---- C:\WINDOWS\system32\oodag
    2009-01-19 17:19:07 ----D---- C:\Program Files\OO Software
    2009-01-19 10:40:33 ----D---- C:\Program Files\Defraggler
    2009-01-18 12:29:37 ----D---- C:\Program Files\Dfx
    2009-01-18 12:29:35 ----A---- C:\WINDOWS\system32\dfxg11.dll
    2009-01-18 12:25:19 ----D---- C:\Program Files\Uniblue
    2009-01-15 09:40:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-14 11:22:19 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2009-01-14 09:54:19 ----D---- C:\WINDOWS\system32\Kaspersky Lab
    2009-01-14 09:50:26 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
    2009-01-14 09:50:26 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
    2009-01-14 09:50:25 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
    2009-01-14 09:50:25 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
    2009-01-14 09:50:25 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
    2009-01-14 09:50:24 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
    2009-01-14 09:50:23 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
    2009-01-14 09:43:28 ----A---- C:\Documents and Settings\All Users\Application Data\xml4B.tmp
    2009-01-14 09:43:27 ----A---- C:\Documents and Settings\All Users\Application Data\xml4A.tmp
    2009-01-14 09:43:27 ----A---- C:\Documents and Settings\All Users\Application Data\xml49.tmp
    2009-01-14 09:43:23 ----A---- C:\Documents and Settings\All Users\Application Data\xml42.tmp
    2009-01-14 09:43:03 ----D---- C:\Program Files\SiSoftware
    2009-01-12 09:39:50 ----D---- C:\Documents and Settings\All Users\Application Data\Vocal Transformer
    2009-01-11 15:05:05 ----D---- C:\Documents and Settings\All Users\Application Data\Documentation
    2009-01-11 13:56:34 ----A---- C:\WINDOWS\ViewNX.INI
    2009-01-11 13:32:06 ----D---- C:\Documents and Settings\All Users\Application Data\Database
    2009-01-11 13:27:17 ----D---- C:\Program Files\Fichiers communs\muvee Technologies
    2009-01-11 13:27:13 ----D---- C:\Documents and Settings\All Users\Application Data\Nikon
    2009-01-11 13:26:41 ----D---- C:\Documents and Settings\All Users\Application Data\Commands
    2009-01-11 13:10:53 ----D---- C:\Program Files\Nikon
    2009-01-11 11:01:12 ----A---- C:\WINDOWS\system32\ptpusb.dll
    2009-01-11 11:01:11 ----A---- C:\WINDOWS\system32\ptpusd.dll
    2009-01-10 19:02:44 ----D---- C:\Documents and Settings\Jacques\Application Data\Babylon
    2009-01-10 18:03:55 ----SHD---- C:\RECYCLER
    2009-01-10 17:37:30 ----A---- C:\ComboFix.txt
    2009-01-10 17:25:04 ----A---- C:\Boot.bak
    2009-01-10 17:24:56 ----RASHD---- C:\cmdcons
    2009-01-10 17:22:51 ----A---- C:\WINDOWS\zip.exe
    2009-01-10 17:22:51 ----A---- C:\WINDOWS\VFIND.exe
    2009-01-10 17:22:51 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-01-10 17:22:51 ----A---- C:\WINDOWS\SWSC.exe
    2009-01-10 17:22:51 ----A---- C:\WINDOWS\SWREG.exe
    2009-01-10 17:22:51 ----A---- C:\WINDOWS\sed.exe
    2009-01-10 17:22:51 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-01-10 17:22:51 ----A---- C:\WINDOWS\grep.exe
    2009-01-10 17:22:51 ----A---- C:\WINDOWS\fdsv.exe
    2009-01-10 17:22:45 ----D---- C:\WINDOWS\ERDNT
    2009-01-10 17:22:45 ----D---- C:\Qoobox
    2009-01-07 16:37:54 ----D---- C:\Documents and Settings\Jacques\Application Data\Malwarebytes
    2009-01-07 16:37:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-01-07 16:37:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-01-07 09:42:17 ----A---- C:\WINDOWS\system32\uxtuneup.dll
    2009-01-07 09:42:16 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
    2009-01-07 09:42:12 ----D---- C:\Documents and Settings\Jacques\Application Data\TuneUp Software
    2009-01-07 09:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2009-01-07 09:41:48 ----D---- C:\Program Files\TuneUp Utilities 2008
    2009-01-07 09:30:16 ----D---- C:\Program Files\AxBx
    2009-01-05 20:02:34 ----A---- C:\WINDOWS\system32\nsk1E.dll
    2009-01-04 09:52:26 ----D---- C:\Documents and Settings\Jacques\Application Data\JAM Software
    2009-01-04 09:52:23 ----D---- C:\Program Files\JAM Software
    2009-01-03 10:15:31 ----A---- C:\WINDOWS\system32\pujaruyrydgs.dll-uninst.exe
    2009-01-03 10:15:28 ----A---- C:\WINDOWS\system32\cont_milehighads-remove.exe
    2009-01-03 10:15:27 ----A---- C:\WINDOWS\system32\rmnajrfcoebsfdb.exe
    2009-01-02 13:46:29 ----D---- C:\Documents and Settings\Jacques\Application Data\PixVue
    2009-01-02 08:28:12 ----N---- C:\WINDOWS\system32\pxinsi64.exe
    2009-01-02 08:28:12 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
    2008-12-28 14:29:27 ----N---- C:\WINDOWS\system32\spmsg.dll
    2008-12-28 09:08:12 ----D---- C:\Documents and Settings\Jacques\Application Data\Mozilla
    2008-12-28 09:07:59 ----D---- C:\Program Files\Mozilla Firefox
    2008-12-28 08:41:24 ----D---- C:\Documents and Settings\Jacques\Application Data\Windows Live Writer
    2008-12-27 19:31:31 ----D---- C:\Documents and Settings\Jacques\Application Data\ACD Systems
    2008-12-27 19:28:15 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
    2008-12-27 19:28:06 ----D---- C:\Program Files\Fichiers communs\ACD Systems
    2008-12-27 19:28:06 ----D---- C:\Program Files\ACD Systems
    2008-12-27 16:55:57 ----D---- C:\Program Files\Incomplete
    2008-12-27 16:03:19 ----SHD---- C:\#GDATA.Trash.Store#
    2008-12-27 16:03:02 ----D---- C:\Program Files\G DATA
    2008-12-27 16:03:02 ----D---- C:\Program Files\Fichiers communs\G DATA
    2008-12-27 16:03:02 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA

    ======List of files/folders modified in the last 1 months======

    2009-01-20 09:20:59 ----D---- C:\WINDOWS\Prefetch
    2009-01-20 09:19:39 ----D---- C:\WINDOWS\Temp
    2009-01-20 08:12:42 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-01-20 08:11:59 ----D---- C:\WINDOWS\system32
    2009-01-19 22:22:54 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-19 22:22:29 ----D---- C:\WINDOWS
    2009-01-19 17:25:56 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-01-19 17:19:15 ----SHD---- C:\WINDOWS\Installer
    2009-01-19 17:19:09 ----D---- C:\Config.Msi
    2009-01-19 17:19:07 ----RD---- C:\Program Files
    2009-01-19 17:19:07 ----D---- C:\WINDOWS\system32\drivers
    2009-01-19 17:19:07 ----D---- C:\WINDOWS\Help
    2009-01-18 12:44:21 ----SD---- C:\Documents and Settings\Jacques\Application Data\Microsoft
    2009-01-18 12:29:35 ----D---- C:\Program Files\Winamp
    2009-01-18 12:25:23 ----D---- C:\Documents and Settings\Jacques\Application Data\Uniblue
    2009-01-18 11:46:21 ----D---- C:\Program Files\Bonjour
    2009-01-17 11:04:36 ----D---- C:\Program Files\eMule
    2009-01-16 20:16:00 ----HD---- C:\WINDOWS\inf
    2009-01-16 18:47:32 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-01-15 19:52:18 ----SHD---- C:\System Volume Information
    2009-01-15 19:52:18 ----D---- C:\WINDOWS\system32\Restore
    2009-01-15 09:41:09 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-01-15 09:40:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-01-15 09:40:28 ----HD---- C:\WINDOWS\$hf_mig$
    2009-01-14 09:54:21 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-01-14 09:50:28 ----D---- C:\WINDOWS\system32\DirectX
    2009-01-12 09:37:58 ----D---- C:\Documents and Settings\Jacques\Application Data\Nikon
    2009-01-12 09:33:00 ----D---- C:\Program Files\Fichiers communs\Nikon
    2009-01-12 09:32:12 ----D---- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    2009-01-12 09:32:12 ----D---- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    2009-01-11 13:27:17 ----D---- C:\Program Files\Fichiers communs
    2009-01-11 13:11:04 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-01-11 10:30:10 ----D---- C:\Documents and Settings\Jacques\Application Data\Vso
    2009-01-10 17:36:00 ----A---- C:\WINDOWS\system.ini
    2009-01-10 17:35:25 ----D---- C:\WINDOWS\AppPatch
    2009-01-10 17:25:04 ----RASH---- C:\boot.ini
    2009-01-10 02:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-01-07 09:42:23 ----SD---- C:\WINDOWS\Tasks
    2009-01-07 09:41:06 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2009-01-02 18:19:42 ----D---- C:\Program Files\Adobe
    2009-01-02 17:26:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-01-02 17:25:56 ----D---- C:\Program Files\Fichiers communs\Apple
    2009-01-02 11:15:45 ----D---- C:\Documents and Settings\Jacques\Application Data\Adobe
    2008-12-29 17:17:27 ----D---- C:\Program Files\LimeWire
    2008-12-29 09:50:37 ----D---- C:\Documents and Settings\Jacques\Application Data\LimeWire
    2008-12-29 08:47:20 ----D---- C:\WINDOWS\Minidump
    2008-12-29 08:47:13 ----D---- C:\Program Files\WinRAR
    2008-12-29 08:47:13 ----D---- C:\Documents and Settings\Jacques\Application Data\uTorrent
    2008-12-29 08:47:05 ----D---- C:\WINDOWS\Downloaded Installations
    2008-12-28 17:59:46 ----D---- C:\Documents and Settings\Jacques\Application Data\Google
    2008-12-28 17:58:55 ----D---- C:\Program Files\Google
    2008-12-28 14:31:14 ----D---- C:\WINDOWS\system32\CatRoot
    2008-12-28 14:29:07 ----D---- C:\Program Files\Windows Media Player
    2008-12-28 10:19:07 ----D---- C:\Program Files\NetMeeting
    2008-12-28 09:35:43 ----D---- C:\Program Files\Fichiers communs\Adobe
    2008-12-27 16:35:17 ----D---- C:\Documents and Settings\Jacques\Application Data\vlc
    2008-12-27 16:28:42 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 GRD;G DATA Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-07 278984]
    R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-10-07 25416]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
    R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-06 47360]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-08 14604]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
    S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
    S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
    S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
    S3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys []
    S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys []
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-11 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
    S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 P1370Aud;Creative WebCam Audio Control; \??\C:\WINDOWS\system32\Drivers\P1370Aud.sys []
    S3 P1370Aul;PD1370 Lower Filter Driver; \??\C:\WINDOWS\system32\Drivers\P1370Aul.sys []
    S3 P1370VID;Live! Cam Voice; C:\WINDOWS\system32\DRIVERS\P1370Vid.sys [2006-04-10 179328]
    S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys []
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
    S3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
    S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
    S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-04 611664]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-21 573440]
    R2 AVKProxy;G DATA AntiVirus Proxy; C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-11-24 1016904]
    R2 AVKService;Planificateur G DATA; C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
    R2 AVKWCtl;Gardien d'AntiVirus; C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-09-08 1185496]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
    R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
    R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2004-05-17 184320]
    R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
    R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    R3 GDFwSvc;Pare-feu personnel G DATA; C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-10-30 1407976]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
    S2 AVP;Kaspersky Anti-Virus 6.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r []
    S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-01 654848]
    S3 G DATA Tuner Service;G DATA Tuner Service; C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe []
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2008-12-11 98488]
    S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA; C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-10-28 880200]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-01-07 355584]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

    -----------------EOF-----------------
    20 Janvier 2009 09:22:46

    info.txt logfile of random's system information tool 1.05 2009-01-20 09:21:09

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x40c
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2d3 SteadyMove for Adobe Premiere Pro-->MsiExec.exe /I{94118D5F-2D5D-4BF5-9F84-11FB8A97B566}
    ACDSee Pro 2-->MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
    Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
    Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
    Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
    Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
    Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
    Adobe Fireworks CS3-->MsiExec.exe /I{21C4D775-368A-46C4-8DC3-4207165B7115}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
    Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
    Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    Adobe Setup-->MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}
    Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
    Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
    Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
    Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
    Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
    AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
    Ajouter ou supprimer Adobe Creative Suite 3 Master Collection-->C:\Program Files\Fichiers communs\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
    Camera Control Pro 2-->MsiExec.exe /X{FE96C49B-DB90-405E-A00E-09E38372F880}
    Camera Control Pro-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C2CD0BD-A92E-499A-862A-60900946739B}\Setup.exe" -l0x40c -removeonly
    Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x40c UNINST
    Capture NX-->C:\Program Files\Nikon\Capture NX\uninstall.exe
    Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Clean Virus MSN-->"C:\Program Files\AxBx\Clean Virus MSN\unins000.exe"
    Contextual Tool Milehighads-->C:\WINDOWS\system32\cont_milehighads-remove.exe
    ConvertXtoDVD 3.2.1.55b-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Creative Live! Cam Voice Driver (1.01.02.0410)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script PD1370.uns -unsext NT -plugin P1370Pin.dll -pluginres CtCamPin.crl
    Creative Photo Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c /remove
    Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
    Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
    Creative WebCam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x40c /remove
    CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
    CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
    Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
    DFX for Winamp-->"C:\Program Files\Winamp\uninstall_dfx.exe"
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
    EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x40c UNINST
    EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
    EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Print CD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x40c -SYSTEM
    EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Stylus Photo RX685_690 Manuel-->C:\Program Files\EPSON\TPMANUAL\ESPRX685_690\FRA\USE_G\DOCUNINS.EXE
    ffdshow [rev 497] [2006-11-04]-->"C:\Program Files\ffdshow\unins000.exe"
    forteManager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}\setup.exe" -l0x40c -removeonly
    Foxmail 5.0 Fr.-->"C:\Program Files\Foxmail\unins000.exe"
    G DATA TotalCare-->MsiExec.exe /I{9CBC3C1F-310E-4C4F-89E2-1B8D6C902BF2}
    Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
    Galerie de photos Windows Live-->MsiExec.exe /X{43563ACB-371B-4C58-8979-B192B390424C}
    Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x40c -removeonly
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Documents and Settings\Jacques\Mes documents\TELECHARGEMENT\hitjackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Le pic rouge-->"C:\Program Files\Anuman interactive\Le pic rouge\unins000.exe"
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Lightroom-->MsiExec.exe /I{D4134B0B-EA9B-4835-A77A-60BEE6277101}
    LimeWire PRO 4.14.8-->"C:\Program Files\LimeWire\uninstall.exe"
    Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    MFC80-->MsiExec.exe /I{818CBFBE-F23E-45E3-B67B-55FBCF945F37}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
    Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
    Nero 8-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891036}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Nikon Message Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL
    Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
    O&O Defrag Professional Edition-->MsiExec.exe /I{53480520-7555-470E-8C69-750B0472B4BB}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x040c -removeonly
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly
    RON Tool Milehighads-->C:\WINDOWS\system32\rmnajrfcoebsfdb.exe
    Search Assistant Mysidesearch-->C:\WINDOWS\system32\pujaruyrydgs.dll-uninst.exe
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
    SFR - Media Center-->C:\Program Files\SFR\Media Center\uninstall.exe
    SiSoftware Sandra Lite 2009.SP2-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\unins000.exe"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    TreeSize Free V2.2.1-->"C:\Program Files\JAM Software\TreeSize Free\unins000.exe"
    TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
    Uniblue Registry Booster-->"C:\Program Files\Uniblue\Registry Booster\unins000.exe"
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
    Utilitaire Effets vidéos avancés-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x40c /remove
    VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
    ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
    VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    VSO Image Resizer 2.0.2-->"C:\Program Files\VSO\Image Resizer\unins000.exe"
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
    Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
    Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
    Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
    Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

    ======Hosts File======

    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com

    ======Security center information======

    AV: G DATA TotalCare 2009
    FW: Pare-feu personnel G DATA

    System event log

    Computer Name: JACK
    Event Code: 15
    Message: Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.

    Record Number: 85041
    Source Name: Cdrom
    Time Written: 20090117094513.000000+060
    Event Type: erreur
    User:

    Computer Name: JACK
    Event Code: 15
    Message: Le périphérique \Device\CdRom1 n'est pas encore prêt à être accédé.

    Record Number: 85040
    Source Name: Cdrom
    Time Written: 20090117094512.000000+060
    Event Type: erreur
    User:

    Computer Name: JACK
    Event Code: 15
    Message: Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.

    Record Number: 85039
    Source Name: Cdrom
    Time Written: 20090117094512.000000+060
    Event Type: erreur
    User:

    Computer Name: JACK
    Event Code: 15
    Message: Le périphérique \Device\CdRom1 n'est pas encore prêt à être accédé.

    Record Number: 85038
    Source Name: Cdrom
    Time Written: 20090117094511.000000+060
    Event Type: erreur
    User:

    Computer Name: JACK
    Event Code: 15
    Message: Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.

    Record Number: 85037
    Source Name: Cdrom
    Time Written: 20090117094511.000000+060
    Event Type: erreur
    User:

    Application event log

    Computer Name: JACK
    Event Code: 1
    Message:
    Record Number: 2113
    Source Name: Bonjour Service
    Time Written: 20081107134439.000000+060
    Event Type: Informations
    User:

    Computer Name: JACK
    Event Code: 105
    Message: The service was started.

    Record Number: 2112
    Source Name: ATI Smart
    Time Written: 20081107134437.000000+060
    Event Type: Informations
    User:

    Computer Name: JACK
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 2111
    Source Name: SecurityCenter
    Time Written: 20081107091404.000000+060
    Event Type: Informations
    User:

    Computer Name: JACK
    Event Code: 0
    Message:
    Record Number: 2110
    Source Name: RichVideo
    Time Written: 20081107091404.000000+060
    Event Type: Informations
    User:

    Computer Name: JACK
    Event Code: 105
    Message: The service was started.

    Record Number: 2109
    Source Name: PLFlash DeviceIoControl Service
    Time Written: 20081107091403.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=1707
    "NUMBER_OF_PROCESSORS"=4
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2

    -----------------EOF-----------------
    a b 8 Sécurité
    20 Janvier 2009 13:17:22

    Re,

    Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    :files
    C:\WINDOWS\system32\nsk1E.dll

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}]


    Double clique sur OTMoveIt3.exe afin de le lancer.
    Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    20 Janvier 2009 16:20:40

    Error: Unable to interpret <files > in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\nsk1E.dll > in the current context!
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}\\ deleted successfully.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_161855
    20 Janvier 2009 16:24:32

    J'ai pas l'impression que cela à fonctionné??? mais bon ... je refais une tentative
    20 Janvier 2009 16:25:17

    là c'est pas prareil.... c'est p'tet mieux non?
    ========== FILES ==========
    C:\WINDOWS\system32\nsk1E.dll unregistered successfully.
    C:\WINDOWS\system32\nsk1E.dll moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}\\ not found.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_162336
    20 Janvier 2009 16:27:04

    Euh ,
    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    20 Janvier 2009 16:33:14

    Euh....! ben c'est ce que j'ai fais 2 x ???
    je recommence donc le
    1erError: Unable to interpret <files > in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\nsk1E.dll > in the current context!
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}\\ deleted successfully.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_161855

    le 2ème
    ========== FILES ==========
    C:\WINDOWS\system32\nsk1E.dll unregistered successfully.
    C:\WINDOWS\system32\nsk1E.dll moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}\\ not found.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_162336



    a b 8 Sécurité
    20 Janvier 2009 20:42:51

    Tu peux patienter aussi ?
    Reposte un rapport Hijackthis.
    21 Janvier 2009 09:44:17

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:44:00, on 21/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\SFR\Media Center\MediaCenter.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SFR\Media Center\httpd\httpd.exe
    C:\Program Files\SFR\Media Center\httpd\httpd.exe
    C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Jacques\Mes documents\TELECHARGEMENT\hitjackThis\Jacques.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'Default user')
    O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CT...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
    O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
    O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
    O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 12485 bytes
    a b 8 Sécurité
    21 Janvier 2009 17:16:39

    Refais un scan Combofix stp. C'est mieux déjà nan ?
    21 Janvier 2009 17:33:57

    Oui en effet j'ai l'impression que cela va mieux...curieux de voir si des pages dde pub vont encore s'ouvrir...
    voici le dernier rapport....


    ComboFix 09-01-20.05 - Jacques 2009-01-21 17:24:51.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3326.2308 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Jacques\Mes documents\TELECHARGEMENT\ComboFix\ComboFix.exe
    AV: G DATA TotalCare 2009 *On-access scanning disabled* (Updated)
    FW: Pare-feu personnel G DATA *disabled*
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-21 au 2009-01-21 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-20 16:18 . 2009-01-20 16:18 <REP> d-------- C:\_OTMoveIt
    2009-01-20 13:22 . 2009-01-20 13:22 <REP> d-------- c:\documents and settings\All Users\Application Data\IM
    2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\program files\IncrediMail
    2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
    2009-01-20 09:20 . 2009-01-20 09:21 <REP> d-------- C:\rsit
    2009-01-20 08:11 . 2009-01-21 15:30 873 --a------ c:\windows\system32\OODBS.lor
    2009-01-19 22:22 . 2009-01-19 22:22 109 --a------ c:\windows\oodcnt.INI
    2009-01-19 18:02 . 2009-01-19 18:02 <REP> d-------- c:\windows\system32\oodag
    2009-01-19 17:19 . 2009-01-19 17:19 <REP> d-------- c:\program files\OO Software
    2009-01-19 10:40 . 2009-01-19 10:40 <REP> d-------- c:\program files\Defraggler
    2009-01-18 12:29 . 2009-01-18 12:29 <REP> d-------- c:\program files\Dfx
    2009-01-18 12:29 . 2009-01-18 12:29 274,432 --a------ c:\windows\system32\dfxg11.dll
    2009-01-18 12:25 . 2009-01-18 12:25 <REP> d-------- c:\program files\Uniblue
    2009-01-14 11:22 . 2009-01-14 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
    2009-01-14 09:54 . 2009-01-14 09:54 <REP> d-------- c:\windows\system32\Kaspersky Lab
    2009-01-14 09:50 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
    2009-01-14 09:50 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
    2009-01-14 09:50 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
    2009-01-14 09:50 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
    2009-01-14 09:50 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
    2009-01-14 09:50 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
    2009-01-14 09:50 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
    2009-01-14 09:43 . 2009-01-14 09:43 <REP> d-------- c:\program files\SiSoftware
    2009-01-12 09:39 . 2009-01-12 09:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Vocal Transformer
    2009-01-12 09:32 . 2009-01-13 11:39 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
    2009-01-11 15:05 . 2009-01-11 15:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Documentation
    2009-01-11 15:01 . 2009-01-20 10:45 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdy.DAT
    2009-01-11 13:56 . 2009-01-11 13:56 0 --a------ c:\windows\ViewNX.INI
    2009-01-11 13:32 . 2009-01-11 13:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Database
    2009-01-11 13:32 . 2009-01-11 18:37 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
    2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
    2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Nikon
    2009-01-11 13:26 . 2009-01-11 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Commands
    2009-01-11 13:26 . 2009-01-11 13:53 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
    2009-01-11 13:10 . 2009-01-12 09:32 <REP> d-------- c:\program files\Nikon
    2009-01-11 13:10 . 2009-01-20 10:43 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLeh.DAT
    2009-01-11 11:01 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
    2009-01-11 11:01 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
    2009-01-10 19:02 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\Jacques\Application Data\Babylon
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\Jacques\Application Data\Malwarebytes
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-07 16:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-07 16:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-07 09:42 . 2009-01-07 09:42 <REP> d-------- c:\documents and settings\Jacques\Application Data\TuneUp Software
    2009-01-07 09:42 . 2009-01-07 09:42 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
    2009-01-07 09:42 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
    2009-01-07 09:41 . 2009-01-07 09:45 <REP> d-------- c:\program files\TuneUp Utilities 2008
    2009-01-07 09:41 . 2009-01-07 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-01-07 09:30 . 2009-01-07 09:30 <REP> d-------- c:\program files\AxBx
    2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\program files\JAM Software
    2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\documents and settings\Jacques\Application Data\JAM Software
    2009-01-03 12:34 . 2009-01-18 10:04 156 --a------ c:\windows\Twunk001.MTX
    2009-01-03 12:34 . 2009-01-18 10:04 5 --a------ c:\windows\Twain001.Mtx
    2009-01-03 12:34 . 2009-01-03 12:34 0 --a------ c:\windows\Twunk002.MTX
    2009-01-03 10:15 . 2009-01-09 15:31 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe
    2009-01-03 10:15 . 2009-01-03 10:15 68,513 --a------ c:\windows\system32\pujaruyrydgs.dll-uninst.exe
    2009-01-03 10:15 . 2009-01-03 10:15 47,576 --a------ c:\windows\system32\rmnajrfcoebsfdb.exe
    2009-01-02 13:46 . 2009-01-02 17:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\PixVue
    2009-01-02 08:28 . 2008-04-01 13:23 118,520 --------- c:\windows\system32\pxinsi64.exe
    2009-01-02 08:28 . 2008-04-01 13:23 118,056 --------- c:\windows\system32\pxcpyi64.exe
    2008-12-28 09:08 . 2008-12-28 09:08 0 --a------ c:\windows\nsreg.dat
    2008-12-28 08:41 . 2008-12-28 08:41 <REP> d-------- c:\documents and settings\Jacques\Application Data\Windows Live Writer
    2008-12-27 19:31 . 2008-12-27 19:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\Fichiers communs\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
    2008-12-27 16:55 . 2009-01-17 09:28 <REP> d-------- c:\program files\Incomplete
    2008-12-27 16:32 . 2008-12-27 16:32 68,424 --a------ c:\windows\system32\drivers\GRD.sys
    2008-12-27 16:30 . 2009-01-21 17:27 121,845,792 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2008-12-27 16:30 . 2009-01-21 17:27 1,577,504 --ahs---- c:\windows\system32\drivers\fidbox2.dat
    2008-12-27 16:30 . 2009-01-21 10:38 1,437,332 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2008-12-27 16:30 . 2009-01-21 10:38 155,000 --ahs---- c:\windows\system32\drivers\fidbox2.idx
    2008-12-27 16:04 . 2008-12-27 16:25 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys
    2008-12-27 16:04 . 2008-12-27 16:25 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
    2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\G DATA
    2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\Fichiers communs\G DATA
    2008-12-27 16:03 . 2008-12-27 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
    2008-12-27 16:03 . 2008-12-29 08:48 <REP> d--hs---- C:\#GDATA.Trash.Store#
    2008-12-27 16:03 . 2008-12-27 16:31 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
    2008-12-27 16:03 . 2008-12-27 16:03 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-20 15:14 --------- d-----w c:\program files\eMule
    2009-01-18 11:29 --------- d-----w c:\program files\Winamp
    2009-01-18 11:25 --------- d-----w c:\documents and settings\Jacques\Application Data\Uniblue
    2009-01-18 10:46 --------- d-----w c:\program files\Bonjour
    2009-01-15 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-12 08:37 --------- d-----w c:\documents and settings\Jacques\Application Data\Nikon
    2009-01-12 08:33 --------- d-----w c:\program files\Fichiers communs\Nikon
    2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
    2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
    2009-01-11 12:11 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-11 09:30 --------- d-----w c:\documents and settings\Jacques\Application Data\Vso
    2009-01-07 08:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2009-01-02 16:25 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-12-29 16:17 --------- d-----w c:\program files\LimeWire
    2008-12-29 08:50 --------- d-----w c:\documents and settings\Jacques\Application Data\LimeWire
    2008-12-29 07:47 --------- d-----w c:\documents and settings\Jacques\Application Data\uTorrent
    2008-12-28 16:58 --------- d-----w c:\program files\Google
    2008-12-28 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-12-27 15:35 --------- d-----w c:\documents and settings\Jacques\Application Data\vlc
    2008-12-27 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2008-12-19 15:34 --------- d-----w c:\program files\Xvid
    2008-12-18 09:02 --------- d-----w c:\documents and settings\Jacques\Application Data\muvee Technologies
    2008-12-18 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
    2008-12-18 08:39 --------- d-----w c:\program files\iTunes
    2008-12-18 08:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-18 08:38 --------- d-----w c:\program files\QuickTime
    2008-12-18 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2008-12-18 08:30 --------- d-----w c:\program files\Creative
    2008-12-18 08:21 --------- d-----w c:\documents and settings\Jacques\Application Data\Creative
    2008-12-18 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
    2008-12-18 07:21 --------- d-----w c:\program files\Windows Live
    2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Silverlight
    2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Office Outlook Connector
    2008-12-18 07:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
    2008-12-18 07:18 --------- d-----w c:\program files\Windows Live SkyDrive
    2008-12-18 07:18 --------- d-----w c:\program files\Microsoft
    2008-12-17 19:10 --------- d-----w c:\documents and settings\Jacques\Application Data\EPSON
    2008-12-17 09:34 --------- d-----w c:\program files\Fichiers communs\Windows Live
    2008-12-15 09:18 --------- d-----w c:\program files\Activision
    2008-12-14 18:56 --------- d-----w c:\program files\SFR
    2008-12-14 09:17 --------- d-----w c:\program files\Java
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-08 20:20 16,608 ----a-w c:\windows\gdrv.sys
    2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
    2008-12-04 20:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll
    2008-12-04 20:42 815,104 ----a-w c:\windows\system32\xvidcore.dll
    2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
    2008-12-01 05:58 --------- d-----w c:\program files\CyberLink
    2008-12-01 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
    2008-11-28 16:13 --------- d-----w c:\documents and settings\Jacques\Application Data\Winamp
    2008-11-28 15:49 --------- d-----w c:\program files\Fichiers communs\CyberLink
    2008-11-28 15:47 29,480 ----a-w c:\windows\system32\msxml3a.dll
    2008-11-26 00:04 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
    2008-11-24 10:52 --------- d-----w c:\program files\Foxmail
    2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-10-24 13:40 22,328 ----a-w c:\documents and settings\Jacques\Application Data\PnkBstrK.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-06 18:24 47,360 ----a-w c:\documents and settings\Jacques\Application Data\pcouffin.sys
    2009-01-05 19:02 652,288 ----a-w c:\program files\mozilla firefox\components\nsmilehighads.dll
    2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092920081006\index.dat
    2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101120081012\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-10_17.28.59,78 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-19 16:19:09 18,646 ----a-r c:\windows\Installer\{53480520-7555-470E-8C69-750B0472B4BB}\ARPPRODUCTICON.exe
    + 2009-01-19 16:19:09 57,344 ----a-r c:\windows\Installer\{53480520-7555-470E-8C69-750B0472B4BB}\NewShortcut3.53480DE0_BEBF_45BA_BF20_24D2DA550CAA.exe
    + 2009-01-19 16:19:09 57,344 ----a-r c:\windows\Installer\{53480520-7555-470E-8C69-750B0472B4BB}\NewShortcut5_1.53480DE0_BEBF_45BA_BF20_24D2DA550CAA.exe
    + 2009-01-11 12:11:10 10,134 ----a-r c:\windows\Installer\{818CBFBE-F23E-45E3-B67B-55FBCF945F37}\ARPPRODUCTICON.exe
    - 2008-12-10 19:45:33 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2009-01-15 08:41:12 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    - 2008-12-10 19:45:33 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2009-01-15 08:41:12 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    - 2008-12-10 19:45:33 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2009-01-15 08:41:12 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    - 2008-12-10 19:45:33 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2009-01-15 08:41:12 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    - 2008-12-10 19:45:34 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    + 2009-01-15 08:41:12 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    - 2008-12-10 19:45:34 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    + 2009-01-15 08:41:12 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-12-10 19:45:33 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    + 2009-01-15 08:41:12 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2008-12-10 19:45:33 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2009-01-15 08:41:12 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    - 2008-12-10 19:45:33 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    + 2009-01-15 08:41:12 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2008-12-10 19:45:34 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    + 2009-01-15 08:41:12 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-12-10 19:45:33 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    + 2009-01-15 08:41:12 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    + 2009-01-11 12:32:24 8,854 ----a-r c:\windows\Installer\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}\New_Shortcut_F007CBCED7144C0B8CE99B0D78116468.exe
    + 2009-01-11 12:32:24 409,600 ----a-r c:\windows\Installer\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}\NewShortcut3_F007CBCED7144C0B8CE99B0D78116468.exe
    + 2009-01-11 12:32:24 409,600 ----a-r c:\windows\Installer\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}\NewShortcut4_F007CBCED7144C0B8CE99B0D78116468.exe
    + 2009-01-11 14:02:06 393,216 ----a-r c:\windows\Installer\{FE96C49B-DB90-405E-A00E-09E38372F880}\ARPPRODUCTICON.exe
    + 2009-01-11 14:02:06 8,854 ----a-r c:\windows\Installer\{FE96C49B-DB90-405E-A00E-09E38372F880}\New_Shortcut_4C2CD0BDA92E499A862A60900946739B.exe
    + 2009-01-11 14:02:06 393,216 ----a-r c:\windows\Installer\{FE96C49B-DB90-405E-A00E-09E38372F880}\NewShortcut1_4C2CD0BDA92E499A862A60900946739B.exe
    + 2009-01-11 14:02:06 393,216 ----a-r c:\windows\Installer\{FE96C49B-DB90-405E-A00E-09E38372F880}\NewShortcut4_FE96C49BDB90405EA00E09E38372F880.exe
    - 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
    + 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
    - 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys
    + 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys
    + 2004-05-17 12:01:46 26,624 ----a-w c:\windows\system32\drivers\oobctm.sys
    + 2005-05-16 18:34:48 213,048 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2008-08-13 14:03:26 65,536 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2008-08-13 14:03:26 798,720 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    + 2003-03-19 12:28:40 2,179,072 ----a-w c:\windows\system32\mfc71d.dll
    + 2006-12-01 23:25:52 1,101,824 ----a-w c:\windows\system32\mfc80.dll
    + 2006-12-01 23:25:56 1,093,120 ----a-w c:\windows\system32\mfc80u.dll
    + 2006-12-01 23:25:58 69,632 ----a-w c:\windows\system32\mfcm80.dll
    + 2006-12-01 23:26:00 57,856 ----a-w c:\windows\system32\mfcm80u.dll
    - 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
    + 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
    + 2006-12-01 21:54:32 479,232 ----a-w c:\windows\system32\msvcm80.dll
    + 2003-03-19 11:04:24 765,952 ----a-w c:\windows\system32\msvcp71d.dll
    + 2006-12-01 21:54:34 548,864 ----a-w c:\windows\system32\msvcp80.dll
    + 2003-03-19 11:03:52 544,768 ----a-w c:\windows\system32\msvcr71d.dll
    + 2006-12-01 21:54:32 626,688 ----a-w c:\windows\system32\msvcr80.dll
    + 2004-05-17 13:57:00 184,320 ----a-w c:\windows\system32\oodag.exe
    + 2004-05-17 13:52:24 11,776 ----a-w c:\windows\system32\oodagmg.dll
    + 2004-05-17 13:54:46 3,584 ----a-w c:\windows\system32\oodagrs.dll
    + 2004-05-17 14:07:04 95,639 ----a-w c:\windows\system32\oodbs.exe
    + 2004-05-17 14:07:16 4,096 ----a-w c:\windows\system32\oodbsrs.dll
    + 2004-05-17 12:02:10 9,216 ----a-w c:\windows\system32\ootmapi.dll
    - 2006-09-25 16:58:48 14,640 ------w c:\windows\system32\spmsg.dll
    + 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
    + 2009-01-21 08:40:06 39,332 ----a-w c:\windows\Temp\cteng_1_1_111232517903.dat
    + 2009-01-21 14:41:02 37,536 ----a-w c:\windows\Temp\cteng_1_1_121232546455.dat
    + 2009-01-19 17:30:22 44,456 ----a-w c:\windows\Temp\cteng_1_1_131232384699.dat
    + 2009-01-20 10:25:02 39,484 ----a-w c:\windows\Temp\cteng_1_1_141232446973.dat
    + 2009-01-21 14:41:02 32,776 ----a-w c:\windows\Temp\cteng_1_1_161232544939.dat
    + 2009-01-20 11:15:51 95,524 ----a-w c:\windows\Temp\cteng_1_1_181232449496.dat
    + 2009-01-19 14:08:52 37,096 ----a-w c:\windows\Temp\cteng_1_1_201232373899.dat
    + 2009-01-21 08:40:06 34,240 ----a-w c:\windows\Temp\cteng_1_1_211232525101.dat
    + 2009-01-11 08:14:16 34,476 ----a-w c:\windows\Temp\cteng_1_1_221231648038.dat
    + 2009-01-21 16:19:14 40,192 ----a-w c:\windows\Temp\cteng_1_1_231232553798.dat
    + 2009-01-21 14:41:02 39,136 ----a-w c:\windows\Temp\cteng_1_1_41232546492.dat
    + 2009-01-21 14:41:02 37,308 ----a-w c:\windows\Temp\cteng_1_1_71232546507.dat
    + 2009-01-20 12:24:50 42,436 ----a-w c:\windows\Temp\cteng_1_1_81232453382.dat
    + 2009-01-19 15:29:40 44,864 ----a-w c:\windows\Temp\cteng_1_1_91232376641.dat
    + 2009-01-21 15:41:04 363,656 ----a-w c:\windows\Temp\cteng_1_2_131232552290.dat
    + 2009-01-20 10:25:02 295,552 ----a-w c:\windows\Temp\cteng_1_2_141232446962.dat
    + 2009-01-18 09:05:52 237,148 ----a-w c:\windows\Temp\cteng_1_2_151232269371.dat
    + 2009-01-20 13:44:44 206,088 ----a-w c:\windows\Temp\cteng_1_2_161232458044.dat
    + 2009-01-21 14:41:03 276,436 ----a-w c:\windows\Temp\cteng_1_2_171232536580.dat
    + 2009-01-18 09:00:47 333,328 ----a-w c:\windows\Temp\cteng_1_2_181232208268.dat
    + 2009-01-18 16:45:55 357,832 ----a-w c:\windows\Temp\cteng_1_2_201232294226.dat
    + 2009-01-21 08:40:08 303,388 ----a-w c:\windows\Temp\cteng_1_2_211232520260.dat
    + 2009-01-18 11:44:19 298,420 ----a-w c:\windows\Temp\cteng_1_2_221232276440.dat
    + 2009-01-21 14:41:03 356,448 ----a-w c:\windows\Temp\cteng_1_2_231232530104.dat
    + 2009-01-19 09:17:40 175,904 ----a-w c:\windows\Temp\cteng_1_2_251232335808.dat
    + 2009-01-21 14:41:04 237,920 ----a-w c:\windows\Temp\cteng_1_2_261232540524.dat
    + 2009-01-19 09:17:40 284,256 ----a-w c:\windows\Temp\cteng_1_2_271232345088.dat
    + 2009-01-21 14:41:04 286,212 ----a-w c:\windows\Temp\cteng_1_2_281232537233.dat
    + 2009-01-21 16:19:14 345,792 ----a-w c:\windows\Temp\cteng_1_2_291232553913.dat
    + 2009-01-21 14:41:05 305,056 ----a-w c:\windows\Temp\cteng_1_2_301232540197.dat
    + 2009-01-21 08:40:09 219,196 ----a-w c:\windows\Temp\cteng_1_2_311232486485.dat
    + 2009-01-21 08:40:10 199,780 ----a-w c:\windows\Temp\cteng_1_2_331232522784.dat
    + 2009-01-20 08:11:05 288,208 ----a-w c:\windows\Temp\cteng_1_2_341232436999.dat
    + 2009-01-15 14:14:49 253,424 ----a-w c:\windows\Temp\cteng_1_2_41232028280.dat
    + 2009-01-21 14:41:05 272,052 ----a-w c:\windows\Temp\cteng_1_2_71232546505.dat
    + 2009-01-21 14:30:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_320.dat
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
    "Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
    "Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-09-28 1396736]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-01-15 251264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
    "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
    -ra------ 2008-04-11 19:50 347648 c:\documents and settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    --a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "53773:TCP"= 53773:TCP:emule tcp
    "16399:UDP"= 16399:UDP:emule udp

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-27 22272]
    R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-27 68424]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-30 93696]
    R3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-08-15 1407976]
    R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-27 48712]
    R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-27 32328]
    R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
    R4 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904]
    R4 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
    R4 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
    R4 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-27 51016]
    S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
    S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-02 14336]
    S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-02 13312]
    S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-12-18 93056]
    S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-12-18 4992]
    S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-12-18 179328]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-14 98488]
    S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
    S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
    \Shell\AutoRun\command - J:\Launch.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-21 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-BDRegion - c:\program files\Cyberlink\Shared Files\brs.exe
    HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel
    FF - ProfilePath - c:\documents and settings\Jacques\Application Data\Mozilla\Firefox\Profiles\4z3izwmv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
    FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
    FF - component: c:\program files\Mozilla Firefox\components\nsmilehighads.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
    =);
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-21 17:27:26
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1960408961-117609710-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:70,cd,3d,9f,fb,04,c1,88,c0,3e,16,1e,95,be,42,cc,fa,39,1c,35,e6,
    2d,56,91,6c,33,af,ce,f6,84,81,11,ec,51,3a,92,4c,df,b4,99,e4,d6,00,b8,34,a8,\
    "rkeysecu"=hex:90,35,3a,83,0b,f6,a1,91,59,e3,93,c8,c6,aa,5b,5e

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:fa,1f,4e,6a,ec,41,da,68,df,fc,f3,f4,de,48,a5,31,bb,39,42,b8,86,
    01,c2,3b,5b,da,78,a1,ba,6d,f1,8d,29,20,7d,eb,8e,55,d4,52,64,e4,9c,d9,a3,d9,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG06.00.00.01WORKSTATION"="55B7733310162CB888C7860131300449D1A069E7434D25A4272B8D9A8E07EE98BB6238A8497947BEF678953B72B4D239B78CA1D8842E8B0068E8E3BA6B511FBF61D7F1B5D3981EC9238550AFC7B57E13547293A59AD0E93E1B755B42A54D6240C04F1D05D3A82D09A1CD397981E318C679FAE47AA27C86B270E1628C47F953EB85640CC36005836EBD15A6B5E2134388ADB211862FA0376ECAA5387BCE0020D71013612305AC442FF382C088A4B9B94DAC0AE57E42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407789133A894319A28CE3858370EDD2A2F47931148E4143B99EAC0FA1F699C57B512EC513F7435EFAA569A25B6977BA3A60E2C302DE2AA95DCCD4A304BB39BD0508D0F56709CA2C4F14B0D46305039478BCC17A5302B712BFC60E838C6434268C741148FF00A9D536D7CBEC9967D5C5F1BEC38E0A06F75F925C4D7055AD281ED542A29902A211ADA025EF48411CD81BC867C0B1502C41581734064CA89001E301FE3142FBA2BE21D0707088C79519532F1AA1B3B0D2586C7F83DF003074E328649332A84F250956148B364BCDDFADB18F74D8A102CECCE553D4AF3EA3C23A84BE500D7EFD82324F185C30AB482A56ACA24DD0E9200DDCB353917788344C9435AF9D31B122695D21EF33C0C575C8C2E287778EE86DA1E2CF95C7B1B92F26F969682DC89D2487D3EB8BA43144C164EE315685D8B764436743706718F20C8A80B66EDEFC7DB6019D11775A6DEFD8F729FF7DE73D3ABF7157B068E151C7901695F311E82149AC386CF143654BB1CD8DF473EB7C14DB7E60A6E02BFAA9AB0078DA165EB303B417D49CE8FFEE10F99BB6216D5C47692EEB24B4B4DD595799A7B53387521B620C64948B6EBC785D0ADAFAB1A34CA614FE93373678C05E1B9CFB35C5B57FD7ABCE49ACF480F7E9D0F54E4CE38CE02F74583757DE9E6F13D73AE37B0188334029999158E13648028674BBD45A42318D2CADB374DCD8A387850D74239CFF76BF8D8A713977D5A25C91096D0EA6B31AEAF47D76C27E427E30A8E2F47C335B6BD2C2B94A16341E231C9CF7C6781EA7AD96E3920BDB4D071F78B01DEE80553453C10D7AA83CD6BF4E2940589812BD5882414B12085028AA26A3B0CD3001285ADE7BABC78AC145F0CE8B91E8BD1F034E5874B5508D282DDF6A5FA2D401965FD7CB86847CFC7DAD126686D21963DC05FA2F75EDECB6A8A6A2F07D06F18F5DC40431AF57AC532AACCC5F787A4015F6986525A3F9A244353231061E5F6150ABBA4996A676EB6FC6C2E72268354E60820AC0D0504690D89FAD162F90978B37E2859977CE4CD3FED72A735EF0273A7B67CA76E48E3C1C69C8210720BAC40B5"

    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:c5,20,54,f3,8a,c4,b9,7c,43,ed,04,81,39,df,4c,0d,b0,38,34,9a,85,
    f1,ad,a4,17,a6,76,aa,18,8c,73,f1,58,ad,64,0c,51,f6,0b,17,79,65,c6,db,0d,1e,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(900)
    c:\windows\system32\Ati2evxx.dll
    .
    Heure de fin: 2009-01-21 17:29:13
    ComboFix-quarantined-files.txt 2009-01-21 16:29:09
    ComboFix2.txt 2009-01-10 16:37:30
    ComboFix3.txt 2009-01-10 16:30:08

    Avant-CF: 27 596 783 616 octets libres
    Après-CF: 28,278,452,224 octets libres

    424 --- E O F --- 2009-01-15 08:41:14
    a b 8 Sécurité
    22 Janvier 2009 17:15:46

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Rootkit::
    c:\program files\Mozilla Firefox\components\nsmilehighads.dll

    Firefox::
    FF - prefs.js: browser.search.defaulturl -


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    22 Janvier 2009 19:21:33

    ComboFix 09-01-21.04 - Jacques 2009-01-22 19:06:40.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3326.2441 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Jacques\Mes documents\TELECHARGEMENT\ComboFix\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Jacques\Mes documents\pour botix\CFScript.txt
    AV: G DATA TotalCare 2009 *On-access scanning disabled* (Updated)
    FW: Pare-feu personnel G DATA *disabled*
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Mozilla Firefox\components\nsmilehighads.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-22 au 2009-01-22 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-21 18:04 . 2009-01-21 18:04 <REP> d-------- c:\program files\Magentic
    2009-01-21 18:04 . 2008-08-04 09:51 750,984 --a------ c:\windows\system32\Magentic Screensaver.scr
    2009-01-20 16:18 . 2009-01-20 16:18 <REP> d-------- C:\_OTMoveIt
    2009-01-20 13:22 . 2009-01-20 13:22 <REP> d-------- c:\documents and settings\All Users\Application Data\IM
    2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\program files\IncrediMail
    2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
    2009-01-20 09:20 . 2009-01-20 09:21 <REP> d-------- C:\rsit
    2009-01-20 08:11 . 2009-01-22 19:11 1,746 --a------ c:\windows\system32\OODBS.lor
    2009-01-19 22:22 . 2009-01-19 22:22 109 --a------ c:\windows\oodcnt.INI
    2009-01-19 18:02 . 2009-01-19 18:02 <REP> d-------- c:\windows\system32\oodag
    2009-01-19 17:19 . 2009-01-19 17:19 <REP> d-------- c:\program files\OO Software
    2009-01-19 10:40 . 2009-01-19 10:40 <REP> d-------- c:\program files\Defraggler
    2009-01-18 12:29 . 2009-01-18 12:29 <REP> d-------- c:\program files\Dfx
    2009-01-18 12:29 . 2009-01-18 12:29 274,432 --a------ c:\windows\system32\dfxg11.dll
    2009-01-18 12:25 . 2009-01-18 12:25 <REP> d-------- c:\program files\Uniblue
    2009-01-14 11:22 . 2009-01-14 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
    2009-01-14 09:54 . 2009-01-14 09:54 <REP> d-------- c:\windows\system32\Kaspersky Lab
    2009-01-14 09:50 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
    2009-01-14 09:50 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
    2009-01-14 09:50 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
    2009-01-14 09:50 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
    2009-01-14 09:50 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
    2009-01-14 09:50 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
    2009-01-14 09:50 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
    2009-01-14 09:43 . 2009-01-14 09:43 <REP> d-------- c:\program files\SiSoftware
    2009-01-12 09:39 . 2009-01-12 09:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Vocal Transformer
    2009-01-12 09:32 . 2009-01-13 11:39 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
    2009-01-11 15:05 . 2009-01-11 15:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Documentation
    2009-01-11 15:01 . 2009-01-20 10:45 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdy.DAT
    2009-01-11 13:56 . 2009-01-11 13:56 0 --a------ c:\windows\ViewNX.INI
    2009-01-11 13:32 . 2009-01-11 13:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Database
    2009-01-11 13:32 . 2009-01-11 18:37 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
    2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
    2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Nikon
    2009-01-11 13:26 . 2009-01-11 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Commands
    2009-01-11 13:26 . 2009-01-11 13:53 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
    2009-01-11 13:10 . 2009-01-12 09:32 <REP> d-------- c:\program files\Nikon
    2009-01-11 13:10 . 2009-01-20 10:43 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLeh.DAT
    2009-01-11 11:01 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
    2009-01-11 11:01 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
    2009-01-10 19:02 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\Jacques\Application Data\Babylon
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\Jacques\Application Data\Malwarebytes
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-07 16:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-07 16:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-07 09:42 . 2009-01-07 09:42 <REP> d-------- c:\documents and settings\Jacques\Application Data\TuneUp Software
    2009-01-07 09:42 . 2009-01-07 09:42 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
    2009-01-07 09:42 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
    2009-01-07 09:41 . 2009-01-07 09:45 <REP> d-------- c:\program files\TuneUp Utilities 2008
    2009-01-07 09:41 . 2009-01-07 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-01-07 09:30 . 2009-01-07 09:30 <REP> d-------- c:\program files\AxBx
    2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\program files\JAM Software
    2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\documents and settings\Jacques\Application Data\JAM Software
    2009-01-03 12:34 . 2009-01-18 10:04 156 --a------ c:\windows\Twunk001.MTX
    2009-01-03 12:34 . 2009-01-18 10:04 5 --a------ c:\windows\Twain001.Mtx
    2009-01-03 12:34 . 2009-01-03 12:34 0 --a------ c:\windows\Twunk002.MTX
    2009-01-03 10:15 . 2009-01-09 15:31 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe
    2009-01-03 10:15 . 2009-01-03 10:15 68,513 --a------ c:\windows\system32\pujaruyrydgs.dll-uninst.exe
    2009-01-03 10:15 . 2009-01-03 10:15 47,576 --a------ c:\windows\system32\rmnajrfcoebsfdb.exe
    2009-01-02 13:46 . 2009-01-02 17:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\PixVue
    2009-01-02 08:28 . 2008-04-01 13:23 118,520 --------- c:\windows\system32\pxinsi64.exe
    2009-01-02 08:28 . 2008-04-01 13:23 118,056 --------- c:\windows\system32\pxcpyi64.exe
    2008-12-28 09:08 . 2008-12-28 09:08 0 --a------ c:\windows\nsreg.dat
    2008-12-28 08:41 . 2008-12-28 08:41 <REP> d-------- c:\documents and settings\Jacques\Application Data\Windows Live Writer
    2008-12-27 19:31 . 2008-12-27 19:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\Fichiers communs\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
    2008-12-27 16:55 . 2009-01-17 09:28 <REP> d-------- c:\program files\Incomplete
    2008-12-27 16:32 . 2008-12-27 16:32 68,424 --a------ c:\windows\system32\drivers\GRD.sys
    2008-12-27 16:30 . 2009-01-22 19:15 122,255,392 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2008-12-27 16:30 . 2009-01-22 19:14 1,608,224 --ahs---- c:\windows\system32\drivers\fidbox2.dat
    2008-12-27 16:30 . 2009-01-22 19:10 1,445,144 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2008-12-27 16:30 . 2009-01-22 19:10 159,080 --ahs---- c:\windows\system32\drivers\fidbox2.idx
    2008-12-27 16:04 . 2008-12-27 16:25 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys
    2008-12-27 16:04 . 2008-12-27 16:25 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
    2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\G DATA
    2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\Fichiers communs\G DATA
    2008-12-27 16:03 . 2008-12-27 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
    2008-12-27 16:03 . 2008-12-29 08:48 <REP> d--hs---- C:\#GDATA.Trash.Store#
    2008-12-27 16:03 . 2008-12-27 16:31 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
    2008-12-27 16:03 . 2008-12-27 16:03 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-20 15:14 --------- d-----w c:\program files\eMule
    2009-01-18 11:29 --------- d-----w c:\program files\Winamp
    2009-01-18 11:25 --------- d-----w c:\documents and settings\Jacques\Application Data\Uniblue
    2009-01-18 10:46 --------- d-----w c:\program files\Bonjour
    2009-01-15 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-12 08:37 --------- d-----w c:\documents and settings\Jacques\Application Data\Nikon
    2009-01-12 08:33 --------- d-----w c:\program files\Fichiers communs\Nikon
    2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
    2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
    2009-01-11 12:11 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-11 09:30 --------- d-----w c:\documents and settings\Jacques\Application Data\Vso
    2009-01-07 08:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2009-01-02 16:25 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-12-29 16:17 --------- d-----w c:\program files\LimeWire
    2008-12-29 08:50 --------- d-----w c:\documents and settings\Jacques\Application Data\LimeWire
    2008-12-29 07:47 --------- d-----w c:\documents and settings\Jacques\Application Data\uTorrent
    2008-12-28 16:58 --------- d-----w c:\program files\Google
    2008-12-28 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-12-27 15:35 --------- d-----w c:\documents and settings\Jacques\Application Data\vlc
    2008-12-27 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2008-12-19 15:34 --------- d-----w c:\program files\Xvid
    2008-12-18 09:02 --------- d-----w c:\documents and settings\Jacques\Application Data\muvee Technologies
    2008-12-18 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
    2008-12-18 08:39 --------- d-----w c:\program files\iTunes
    2008-12-18 08:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-18 08:38 --------- d-----w c:\program files\QuickTime
    2008-12-18 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2008-12-18 08:30 --------- d-----w c:\program files\Creative
    2008-12-18 08:21 --------- d-----w c:\documents and settings\Jacques\Application Data\Creative
    2008-12-18 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
    2008-12-18 07:21 --------- d-----w c:\program files\Windows Live
    2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Silverlight
    2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Office Outlook Connector
    2008-12-18 07:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
    2008-12-18 07:18 --------- d-----w c:\program files\Windows Live SkyDrive
    2008-12-18 07:18 --------- d-----w c:\program files\Microsoft
    2008-12-17 19:10 --------- d-----w c:\documents and settings\Jacques\Application Data\EPSON
    2008-12-17 09:34 --------- d-----w c:\program files\Fichiers communs\Windows Live
    2008-12-15 09:18 --------- d-----w c:\program files\Activision
    2008-12-14 18:56 --------- d-----w c:\program files\SFR
    2008-12-14 09:17 --------- d-----w c:\program files\Java
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-08 20:20 16,608 ----a-w c:\windows\gdrv.sys
    2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
    2008-12-01 05:58 --------- d-----w c:\program files\CyberLink
    2008-12-01 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
    2008-11-28 16:13 --------- d-----w c:\documents and settings\Jacques\Application Data\Winamp
    2008-11-28 15:49 --------- d-----w c:\program files\Fichiers communs\CyberLink
    2008-11-26 00:04 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
    2008-11-24 10:52 --------- d-----w c:\program files\Foxmail
    2008-10-24 13:40 22,328 ----a-w c:\documents and settings\Jacques\Application Data\PnkBstrK.sys
    2008-10-06 18:24 47,360 ----a-w c:\documents and settings\Jacques\Application Data\pcouffin.sys
    2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092920081006\index.dat
    2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101120081012\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2009-01-21_17.28.04,10 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-22 18:11:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_324.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
    "Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
    "Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-09-28 1396736]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-01-15 251264]
    "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
    "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
    -ra------ 2008-04-11 19:50 347648 c:\documents and settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    --a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
    "c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
    "c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
    "c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "53773:TCP"= 53773:TCP:emule tcp
    "16399:UDP"= 16399:UDP:emule udp

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-27 22272]
    R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-27 68424]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-30 93696]
    R3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-08-15 1407976]
    R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-27 48712]
    R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-27 32328]
    R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
    R4 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904]
    R4 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
    R4 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
    R4 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-27 51016]
    S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
    S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-02 14336]
    S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-02 13312]
    S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-12-18 93056]
    S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-12-18 4992]
    S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-12-18 179328]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-14 98488]
    S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
    S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
    \Shell\AutoRun\command - J:\Launch.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-22 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel
    FF - ProfilePath - c:\documents and settings\Jacques\Application Data\Mozilla\Firefox\Profiles\4z3izwmv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.magentic.com/
    FF - prefs.js: keyword.URL - hxxp://mystart.magentic.com/?loc=FF_Magentic_AddressBar&search=
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
    =);
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-22 19:15:46
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1960408961-117609710-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:70,cd,3d,9f,fb,04,c1,88,c0,3e,16,1e,95,be,42,cc,fa,39,1c,35,e6,
    2d,56,91,6c,33,af,ce,f6,84,81,11,ec,51,3a,92,4c,df,b4,99,e4,d6,00,b8,34,a8,\
    "rkeysecu"=hex:90,35,3a,83,0b,f6,a1,91,59,e3,93,c8,c6,aa,5b,5e

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:fa,1f,4e,6a,ec,41,da,68,df,fc,f3,f4,de,48,a5,31,bb,39,42,b8,86,
    01,c2,3b,5b,da,78,a1,ba,6d,f1,8d,29,20,7d,eb,8e,55,d4,52,64,e4,9c,d9,a3,d9,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG06.00.00.01WORKSTATION"="55B7733310162CB888C7860131300449D1A069E7434D25A4272B8D9A8E07EE98BB6238A8497947BEF678953B72B4D239B78CA1D8842E8B0068E8E3BA6B511FBF61D7F1B5D3981EC9238550AFC7B57E13547293A59AD0E93E1B755B42A54D6240C04F1D05D3A82D09A1CD397981E318C679FAE47AA27C86B270E1628C47F953EB85640CC36005836EBD15A6B5E2134388ADB211862FA0376ECAA5387BCE0020D71013612305AC442FF382C088A4B9B94DAC0AE57E42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407789133A894319A28CE3858370EDD2A2F47931148E4143B99EAC0FA1F699C57B512EC513F7435EFAA569A25B6977BA3A60E2C302DE2AA95DCCD4A304BB39BD0508D0F56709CA2C4F14B0D46305039478BCC17A5302B712BFC60E838C6434268C741148FF00A9D536D7CBEC9967D5C5F1BEC38E0A06F75F925C4D7055AD281ED542A29902A211ADA025EF48411CD81BC867C0B1502C41581734064CA89001E301FE3142FBA2BE21D0707088C79519532F1AA1B3B0D2586C7F83DF003074E328649332A84F250956148B364BCDDFADB18F74D8A102CECCE553D4AF3EA3C23A84BE500D7EFD82324F185C30AB482A56ACA24DD0E9200DDCB353917788344C9435AF9D31B122695D21EF33C0C575C8C2E287778EE86DA1E2CF95C7B1B92F26F969682DC89D2487D3EB8BA43144C164EE315685D8B764436743706718F20C8A80B66EDEFC7DB6019D11775A6DEFD8F729FF7DE73D3ABF7157B068E151C7901695F311E82149AC386CF143654BB1CD8DF473EB7C14DB7E60A6E02BFAA9AB0078DA165EB303B417D49CE8FFEE10F99BB6216D5C47692EEB24B4B4DD595799A7B53387521B620C64948B6EBC785D0ADAFAB1A34CA614FE93373678C05E1B9CFB35C5B57FD7ABCE49ACF480F7E9D0F54E4CE38CE02F74583757DE9E6F13D73AE37B0188334029999158E13648028674BBD45A42318D2CADB374DCD8A387850D74239CFF76BF8D8A713977D5A25C91096D0EA6B31AEAF47D76C27E427E30A8E2F47C335B6BD2C2B94A16341E231C9CF7C6781EA7AD96E3920BDB4D071F78B01DEE80553453C10D7AA83CD6BF4E2940589812BD5882414B12085028AA26A3B0CD3001285ADE7BABC78AC145F0CE8B91E8BD1F034E5874B5508D282DDF6A5FA2D401965FD7CB86847CFC7DAD126686D21963DC05FA2F75EDECB6A8A6A2F07D06F18F5DC40431AF57AC532AACCC5F787A4015F6986525A3F9A244353231061E5F6150ABBA4996A676EB6FC6C2E72268354E60820AC0D0504690D89FAD162F90978B37E2859977CE4CD3FED72A735EF0273A7B67CA76E48E3C1C69C8210720BAC40B5"

    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:c5,20,54,f3,8a,c4,b9,7c,43,ed,04,81,39,df,4c,0d,b0,38,34,9a,85,
    f1,ad,a4,17,a6,76,aa,18,8c,73,f1,58,ad,64,0c,51,f6,0b,17,79,65,c6,db,0d,1e,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(884)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\system32\oodag.exe
    c:\windows\system32\IoctlSvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\IncrediMail\bin\ImApp.exe
    c:\program files\SFR\Media Center\httpd\httpd.exe
    c:\progra~1\Magentic\bin\MgApp.exe
    c:\program files\SFR\Media Center\httpd\httpd.exe
    c:\program files\Windows Live\Contacts\wlcomm.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-22 19:17:59 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-01-22 18:17:56
    ComboFix2.txt 2009-01-21 16:29:14
    ComboFix3.txt 2009-01-10 16:37:30
    ComboFix4.txt 2009-01-10 16:30:08

    Avant-CF: 28 206 743 552 octets libres
    Après-CF: 28,232,708,096 octets libres

    346 --- E O F --- 2009-01-15 08:41:14



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:20:31, on 22/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\SFR\Media Center\MediaCenter.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Program Files\SFR\Media Center\httpd\httpd.exe
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\SFR\Media Center\httpd\httpd.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Jacques\Mes documents\TELECHARGEMENT\hitjackThis\Jacques.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'Default user')
    O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CT...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
    O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
    O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
    O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 12416 bytes




    a b 8 Sécurité
    23 Janvier 2009 19:29:14

    On va réessayer un script.

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Firefox::
    FF - user.js: browser.search.selectedEngine -
    FF - user.js: keyword.URL -
    FF - user.js: keyword.enabled - false
    FF - user.js: browser.search.defaultenginename -
    FF - user.js: browser.search.defaulturl -
    Registry::


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    24 Janvier 2009 09:12:16

    voici le rapport de ce matin

    ComboFix 09-01-21.04 - Jacques 2009-01-24 9:05:33.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3326.2320 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Jacques\Mes documents\TELECHARGEMENT\ComboFix\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Jacques\Mes documents\CFScript.txt
    AV: G DATA TotalCare 2009 *On-access scanning disabled* (Updated)
    FW: Pare-feu personnel G DATA *disabled*
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-24 au 2009-01-24 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-21 18:04 . 2009-01-21 18:04 <REP> d-------- c:\program files\Magentic
    2009-01-21 18:04 . 2008-08-04 09:51 750,984 --a------ c:\windows\system32\Magentic Screensaver.scr
    2009-01-20 16:18 . 2009-01-20 16:18 <REP> d-------- C:\_OTMoveIt
    2009-01-20 13:22 . 2009-01-20 13:22 <REP> d-------- c:\documents and settings\All Users\Application Data\IM
    2009-01-20 13:21 . 2009-01-23 14:01 <REP> d-------- c:\program files\IncrediMail
    2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
    2009-01-20 09:20 . 2009-01-20 09:21 <REP> d-------- C:\rsit
    2009-01-20 08:11 . 2009-01-24 07:53 3,201 --a------ c:\windows\system32\OODBS.lor
    2009-01-19 22:22 . 2009-01-19 22:22 109 --a------ c:\windows\oodcnt.INI
    2009-01-19 18:02 . 2009-01-19 18:02 <REP> d-------- c:\windows\system32\oodag
    2009-01-19 17:19 . 2009-01-19 17:19 <REP> d-------- c:\program files\OO Software
    2009-01-19 10:40 . 2009-01-19 10:40 <REP> d-------- c:\program files\Defraggler
    2009-01-18 12:29 . 2009-01-18 12:29 <REP> d-------- c:\program files\Dfx
    2009-01-18 12:29 . 2009-01-18 12:29 274,432 --a------ c:\windows\system32\dfxg11.dll
    2009-01-18 12:25 . 2009-01-18 12:25 <REP> d-------- c:\program files\Uniblue
    2009-01-14 11:22 . 2009-01-14 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
    2009-01-14 09:54 . 2009-01-14 09:54 <REP> d-------- c:\windows\system32\Kaspersky Lab
    2009-01-14 09:50 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
    2009-01-14 09:50 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
    2009-01-14 09:50 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
    2009-01-14 09:50 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
    2009-01-14 09:50 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
    2009-01-14 09:50 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
    2009-01-14 09:50 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
    2009-01-14 09:43 . 2009-01-14 09:43 <REP> d-------- c:\program files\SiSoftware
    2009-01-12 09:39 . 2009-01-12 09:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Vocal Transformer
    2009-01-12 09:32 . 2009-01-13 11:39 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
    2009-01-11 15:05 . 2009-01-11 15:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Documentation
    2009-01-11 15:01 . 2009-01-20 10:45 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdy.DAT
    2009-01-11 13:56 . 2009-01-11 13:56 0 --a------ c:\windows\ViewNX.INI
    2009-01-11 13:32 . 2009-01-11 13:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Database
    2009-01-11 13:32 . 2009-01-11 18:37 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
    2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
    2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Nikon
    2009-01-11 13:26 . 2009-01-11 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Commands
    2009-01-11 13:26 . 2009-01-11 13:53 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
    2009-01-11 13:10 . 2009-01-12 09:32 <REP> d-------- c:\program files\Nikon
    2009-01-11 13:10 . 2009-01-20 10:43 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLeh.DAT
    2009-01-11 11:01 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
    2009-01-11 11:01 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
    2009-01-10 19:02 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\Jacques\Application Data\Babylon
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\Jacques\Application Data\Malwarebytes
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-07 16:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-07 16:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-07 09:42 . 2009-01-07 09:42 <REP> d-------- c:\documents and settings\Jacques\Application Data\TuneUp Software
    2009-01-07 09:42 . 2009-01-07 09:42 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
    2009-01-07 09:42 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
    2009-01-07 09:41 . 2009-01-07 09:45 <REP> d-------- c:\program files\TuneUp Utilities 2008
    2009-01-07 09:41 . 2009-01-07 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-01-07 09:30 . 2009-01-07 09:30 <REP> d-------- c:\program files\AxBx
    2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\program files\JAM Software
    2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\documents and settings\Jacques\Application Data\JAM Software
    2009-01-03 12:34 . 2009-01-18 10:04 156 --a------ c:\windows\Twunk001.MTX
    2009-01-03 12:34 . 2009-01-18 10:04 5 --a------ c:\windows\Twain001.Mtx
    2009-01-03 12:34 . 2009-01-03 12:34 0 --a------ c:\windows\Twunk002.MTX
    2009-01-03 10:15 . 2009-01-09 15:31 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe
    2009-01-03 10:15 . 2009-01-03 10:15 68,513 --a------ c:\windows\system32\pujaruyrydgs.dll-uninst.exe
    2009-01-03 10:15 . 2009-01-03 10:15 47,576 --a------ c:\windows\system32\rmnajrfcoebsfdb.exe
    2009-01-02 13:46 . 2009-01-02 17:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\PixVue
    2009-01-02 08:28 . 2008-04-01 13:23 118,520 --------- c:\windows\system32\pxinsi64.exe
    2009-01-02 08:28 . 2008-04-01 13:23 118,056 --------- c:\windows\system32\pxcpyi64.exe
    2008-12-28 09:08 . 2008-12-28 09:08 0 --a------ c:\windows\nsreg.dat
    2008-12-28 08:41 . 2008-12-28 08:41 <REP> d-------- c:\documents and settings\Jacques\Application Data\Windows Live Writer
    2008-12-27 19:31 . 2008-12-27 19:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\Fichiers communs\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
    2008-12-27 16:55 . 2009-01-17 09:28 <REP> d-------- c:\program files\Incomplete
    2008-12-27 16:32 . 2008-12-27 16:32 68,424 --a------ c:\windows\system32\drivers\GRD.sys
    2008-12-27 16:30 . 2009-01-24 09:07 126,873,632 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2008-12-27 16:30 . 2009-01-24 09:07 1,643,040 --ahs---- c:\windows\system32\drivers\fidbox2.dat
    2008-12-27 16:30 . 2009-01-23 09:36 1,448,240 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2008-12-27 16:30 . 2009-01-23 09:36 160,760 --ahs---- c:\windows\system32\drivers\fidbox2.idx
    2008-12-27 16:04 . 2008-12-27 16:25 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys
    2008-12-27 16:04 . 2008-12-27 16:25 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
    2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\G DATA
    2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\Fichiers communs\G DATA
    2008-12-27 16:03 . 2008-12-27 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
    2008-12-27 16:03 . 2008-12-29 08:48 <REP> d--hs---- C:\#GDATA.Trash.Store#
    2008-12-27 16:03 . 2008-12-27 16:31 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
    2008-12-27 16:03 . 2008-12-27 16:03 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-20 15:14 --------- d-----w c:\program files\eMule
    2009-01-18 11:29 --------- d-----w c:\program files\Winamp
    2009-01-18 11:25 --------- d-----w c:\documents and settings\Jacques\Application Data\Uniblue
    2009-01-18 10:46 --------- d-----w c:\program files\Bonjour
    2009-01-15 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-12 08:37 --------- d-----w c:\documents and settings\Jacques\Application Data\Nikon
    2009-01-12 08:33 --------- d-----w c:\program files\Fichiers communs\Nikon
    2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
    2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
    2009-01-11 12:11 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-11 09:30 --------- d-----w c:\documents and settings\Jacques\Application Data\Vso
    2009-01-07 08:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2009-01-02 16:25 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-12-29 16:17 --------- d-----w c:\program files\LimeWire
    2008-12-29 08:50 --------- d-----w c:\documents and settings\Jacques\Application Data\LimeWire
    2008-12-29 07:47 --------- d-----w c:\documents and settings\Jacques\Application Data\uTorrent
    2008-12-28 16:58 --------- d-----w c:\program files\Google
    2008-12-28 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-12-27 15:35 --------- d-----w c:\documents and settings\Jacques\Application Data\vlc
    2008-12-27 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2008-12-19 15:34 --------- d-----w c:\program files\Xvid
    2008-12-18 09:02 --------- d-----w c:\documents and settings\Jacques\Application Data\muvee Technologies
    2008-12-18 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
    2008-12-18 08:39 --------- d-----w c:\program files\iTunes
    2008-12-18 08:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-18 08:38 --------- d-----w c:\program files\QuickTime
    2008-12-18 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2008-12-18 08:30 --------- d-----w c:\program files\Creative
    2008-12-18 08:21 --------- d-----w c:\documents and settings\Jacques\Application Data\Creative
    2008-12-18 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
    2008-12-18 07:21 --------- d-----w c:\program files\Windows Live
    2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Silverlight
    2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Office Outlook Connector
    2008-12-18 07:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
    2008-12-18 07:18 --------- d-----w c:\program files\Windows Live SkyDrive
    2008-12-18 07:18 --------- d-----w c:\program files\Microsoft
    2008-12-17 19:10 --------- d-----w c:\documents and settings\Jacques\Application Data\EPSON
    2008-12-17 09:34 --------- d-----w c:\program files\Fichiers communs\Windows Live
    2008-12-15 09:18 --------- d-----w c:\program files\Activision
    2008-12-14 18:56 --------- d-----w c:\program files\SFR
    2008-12-14 09:17 --------- d-----w c:\program files\Java
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-08 20:20 16,608 ----a-w c:\windows\gdrv.sys
    2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
    2008-12-04 20:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll
    2008-12-04 20:42 815,104 ----a-w c:\windows\system32\xvidcore.dll
    2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
    2008-12-01 05:58 --------- d-----w c:\program files\CyberLink
    2008-12-01 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
    2008-11-28 16:13 --------- d-----w c:\documents and settings\Jacques\Application Data\Winamp
    2008-11-28 15:49 --------- d-----w c:\program files\Fichiers communs\CyberLink
    2008-11-28 15:47 29,480 ----a-w c:\windows\system32\msxml3a.dll
    2008-11-26 00:04 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
    2008-11-24 10:52 --------- d-----w c:\program files\Foxmail
    2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-10-24 13:40 22,328 ----a-w c:\documents and settings\Jacques\Application Data\PnkBstrK.sys
    2008-10-06 18:24 47,360 ----a-w c:\documents and settings\Jacques\Application Data\pcouffin.sys
    2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092920081006\index.dat
    2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101120081012\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2009-01-21_17.28.04,10 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-24 07:50:26 25,488 ----a-w c:\windows\Temp\cteng_1_1_101232741127.dat
    + 2009-01-23 11:16:47 35,952 ----a-w c:\windows\Temp\cteng_1_1_111232704197.dat
    + 2009-01-22 19:07:51 39,524 ----a-w c:\windows\Temp\cteng_1_1_121232596547.dat
    - 2009-01-19 17:30:22 44,456 ----a-w c:\windows\Temp\cteng_1_1_131232384699.dat
    + 2009-01-22 19:07:51 44,456 ----a-w c:\windows\Temp\cteng_1_1_131232384699.dat
    - 2009-01-20 10:25:02 39,484 ----a-w c:\windows\Temp\cteng_1_1_141232446973.dat
    + 2009-01-22 19:07:51 39,484 ----a-w c:\windows\Temp\cteng_1_1_141232446973.dat
    + 2009-01-23 13:05:55 19,792 ----a-w c:\windows\Temp\cteng_1_1_161232715924.dat
    + 2009-01-23 11:16:47 84,976 ----a-w c:\windows\Temp\cteng_1_1_181232708725.dat
    + 2009-01-22 20:14:51 57,416 ----a-w c:\windows\Temp\cteng_1_1_201232655228.dat
    + 2009-01-22 19:07:52 39,340 ----a-w c:\windows\Temp\cteng_1_1_211232638623.dat
    + 2009-01-23 11:16:47 28,780 ----a-w c:\windows\Temp\cteng_1_1_221232705111.dat
    + 2009-01-23 07:09:18 40,360 ----a-w c:\windows\Temp\cteng_1_1_231232694249.dat
    + 2009-01-23 13:46:37 39,136 ----a-w c:\windows\Temp\cteng_1_1_41232718278.dat
    + 2009-01-23 11:16:48 39,224 ----a-w c:\windows\Temp\cteng_1_1_71232703947.dat
    + 2009-01-24 07:50:26 29,224 ----a-w c:\windows\Temp\cteng_1_1_81232733921.dat
    - 2009-01-19 15:29:40 44,864 ----a-w c:\windows\Temp\cteng_1_1_91232376641.dat
    + 2009-01-22 19:07:53 44,864 ----a-w c:\windows\Temp\cteng_1_1_91232376641.dat
    + 2009-01-23 14:22:48 301,844 ----a-w c:\windows\Temp\cteng_1_2_131232719520.dat
    + 2009-01-22 19:07:54 268,692 ----a-w c:\windows\Temp\cteng_1_2_141232622315.dat
    + 2009-01-22 19:07:55 194,468 ----a-w c:\windows\Temp\cteng_1_2_151232613762.dat
    + 2009-01-23 13:36:35 194,164 ----a-w c:\windows\Temp\cteng_1_2_161232717235.dat
    + 2009-01-24 07:50:27 268,552 ----a-w c:\windows\Temp\cteng_1_2_171232771556.dat
    + 2009-01-23 11:16:48 205,492 ----a-w c:\windows\Temp\cteng_1_2_181232708718.dat
    + 2009-01-24 07:50:27 301,668 ----a-w c:\windows\Temp\cteng_1_2_201232749923.dat
    + 2009-01-24 07:50:27 265,180 ----a-w c:\windows\Temp\cteng_1_2_211232781286.dat
    + 2009-01-22 19:07:57 282,940 ----a-w c:\windows\Temp\cteng_1_2_221232629511.dat
    + 2009-01-22 19:07:57 341,400 ----a-w c:\windows\Temp\cteng_1_2_231232643921.dat
    - 2009-01-07 15:27:28 232,896 ----a-w c:\windows\Temp\cteng_1_2_241228086145.dat
    + 2009-01-22 19:07:58 232,896 ----a-w c:\windows\Temp\cteng_1_2_241228086145.dat
    + 2009-01-22 19:07:58 172,704 ----a-w c:\windows\Temp\cteng_1_2_251232562029.dat
    + 2009-01-23 11:16:48 240,304 ----a-w c:\windows\Temp\cteng_1_2_261232701519.dat
    + 2009-01-22 19:07:59 348,592 ----a-w c:\windows\Temp\cteng_1_2_271232608922.dat
    + 2009-01-23 16:20:31 266,564 ----a-w c:\windows\Temp\cteng_1_2_281232726715.dat
    + 2009-01-23 15:21:09 318,396 ----a-w c:\windows\Temp\cteng_1_2_291232723121.dat
    + 2009-01-23 12:18:09 295,344 ----a-w c:\windows\Temp\cteng_1_2_301232712321.dat
    + 2009-01-24 07:50:28 198,808 ----a-w c:\windows\Temp\cteng_1_2_311232744726.dat
    + 2009-01-24 07:50:28 188,616 ----a-w c:\windows\Temp\cteng_1_2_331232777116.dat
    + 2009-01-24 07:50:28 203,796 ----a-w c:\windows\Temp\cteng_1_2_341232774337.dat
    + 2009-01-23 13:46:37 230,512 ----a-w c:\windows\Temp\cteng_1_2_41232718276.dat
    + 2009-01-23 11:16:50 225,840 ----a-w c:\windows\Temp\cteng_1_2_71232703944.dat
    - 2009-01-07 15:27:31 50,948 ----a-w c:\windows\Temp\cteng_3_2_11231224990.dat
    + 2009-01-22 19:08:02 50,948 ----a-w c:\windows\Temp\cteng_3_2_11231224990.dat
    - 2009-01-07 15:27:31 16,804 ----a-w c:\windows\Temp\cteng_8_2_11223394495.dat
    + 2009-01-22 19:08:02 16,804 ----a-w c:\windows\Temp\cteng_8_2_11223394495.dat
    - 2009-01-07 15:27:31 12,320 ----a-w c:\windows\Temp\cteng_8_2_21231227908.dat
    + 2009-01-22 19:08:02 12,320 ----a-w c:\windows\Temp\cteng_8_2_21231227908.dat
    + 2009-01-24 06:54:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_164.dat
    + 2009-01-24 06:54:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_604.dat
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
    "Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
    "Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-09-28 1396736]
    "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
    "Foxmail"="c:\program files\Foxmail\Foxmail.exe" [2004-08-02 3272704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
    "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
    -ra------ 2008-04-11 19:50 347648 c:\documents and settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    --a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
    "c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
    "c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
    "c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "53773:TCP"= 53773:TCP:emule tcp
    "16399:UDP"= 16399:UDP:emule udp

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-27 22272]
    R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-27 68424]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-30 93696]
    R3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-08-15 1407976]
    R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-27 48712]
    R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-27 32328]
    R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
    R4 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904]
    R4 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
    R4 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
    R4 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-27 51016]
    S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
    S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-02 14336]
    S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-02 13312]
    S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-12-18 93056]
    S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-12-18 4992]
    S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-12-18 179328]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-14 98488]
    S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
    S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
    \Shell\AutoRun\command - J:\Launch.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-24 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel
    FF - ProfilePath - c:\documents and settings\Jacques\Application Data\Mozilla\Firefox\Profiles\4z3izwmv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Yoog Search
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.magentic.com/
    FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
    =);
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-24 09:07:35
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1960408961-117609710-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:70,cd,3d,9f,fb,04,c1,88,c0,3e,16,1e,95,be,42,cc,fa,39,1c,35,e6,
    2d,56,91,6c,33,af,ce,f6,84,81,11,ec,51,3a,92,4c,df,b4,99,e4,d6,00,b8,34,a8,\
    "rkeysecu"=hex:90,35,3a,83,0b,f6,a1,91,59,e3,93,c8,c6,aa,5b,5e

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:fa,1f,4e,6a,ec,41,da,68,df,fc,f3,f4,de,48,a5,31,bb,39,42,b8,86,
    01,c2,3b,5b,da,78,a1,ba,6d,f1,8d,29,20,7d,eb,8e,55,d4,52,64,e4,9c,d9,a3,d9,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG06.00.00.01WORKSTATION"="55B7733310162CB888C7860131300449D1A069E7434D25A4272B8D9A8E07EE98BB6238A8497947BEF678953B72B4D239B78CA1D8842E8B0068E8E3BA6B511FBF61D7F1B5D3981EC9238550AFC7B57E13547293A59AD0E93E1B755B42A54D6240C04F1D05D3A82D09A1CD397981E318C679FAE47AA27C86B270E1628C47F953EB85640CC36005836EBD15A6B5E2134388ADB211862FA0376ECAA5387BCE0020D71013612305AC442FF382C088A4B9B94DAC0AE57E42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407789133A894319A28CE3858370EDD2A2F47931148E4143B99EAC0FA1F699C57B512EC513F7435EFAA569A25B6977BA3A60E2C302DE2AA95DCCD4A304BB39BD0508D0F56709CA2C4F14B0D46305039478BCC17A5302B712BFC60E838C6434268C741148FF00A9D536D7CBEC9967D5C5F1BEC38E0A06F75F925C4D7055AD281ED542A29902A211ADA025EF48411CD81BC867C0B1502C41581734064CA89001E301FE3142FBA2BE21D0707088C79519532F1AA1B3B0D2586C7F83DF003074E328649332A84F250956148B364BCDDFADB18F74D8A102CECCE553D4AF3EA3C23A84BE500D7EFD82324F185C30AB482A56ACA24DD0E9200DDCB353917788344C9435AF9D31B122695D21EF33C0C575C8C2E287778EE86DA1E2CF95C7B1B92F26F969682DC89D2487D3EB8BA43144C164EE315685D8B764436743706718F20C8A80B66EDEFC7DB6019D11775A6DEFD8F729FF7DE73D3ABF7157B068E151C7901695F311E82149AC386CF143654BB1CD8DF473EB7C14DB7E60A6E02BFAA9AB0078DA165EB303B417D49CE8FFEE10F99BB6216D5C47692EEB24B4B4DD595799A7B53387521B620C64948B6EBC785D0ADAFAB1A34CA614FE93373678C05E1B9CFB35C5B57FD7ABCE49ACF480F7E9D0F54E4CE38CE02F74583757DE9E6F13D73AE37B0188334029999158E13648028674BBD45A42318D2CADB374DCD8A387850D74239CFF76BF8D8A713977D5A25C91096D0EA6B31AEAF47D76C27E427E30A8E2F47C335B6BD2C2B94A16341E231C9CF7C6781EA7AD96E3920BDB4D071F78B01DEE80553453C10D7AA83CD6BF4E2940589812BD5882414B12085028AA26A3B0CD3001285ADE7BABC78AC145F0CE8B91E8BD1F034E5874B5508D282DDF6A5FA2D401965FD7CB86847CFC7DAD126686D21963DC05FA2F75EDECB6A8A6A2F07D06F18F5DC40431AF57AC532AACCC5F787A4015F6986525A3F9A244353231061E5F6150ABBA4996A676EB6FC6C2E72268354E60820AC0D0504690D89FAD162F90978B37E2859977CE4CD3FED72A735EF0273A7B67CA76E48E3C1C69C8210720BAC40B5"

    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:c5,20,54,f3,8a,c4,b9,7c,43,ed,04,81,39,df,4c,0d,b0,38,34,9a,85,
    f1,ad,a4,17,a6,76,aa,18,8c,73,f1,58,ad,64,0c,51,f6,0b,17,79,65,c6,db,0d,1e,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(884)
    c:\windows\system32\Ati2evxx.dll
    .
    Heure de fin: 2009-01-24 9:10:06
    ComboFix-quarantined-files.txt 2009-01-24 08:09:09
    ComboFix2.txt 2009-01-22 18:18:00
    ComboFix3.txt 2009-01-21 16:29:14
    ComboFix4.txt 2009-01-10 16:37:30
    ComboFix5.txt 2009-01-24 08:04:59

    Avant-CF: 29 584 801 792 octets libres
    Après-CF: 30,002,925,568 octets libres

    377 --- E O F --- 2009-01-15 08:41:14
    24 Janvier 2009 09:14:50

    ComboFix 09-01-21.04 - Jacques 2009-01-24 9:05:33.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3326.2320 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Jacques\Mes documents\TELECHARGEMENT\ComboFix\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Jacques\Mes documents\CFScript.txt
    AV: G DATA TotalCare 2009 *On-access scanning disabled* (Updated)
    FW: Pare-feu personnel G DATA *disabled*
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-24 au 2009-01-24 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-21 18:04 . 2009-01-21 18:04 <REP> d-------- c:\program files\Magentic
    2009-01-21 18:04 . 2008-08-04 09:51 750,984 --a------ c:\windows\system32\Magentic Screensaver.scr
    2009-01-20 16:18 . 2009-01-20 16:18 <REP> d-------- C:\_OTMoveIt
    2009-01-20 13:22 . 2009-01-20 13:22 <REP> d-------- c:\documents and settings\All Users\Application Data\IM
    2009-01-20 13:21 . 2009-01-23 14:01 <REP> d-------- c:\program files\IncrediMail
    2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
    2009-01-20 09:20 . 2009-01-20 09:21 <REP> d-------- C:\rsit
    2009-01-20 08:11 . 2009-01-24 07:53 3,201 --a------ c:\windows\system32\OODBS.lor
    2009-01-19 22:22 . 2009-01-19 22:22 109 --a------ c:\windows\oodcnt.INI
    2009-01-19 18:02 . 2009-01-19 18:02 <REP> d-------- c:\windows\system32\oodag
    2009-01-19 17:19 . 2009-01-19 17:19 <REP> d-------- c:\program files\OO Software
    2009-01-19 10:40 . 2009-01-19 10:40 <REP> d-------- c:\program files\Defraggler
    2009-01-18 12:29 . 2009-01-18 12:29 <REP> d-------- c:\program files\Dfx
    2009-01-18 12:29 . 2009-01-18 12:29 274,432 --a------ c:\windows\system32\dfxg11.dll
    2009-01-18 12:25 . 2009-01-18 12:25 <REP> d-------- c:\program files\Uniblue
    2009-01-14 11:22 . 2009-01-14 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
    2009-01-14 09:54 . 2009-01-14 09:54 <REP> d-------- c:\windows\system32\Kaspersky Lab
    2009-01-14 09:50 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
    2009-01-14 09:50 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
    2009-01-14 09:50 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
    2009-01-14 09:50 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
    2009-01-14 09:50 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
    2009-01-14 09:50 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
    2009-01-14 09:50 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
    2009-01-14 09:43 . 2009-01-14 09:43 <REP> d-------- c:\program files\SiSoftware
    2009-01-12 09:39 . 2009-01-12 09:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Vocal Transformer
    2009-01-12 09:32 . 2009-01-13 11:39 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
    2009-01-11 15:05 . 2009-01-11 15:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Documentation
    2009-01-11 15:01 . 2009-01-20 10:45 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdy.DAT
    2009-01-11 13:56 . 2009-01-11 13:56 0 --a------ c:\windows\ViewNX.INI
    2009-01-11 13:32 . 2009-01-11 13:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Database
    2009-01-11 13:32 . 2009-01-11 18:37 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
    2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
    2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Nikon
    2009-01-11 13:26 . 2009-01-11 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Commands
    2009-01-11 13:26 . 2009-01-11 13:53 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
    2009-01-11 13:10 . 2009-01-12 09:32 <REP> d-------- c:\program files\Nikon
    2009-01-11 13:10 . 2009-01-20 10:43 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLeh.DAT
    2009-01-11 11:01 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
    2009-01-11 11:01 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
    2009-01-10 19:02 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\Jacques\Application Data\Babylon
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\Jacques\Application Data\Malwarebytes
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-07 16:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-07 16:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-07 09:42 . 2009-01-07 09:42 <REP> d-------- c:\documents and settings\Jacques\Application Data\TuneUp Software
    2009-01-07 09:42 . 2009-01-07 09:42 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
    2009-01-07 09:42 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
    2009-01-07 09:41 . 2009-01-07 09:45 <REP> d-------- c:\program files\TuneUp Utilities 2008
    2009-01-07 09:41 . 2009-01-07 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-01-07 09:30 . 2009-01-07 09:30 <REP> d-------- c:\program files\AxBx
    2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\program files\JAM Software
    2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\documents and settings\Jacques\Application Data\JAM Software
    2009-01-03 12:34 . 2009-01-18 10:04 156 --a------ c:\windows\Twunk001.MTX
    2009-01-03 12:34 . 2009-01-18 10:04 5 --a------ c:\windows\Twain001.Mtx
    2009-01-03 12:34 . 2009-01-03 12:34 0 --a------ c:\windows\Twunk002.MTX
    2009-01-03 10:15 . 2009-01-09 15:31 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe
    2009-01-03 10:15 . 2009-01-03 10:15 68,513 --a------ c:\windows\system32\pujaruyrydgs.dll-uninst.exe
    2009-01-03 10:15 . 2009-01-03 10:15 47,576 --a------ c:\windows\system32\rmnajrfcoebsfdb.exe
    2009-01-02 13:46 . 2009-01-02 17:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\PixVue
    2009-01-02 08:28 . 2008-04-01 13:23 118,520 --------- c:\windows\system32\pxinsi64.exe
    2009-01-02 08:28 . 2008-04-01 13:23 118,056 --------- c:\windows\system32\pxcpyi64.exe
    2008-12-28 09:08 . 2008-12-28 09:08 0 --a------ c:\windows\nsreg.dat
    2008-12-28 08:41 . 2008-12-28 08:41 <REP> d-------- c:\documents and settings\Jacques\Application Data\Windows Live Writer
    2008-12-27 19:31 . 2008-12-27 19:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\Fichiers communs\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
    2008-12-27 16:55 . 2009-01-17 09:28 <REP> d-------- c:\program files\Incomplete
    2008-12-27 16:32 . 2008-12-27 16:32 68,424 --a------ c:\windows\system32\drivers\GRD.sys
    2008-12-27 16:30 . 2009-01-24 09:07 126,873,632 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2008-12-27 16:30 . 2009-01-24 09:07 1,643,040 --ahs---- c:\windows\system32\drivers\fidbox2.dat
    2008-12-27 16:30 . 2009-01-23 09:36 1,448,240 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2008-12-27 16:30 . 2009-01-23 09:36 160,760 --ahs---- c:\windows\system32\drivers\fidbox2.idx
    2008-12-27 16:04 . 2008-12-27 16:25 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys
    2008-12-27 16:04 . 2008-12-27 16:25 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
    2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\G DATA
    2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\Fichiers communs\G DATA
    2008-12-27 16:03 . 2008-12-27 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
    2008-12-27 16:03 . 2008-12-29 08:48 <REP> d--hs---- C:\#GDATA.Trash.Store#
    2008-12-27 16:03 . 2008-12-27 16:31 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
    2008-12-27 16:03 . 2008-12-27 16:03 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-20 15:14 --------- d-----w c:\program files\eMule
    2009-01-18 11:29 --------- d-----w c:\program files\Winamp
    2009-01-18 11:25 --------- d-----w c:\documents and settings\Jacques\Application Data\Uniblue
    2009-01-18 10:46 --------- d-----w c:\program files\Bonjour
    2009-01-15 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-12 08:37 --------- d-----w c:\documents and settings\Jacques\Application Data\Nikon
    2009-01-12 08:33 --------- d-----w c:\program files\Fichiers communs\Nikon
    2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
    2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
    2009-01-11 12:11 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-11 09:30 --------- d-----w c:\documents and settings\Jacques\Application Data\Vso
    2009-01-07 08:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2009-01-02 16:25 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-12-29 16:17 --------- d-----w c:\program files\LimeWire
    2008-12-29 08:50 --------- d-----w c:\documents and settings\Jacques\Application Data\LimeWire
    2008-12-29 07:47 --------- d-----w c:\documents and settings\Jacques\Application Data\uTorrent
    2008-12-28 16:58 --------- d-----w c:\program files\Google
    2008-12-28 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-12-27 15:35 --------- d-----w c:\documents and settings\Jacques\Application Data\vlc
    2008-12-27 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2008-12-19 15:34 --------- d-----w c:\program files\Xvid
    2008-12-18 09:02 --------- d-----w c:\documents and settings\Jacques\Application Data\muvee Technologies
    2008-12-18 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
    2008-12-18 08:39 --------- d-----w c:\program files\iTunes
    2008-12-18 08:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-18 08:38 --------- d-----w c:\program files\QuickTime
    2008-12-18 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2008-12-18 08:30 --------- d-----w c:\program files\Creative
    2008-12-18 08:21 --------- d-----w c:\documents and settings\Jacques\Application Data\Creative
    2008-12-18 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
    2008-12-18 07:21 --------- d-----w c:\program files\Windows Live
    2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Silverlight
    2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Office Outlook Connector
    2008-12-18 07:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
    2008-12-18 07:18 --------- d-----w c:\program files\Windows Live SkyDrive
    2008-12-18 07:18 --------- d-----w c:\program files\Microsoft
    2008-12-17 19:10 --------- d-----w c:\documents and settings\Jacques\Application Data\EPSON
    2008-12-17 09:34 --------- d-----w c:\program files\Fichiers communs\Windows Live
    2008-12-15 09:18 --------- d-----w c:\program files\Activision
    2008-12-14 18:56 --------- d-----w c:\program files\SFR
    2008-12-14 09:17 --------- d-----w c:\program files\Java
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-08 20:20 16,608 ----a-w c:\windows\gdrv.sys
    2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
    2008-12-04 20:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll
    2008-12-04 20:42 815,104 ----a-w c:\windows\system32\xvidcore.dll
    2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
    2008-12-01 05:58 --------- d-----w c:\program files\CyberLink
    2008-12-01 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
    2008-11-28 16:13 --------- d-----w c:\documents and settings\Jacques\Application Data\Winamp
    2008-11-28 15:49 --------- d-----w c:\program files\Fichiers communs\CyberLink
    2008-11-28 15:47 29,480 ----a-w c:\windows\system32\msxml3a.dll
    2008-11-26 00:04 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
    2008-11-24 10:52 --------- d-----w c:\program files\Foxmail
    2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-10-24 13:40 22,328 ----a-w c:\documents and settings\Jacques\Application Data\PnkBstrK.sys
    2008-10-06 18:24 47,360 ----a-w c:\documents and settings\Jacques\Application Data\pcouffin.sys
    2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092920081006\index.dat
    2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101120081012\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2009-01-21_17.28.04,10 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-24 07:50:26 25,488 ----a-w c:\windows\Temp\cteng_1_1_101232741127.dat
    + 2009-01-23 11:16:47 35,952 ----a-w c:\windows\Temp\cteng_1_1_111232704197.dat
    + 2009-01-22 19:07:51 39,524 ----a-w c:\windows\Temp\cteng_1_1_121232596547.dat
    - 2009-01-19 17:30:22 44,456 ----a-w c:\windows\Temp\cteng_1_1_131232384699.dat
    + 2009-01-22 19:07:51 44,456 ----a-w c:\windows\Temp\cteng_1_1_131232384699.dat
    - 2009-01-20 10:25:02 39,484 ----a-w c:\windows\Temp\cteng_1_1_141232446973.dat
    + 2009-01-22 19:07:51 39,484 ----a-w c:\windows\Temp\cteng_1_1_141232446973.dat
    + 2009-01-23 13:05:55 19,792 ----a-w c:\windows\Temp\cteng_1_1_161232715924.dat
    + 2009-01-23 11:16:47 84,976 ----a-w c:\windows\Temp\cteng_1_1_181232708725.dat
    + 2009-01-22 20:14:51 57,416 ----a-w c:\windows\Temp\cteng_1_1_201232655228.dat
    + 2009-01-22 19:07:52 39,340 ----a-w c:\windows\Temp\cteng_1_1_211232638623.dat
    + 2009-01-23 11:16:47 28,780 ----a-w c:\windows\Temp\cteng_1_1_221232705111.dat
    + 2009-01-23 07:09:18 40,360 ----a-w c:\windows\Temp\cteng_1_1_231232694249.dat
    + 2009-01-23 13:46:37 39,136 ----a-w c:\windows\Temp\cteng_1_1_41232718278.dat
    + 2009-01-23 11:16:48 39,224 ----a-w c:\windows\Temp\cteng_1_1_71232703947.dat
    + 2009-01-24 07:50:26 29,224 ----a-w c:\windows\Temp\cteng_1_1_81232733921.dat
    - 2009-01-19 15:29:40 44,864 ----a-w c:\windows\Temp\cteng_1_1_91232376641.dat
    + 2009-01-22 19:07:53 44,864 ----a-w c:\windows\Temp\cteng_1_1_91232376641.dat
    + 2009-01-23 14:22:48 301,844 ----a-w c:\windows\Temp\cteng_1_2_131232719520.dat
    + 2009-01-22 19:07:54 268,692 ----a-w c:\windows\Temp\cteng_1_2_141232622315.dat
    + 2009-01-22 19:07:55 194,468 ----a-w c:\windows\Temp\cteng_1_2_151232613762.dat
    + 2009-01-23 13:36:35 194,164 ----a-w c:\windows\Temp\cteng_1_2_161232717235.dat
    + 2009-01-24 07:50:27 268,552 ----a-w c:\windows\Temp\cteng_1_2_171232771556.dat
    + 2009-01-23 11:16:48 205,492 ----a-w c:\windows\Temp\cteng_1_2_181232708718.dat
    + 2009-01-24 07:50:27 301,668 ----a-w c:\windows\Temp\cteng_1_2_201232749923.dat
    + 2009-01-24 07:50:27 265,180 ----a-w c:\windows\Temp\cteng_1_2_211232781286.dat
    + 2009-01-22 19:07:57 282,940 ----a-w c:\windows\Temp\cteng_1_2_221232629511.dat
    + 2009-01-22 19:07:57 341,400 ----a-w c:\windows\Temp\cteng_1_2_231232643921.dat
    - 2009-01-07 15:27:28 232,896 ----a-w c:\windows\Temp\cteng_1_2_241228086145.dat
    + 2009-01-22 19:07:58 232,896 ----a-w c:\windows\Temp\cteng_1_2_241228086145.dat
    + 2009-01-22 19:07:58 172,704 ----a-w c:\windows\Temp\cteng_1_2_251232562029.dat
    + 2009-01-23 11:16:48 240,304 ----a-w c:\windows\Temp\cteng_1_2_261232701519.dat
    + 2009-01-22 19:07:59 348,592 ----a-w c:\windows\Temp\cteng_1_2_271232608922.dat
    + 2009-01-23 16:20:31 266,564 ----a-w c:\windows\Temp\cteng_1_2_281232726715.dat
    + 2009-01-23 15:21:09 318,396 ----a-w c:\windows\Temp\cteng_1_2_291232723121.dat
    + 2009-01-23 12:18:09 295,344 ----a-w c:\windows\Temp\cteng_1_2_301232712321.dat
    + 2009-01-24 07:50:28 198,808 ----a-w c:\windows\Temp\cteng_1_2_311232744726.dat
    + 2009-01-24 07:50:28 188,616 ----a-w c:\windows\Temp\cteng_1_2_331232777116.dat
    + 2009-01-24 07:50:28 203,796 ----a-w c:\windows\Temp\cteng_1_2_341232774337.dat
    + 2009-01-23 13:46:37 230,512 ----a-w c:\windows\Temp\cteng_1_2_41232718276.dat
    + 2009-01-23 11:16:50 225,840 ----a-w c:\windows\Temp\cteng_1_2_71232703944.dat
    - 2009-01-07 15:27:31 50,948 ----a-w c:\windows\Temp\cteng_3_2_11231224990.dat
    + 2009-01-22 19:08:02 50,948 ----a-w c:\windows\Temp\cteng_3_2_11231224990.dat
    - 2009-01-07 15:27:31 16,804 ----a-w c:\windows\Temp\cteng_8_2_11223394495.dat
    + 2009-01-22 19:08:02 16,804 ----a-w c:\windows\Temp\cteng_8_2_11223394495.dat
    - 2009-01-07 15:27:31 12,320 ----a-w c:\windows\Temp\cteng_8_2_21231227908.dat
    + 2009-01-22 19:08:02 12,320 ----a-w c:\windows\Temp\cteng_8_2_21231227908.dat
    + 2009-01-24 06:54:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_164.dat
    + 2009-01-24 06:54:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_604.dat
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
    "Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
    "Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-09-28 1396736]
    "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
    "Foxmail"="c:\program files\Foxmail\Foxmail.exe" [2004-08-02 3272704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
    "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
    -ra------ 2008-04-11 19:50 347648 c:\documents and settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    --a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
    "c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
    "c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
    "c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "53773:TCP"= 53773:TCP:emule tcp
    "16399:UDP"= 16399:UDP:emule udp

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-27 22272]
    R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-27 68424]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-30 93696]
    R3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-08-15 1407976]
    R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-27 48712]
    R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-27 32328]
    R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
    R4 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904]
    R4 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
    R4 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
    R4 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-27 51016]
    S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
    S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-02 14336]
    S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-02 13312]
    S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-12-18 93056]
    S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-12-18 4992]
    S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-12-18 179328]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-14 98488]
    S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
    S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
    \Shell\AutoRun\command - J:\Launch.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-24 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel
    FF - ProfilePath - c:\documents and settings\Jacques\Application Data\Mozilla\Firefox\Profiles\4z3izwmv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Yoog Search
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.magentic.com/
    FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
    =);
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-24 09:07:35
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1960408961-117609710-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:70,cd,3d,9f,fb,04,c1,88,c0,3e,16,1e,95,be,42,cc,fa,39,1c,35,e6,
    2d,56,91,6c,33,af,ce,f6,84,81,11,ec,51,3a,92,4c,df,b4,99,e4,d6,00,b8,34,a8,\
    "rkeysecu"=hex:90,35,3a,83,0b,f6,a1,91,59,e3,93,c8,c6,aa,5b,5e

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:fa,1f,4e,6a,ec,41,da,68,df,fc,f3,f4,de,48,a5,31,bb,39,42,b8,86,
    01,c2,3b,5b,da,78,a1,ba,6d,f1,8d,29,20,7d,eb,8e,55,d4,52,64,e4,9c,d9,a3,d9,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG06.00.00.01WORKSTATION"="55B7733310162CB888C7860131300449D1A069E7434D25A4272B8D9A8E07EE98BB6238A8497947BEF678953B72B4D239B78CA1D8842E8B0068E8E3BA6B511FBF61D7F1B5D3981EC9238550AFC7B57E13547293A59AD0E93E1B755B42A54D6240C04F1D05D3A82D09A1CD397981E318C679FAE47AA27C86B270E1628C47F953EB85640CC36005836EBD15A6B5E2134388ADB211862FA0376ECAA5387BCE0020D71013612305AC442FF382C088A4B9B94DAC0AE57E42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407789133A894319A28CE3858370EDD2A2F47931148E4143B99EAC0FA1F699C57B512EC513F7435EFAA569A25B6977BA3A60E2C302DE2AA95DCCD4A304BB39BD0508D0F56709CA2C4F14B0D46305039478BCC17A5302B712BFC60E838C6434268C741148FF00A9D536D7CBEC9967D5C5F1BEC38E0A06F75F925C4D7055AD281ED542A29902A211ADA025EF48411CD81BC867C0B1502C41581734064CA89001E301FE3142FBA2BE21D0707088C79519532F1AA1B3B0D2586C7F83DF003074E328649332A84F250956148B364BCDDFADB18F74D8A102CECCE553D4AF3EA3C23A84BE500D7EFD82324F185C30AB482A56ACA24DD0E9200DDCB353917788344C9435AF9D31B122695D21EF33C0C575C8C2E287778EE86DA1E2CF95C7B1B92F26F969682DC89D2487D3EB8BA43144C164EE315685D8B764436743706718F20C8A80B66EDEFC7DB6019D11775A6DEFD8F729FF7DE73D3ABF7157B068E151C7901695F311E82149AC386CF143654BB1CD8DF473EB7C14DB7E60A6E02BFAA9AB0078DA165EB303B417D49CE8FFEE10F99BB6216D5C47692EEB24B4B4DD595799A7B53387521B620C64948B6EBC785D0ADAFAB1A34CA614FE93373678C05E1B9CFB35C5B57FD7ABCE49ACF480F7E9D0F54E4CE38CE02F74583757DE9E6F13D73AE37B0188334029999158E13648028674BBD45A42318D2CADB374DCD8A387850D74239CFF76BF8D8A713977D5A25C91096D0EA6B31AEAF47D76C27E427E30A8E2F47C335B6BD2C2B94A16341E231C9CF7C6781EA7AD96E3920BDB4D071F78B01DEE80553453C10D7AA83CD6BF4E2940589812BD5882414B12085028AA26A3B0CD3001285ADE7BABC78AC145F0CE8B91E8BD1F034E5874B5508D282DDF6A5FA2D401965FD7CB86847CFC7DAD126686D21963DC05FA2F75EDECB6A8A6A2F07D06F18F5DC40431AF57AC532AACCC5F787A4015F6986525A3F9A244353231061E5F6150ABBA4996A676EB6FC6C2E72268354E60820AC0D0504690D89FAD162F90978B37E2859977CE4CD3FED72A735EF0273A7B67CA76E48E3C1C69C8210720BAC40B5"

    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:c5,20,54,f3,8a,c4,b9,7c,43,ed,04,81,39,df,4c,0d,b0,38,34,9a,85,
    f1,ad,a4,17,a6,76,aa,18,8c,73,f1,58,ad,64,0c,51,f6,0b,17,79,65,c6,db,0d,1e,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(884)
    c:\windows\system32\Ati2evxx.dll
    .
    Heure de fin: 2009-01-24 9:10:06
    ComboFix-quarantined-files.txt 2009-01-24 08:09:09
    ComboFix2.txt 2009-01-22 18:18:00
    ComboFix3.txt 2009-01-21 16:29:14
    ComboFix4.txt 2009-01-10 16:37:30
    ComboFix5.txt 2009-01-24 08:04:59

    Avant-CF: 29 584 801 792 octets libres
    Après-CF: 30,002,925,568 octets libres

    377 --- E O F --- 2009-01-15 08:41:14
    a b 8 Sécurité
    24 Janvier 2009 14:00:17

    Tu peux essayer de désinstaller Firefox en ne conservant pas les paramètres et le réinstaller ?
    24 Janvier 2009 15:06:00

    c'est fait j'ai désinstaller et reinstallé firfox
    a b 8 Sécurité
    24 Janvier 2009 19:00:46

    Refais un scan Combofix pour voir.
    25 Janvier 2009 20:16:38

    ComboFix 09-01-21.04 - Jacques 2009-01-25 18:20:07.6 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3326.2325 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Jacques\Mes documents\TELECHARGEMENT\ComboFix\ComboFix.exe
    AV: G DATA TotalCare 2009 *On-access scanning disabled* (Updated)
    FW: Pare-feu personnel G DATA *disabled*
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\IEToolbar
    c:\program files\IEToolbar\ECO Bar\basis.xml
    c:\program files\IEToolbar\ECO Bar\ecobar.dll
    c:\program files\IEToolbar\ECO Bar\icons.bmp
    c:\program files\IEToolbar\ECO Bar\info.txt
    c:\program files\IEToolbar\ECO Bar\tbhelper.dll
    c:\program files\IEToolbar\ECO Bar\uninstall.exe
    c:\program files\IEToolbar\ECO Bar\version.txt
    c:\program files\IEToolbar\ECO Bar\your_logo.png
    c:\windows\system32\bmebuqjhloygkrxtf.dll
    c:\windows\system32\d3dx9_30323232323232323232323232323232323232.dll
    c:\windows\system32\d3dx9_3032323232323232323232323232323232323232.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-25 au 2009-01-25 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-24 23:41 . 2009-01-24 23:41 135,168 --a------ c:\windows\system32\d3dx9_303232323232323232323232323232323232.dll
    2009-01-24 23:41 . 2009-01-24 23:41 135,168 --a------ c:\windows\system32\d3dx9_3032323232323232323232323232323232.dll
    2009-01-24 23:41 . 2009-01-24 23:41 135,168 --a------ c:\windows\system32\d3dx9_30323232323232323232323232323232.dll
    2009-01-24 23:41 . 2009-01-24 23:41 135,168 --a------ c:\windows\system32\d3dx9_303232323232323232323232323232.dll
    2009-01-24 23:28 . 2009-01-24 23:28 135,168 --a------ c:\windows\system32\dssec3232.dll
    2009-01-24 23:28 . 2009-01-24 23:28 135,168 --a------ c:\windows\system32\dsound3232.dll
    2009-01-24 23:27 . 2009-01-24 23:27 135,168 --a------ c:\windows\system32\dsprpres323232.dll
    2009-01-24 23:25 . 2009-01-24 23:25 1,462,272 --a------ c:\windows\system32\hlihrspp.exe
    2009-01-24 23:25 . 2009-01-24 23:25 478,208 --a------ c:\windows\rgmonsvc.exe
    2009-01-24 23:25 . 2009-01-24 23:25 10,752 --a------ c:\windows\dbrxl0138.exe
    2009-01-24 23:25 . 2009-01-24 23:25 1,383 --a------ c:\windows\uxvck78043.exe
    2009-01-24 23:25 . 2009-01-24 23:25 1,375 --a------ c:\windows\egru5771.exe
    2009-01-24 23:24 . 2009-01-24 23:24 <REP> d-------- c:\program files\runit
    2009-01-24 23:24 . 2009-01-24 23:24 905,670 --a------ c:\windows\gromr3646.exe
    2009-01-24 23:24 . 2009-01-24 23:24 195,355 --a------ c:\windows\geml27870.exe
    2009-01-24 23:24 . 2009-01-24 23:24 85,293 --a------ c:\windows\system32\cont_adsoftinc-remove.exe
    2009-01-24 23:24 . 2009-01-24 23:24 69,697 --a------ c:\windows\jaeed8785.exe
    2009-01-24 23:24 . 2009-01-24 23:24 47,578 --a------ c:\windows\system32\dezignojeth.exe
    2009-01-24 23:24 . 2009-01-24 23:24 1,342 --a------ c:\windows\egmrd1737.exe
    2009-01-24 23:20 . 2009-01-24 23:26 102,219 --a------ c:\windows\system32\cont_precisead-remove.exe
    2009-01-21 18:04 . 2009-01-21 18:04 <REP> d-------- c:\program files\Magentic
    2009-01-21 18:04 . 2008-08-04 09:51 750,984 --a------ c:\windows\system32\Magentic Screensaver.scr
    2009-01-20 16:18 . 2009-01-20 16:18 <REP> d-------- C:\_OTMoveIt
    2009-01-20 13:22 . 2009-01-20 13:22 <REP> d-------- c:\documents and settings\All Users\Application Data\IM
    2009-01-20 13:21 . 2009-01-23 14:01 <REP> d-------- c:\program files\IncrediMail
    2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
    2009-01-20 09:20 . 2009-01-20 09:21 <REP> d-------- C:\rsit
    2009-01-20 08:11 . 2009-01-25 18:06 4,074 --a------ c:\windows\system32\OODBS.lor
    2009-01-19 22:22 . 2009-01-19 22:22 109 --a------ c:\windows\oodcnt.INI
    2009-01-19 18:02 . 2009-01-19 18:02 <REP> d-------- c:\windows\system32\oodag
    2009-01-19 17:19 . 2009-01-19 17:19 <REP> d-------- c:\program files\OO Software
    2009-01-19 10:40 . 2009-01-19 10:40 <REP> d-------- c:\program files\Defraggler
    2009-01-18 12:29 . 2009-01-18 12:29 <REP> d-------- c:\program files\Dfx
    2009-01-18 12:29 . 2009-01-18 12:29 274,432 --a------ c:\windows\system32\dfxg11.dll
    2009-01-18 12:25 . 2009-01-18 12:25 <REP> d-------- c:\program files\Uniblue
    2009-01-14 11:22 . 2009-01-14 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
    2009-01-14 09:54 . 2009-01-14 09:54 <REP> d-------- c:\windows\system32\Kaspersky Lab
    2009-01-14 09:50 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
    2009-01-14 09:50 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
    2009-01-14 09:50 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
    2009-01-14 09:50 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
    2009-01-14 09:50 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
    2009-01-14 09:50 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
    2009-01-14 09:50 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
    2009-01-14 09:43 . 2009-01-14 09:43 <REP> d-------- c:\program files\SiSoftware
    2009-01-12 09:39 . 2009-01-12 09:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Vocal Transformer
    2009-01-12 09:32 . 2009-01-13 11:39 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
    2009-01-11 15:05 . 2009-01-11 15:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Documentation
    2009-01-11 15:01 . 2009-01-20 10:45 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdy.DAT
    2009-01-11 13:56 . 2009-01-11 13:56 0 --a------ c:\windows\ViewNX.INI
    2009-01-11 13:32 . 2009-01-11 13:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Database
    2009-01-11 13:32 . 2009-01-11 18:37 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
    2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
    2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Nikon
    2009-01-11 13:26 . 2009-01-11 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Commands
    2009-01-11 13:26 . 2009-01-11 13:53 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
    2009-01-11 13:10 . 2009-01-12 09:32 <REP> d-------- c:\program files\Nikon
    2009-01-11 13:10 . 2009-01-20 10:43 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLeh.DAT
    2009-01-11 11:01 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
    2009-01-11 11:01 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
    2009-01-10 19:02 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\Jacques\Application Data\Babylon
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\Jacques\Application Data\Malwarebytes
    2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-07 16:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-07 16:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-07 09:42 . 2009-01-07 09:42 <REP> d-------- c:\documents and settings\Jacques\Application Data\TuneUp Software
    2009-01-07 09:42 . 2009-01-07 09:42 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
    2009-01-07 09:42 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
    2009-01-07 09:41 . 2009-01-07 09:45 <REP> d-------- c:\program files\TuneUp Utilities 2008
    2009-01-07 09:41 . 2009-01-07 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-01-07 09:30 . 2009-01-07 09:30 <REP> d-------- c:\program files\AxBx
    2009-01-06 18:29 . 2009-01-06 18:29 679,424 --a------ c:\windows\system32\nsf26.dll
    2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\program files\JAM Software
    2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\documents and settings\Jacques\Application Data\JAM Software
    2009-01-03 12:34 . 2009-01-18 10:04 156 --a------ c:\windows\Twunk001.MTX
    2009-01-03 12:34 . 2009-01-18 10:04 5 --a------ c:\windows\Twain001.Mtx
    2009-01-03 12:34 . 2009-01-03 12:34 0 --a------ c:\windows\Twunk002.MTX
    2009-01-03 10:15 . 2009-01-09 15:31 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe
    2009-01-03 10:15 . 2009-01-03 10:15 68,513 --a------ c:\windows\system32\pujaruyrydgs.dll-uninst.exe
    2009-01-03 10:15 . 2009-01-03 10:15 47,576 --a------ c:\windows\system32\rmnajrfcoebsfdb.exe
    2009-01-02 13:46 . 2009-01-02 17:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\PixVue
    2009-01-02 08:28 . 2008-04-01 13:23 118,520 --------- c:\windows\system32\pxinsi64.exe
    2009-01-02 08:28 . 2008-04-01 13:23 118,056 --------- c:\windows\system32\pxcpyi64.exe
    2008-12-28 09:08 . 2008-12-28 09:08 0 --a------ c:\windows\nsreg.dat
    2008-12-28 08:41 . 2008-12-28 08:41 <REP> d-------- c:\documents and settings\Jacques\Application Data\Windows Live Writer
    2008-12-27 19:31 . 2008-12-27 19:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\Fichiers communs\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\ACD Systems
    2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
    2008-12-27 16:55 . 2009-01-17 09:28 <REP> d-------- c:\program files\Incomplete
    2008-12-27 16:32 . 2008-12-27 16:32 68,424 --a------ c:\windows\system32\drivers\GRD.sys
    2008-12-27 16:30 . 2009-01-25 11:45 130,113,568 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2008-12-27 16:30 . 2009-01-25 18:22 1,726,496 --ahs---- c:\windows\system32\drivers\fidbox2.dat
    2008-12-27 16:30 . 2009-01-25 11:45 1,512,776 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2008-12-27 16:30 . 2009-01-25 11:45 169,688 --ahs---- c:\windows\system32\drivers\fidbox2.idx
    2008-12-27 16:04 . 2008-12-27 16:25 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys
    2008-12-27 16:04 . 2008-12-27 16:25 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
    2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\G DATA
    2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\Fichiers communs\G DATA
    2008-12-27 16:03 . 2008-12-27 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
    2008-12-27 16:03 . 2008-12-29 08:48 <REP> d--hs---- C:\#GDATA.Trash.Store#
    2008-12-27 16:03 . 2008-12-27 16:31 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
    2008-12-27 16:03 . 2008-12-27 16:03 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-24 22:10 --------- d-----w c:\program files\eMule
    2009-01-18 11:29 --------- d-----w c:\program files\Winamp
    2009-01-18 11:25 --------- d-----w c:\documents and settings\Jacques\Application Data\Uniblue
    2009-01-18 10:46 --------- d-----w c:\program files\Bonjour
    2009-01-15 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-12 08:37 --------- d-----w c:\documents and settings\Jacques\Application Data\Nikon
    2009-01-12 08:33 --------- d-----w c:\program files\Fichiers communs\Nikon
    2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
    2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
    2009-01-11 12:11 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-11 09:30 --------- d-----w c:\documents and settings\Jacques\Application Data\Vso
    2009-01-07 08:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2009-01-02 16:25 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-12-29 16:17 --------- d-----w c:\program files\LimeWire
    2008-12-29 08:50 --------- d-----w c:\documents and settings\Jacques\Application Data\LimeWire
    2008-12-29 07:47 --------- d-----w c:\documents and settings\Jacques\Application Data\uTorrent
    2008-12-28 16:58 --------- d-----w c:\program files\Google
    2008-12-28 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-12-27 15:35 --------- d-----w c:\documents and settings\Jacques\Application Data\vlc
    2008-12-27 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2008-12-19 15:34 --------- d-----w c:\program files\Xvid
    2008-12-18 09:02 --------- d-----w c:\documents and settings\Jacques\Application Data\muvee Technologies
    2008-12-18 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
    2008-12-18 08:39 --------- d-----w c:\program files\iTunes
    2008-12-18 08:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-18 08:38 --------- d-----w c:\program files\QuickTime
    2008-12-18 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2008-12-18 08:30 --------- d-----w c:\program files\Creative
    2008-12-18 08:21 --------- d-----w c:\documents and settings\Jacques\Application Data\Creative
    2008-12-18 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
    2008-12-18 07:21 --------- d-----w c:\program files\Windows Live
    2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Silverlight
    2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Office Outlook Connector
    2008-12-18 07:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
    2008-12-18 07:18 --------- d-----w c:\program files\Windows Live SkyDrive
    2008-12-18 07:18 --------- d-----w c:\program files\Microsoft
    2008-12-17 19:10 --------- d-----w c:\documents and settings\Jacques\Application Data\EPSON
    2008-12-17 09:34 --------- d-----w c:\program files\Fichiers communs\Windows Live
    2008-12-15 09:18 --------- d-----w c:\program files\Activision
    2008-12-14 18:56 --------- d-----w c:\program files\SFR
    2008-12-14 09:17 --------- d-----w c:\program files\Java
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-08 20:20 16,608 ----a-w c:\windows\gdrv.sys
    2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
    2008-12-04 20:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll
    2008-12-04 20:42 815,104 ----a-w c:\windows\system32\xvidcore.dll
    2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
    2008-12-01 05:58 --------- d-----w c:\program files\CyberLink
    2008-12-01 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
    2008-11-28 16:13 --------- d-----w c:\documents and settings\Jacques\Application Data\Winamp
    2008-11-28 15:49 --------- d-----w c:\program files\Fichiers communs\CyberLink
    2008-11-28 15:47 29,480 ----a-w c:\windows\system32\msxml3a.dll
    2008-11-26 00:04 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
    2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-10-24 13:40 22,328 ----a-w c:\documents and settings\Jacques\Application Data\PnkBstrK.sys
    2008-10-06 18:24 47,360 ----a-w c:\documents and settings\Jacques\Application Data\pcouffin.sys
    2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2009-01-06 17:29 650,240 ----a-w c:\program files\mozilla firefox\components\nsadsoftinc.dll
    2008-10-07 13:19 366,592 ----a-w c:\program files\mozilla firefox\components\nsprecisead.dll
    2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092920081006\index.dat
    2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101120081012\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2009-01-24_ 9.08.07,35 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-24 20:58:45 27,280 ----a-w c:\windows\Temp\cteng_1_1_101232830728.dat
    + 2009-01-24 16:57:57 36,040 ----a-w c:\windows\Temp\cteng_1_1_121232813119.dat
    + 2009-01-24 18:58:28 35,908 ----a-w c:\windows\Temp\cteng_1_1_141232820321.dat
    + 2009-01-24 18:58:31 31,964 ----a-w c:\windows\Temp\cteng_1_1_161232823341.dat
    + 2009-01-24 09:28:26 45,564 ----a-w c:\windows\Temp\cteng_1_1_181232787925.dat
    + 2009-01-25 17:18:00 36,648 ----a-w c:\windows\Temp\cteng_1_1_231232899528.dat
    + 2009-01-25 10:42:58 39,224 ----a-w c:\windows\Temp\cteng_1_1_71232875626.dat
    + 2009-01-25 17:18:00 41,596 ----a-w c:\windows\Temp\cteng_1_1_81232889118.dat
    + 2009-01-25 10:42:59 321,712 ----a-w c:\windows\Temp\cteng_1_2_131232877801.dat
    + 2009-01-25 17:18:00 221,364 ----a-w c:\windows\Temp\cteng_1_2_141232881524.dat
    + 2009-01-25 17:18:01 156,108 ----a-w c:\windows\Temp\cteng_1_2_161232903129.dat
    + 2009-01-25 10:42:59 225,892 ----a-w c:\windows\Temp\cteng_1_2_171232877929.dat
    + 2009-01-25 17:18:01 156,884 ----a-w c:\windows\Temp\cteng_1_2_181232899551.dat
    + 2009-01-25 17:18:01 198,280 ----a-w c:\windows\Temp\cteng_1_2_201232890744.dat
    + 2009-01-25 17:18:02 270,356 ----a-w c:\windows\Temp\cteng_1_2_221232888732.dat
    + 2009-01-24 11:29:01 308,608 ----a-w c:\windows\Temp\cteng_1_2_231232795127.dat
    + 2009-01-25 10:43:00 133,292 ----a-w c:\windows\Temp\cteng_1_2_251232863527.dat
    + 2009-01-24 14:57:12 285,732 ----a-w c:\windows\Temp\cteng_1_2_271232805924.dat
    + 2009-01-25 10:43:00 241,696 ----a-w c:\windows\Temp\cteng_1_2_281232870726.dat
    + 2009-01-25 10:43:01 332,996 ----a-w c:\windows\Temp\cteng_1_2_291232879169.dat
    + 2009-01-24 10:28:43 271,864 ----a-w c:\windows\Temp\cteng_1_2_301232791518.dat
    + 2009-01-25 10:43:01 177,508 ----a-w c:\windows\Temp\cteng_1_2_311232831130.dat
    + 2009-01-25 10:43:02 198,124 ----a-w c:\windows\Temp\cteng_1_2_331232873802.dat
    + 2009-01-25 17:18:02 111,888 ----a-w c:\windows\Temp\cteng_1_2_341232895934.dat
    + 2009-01-25 10:43:02 276,436 ----a-w c:\windows\Temp\cteng_1_2_71232875624.dat
    + 2009-01-25 17:07:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_704.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{945aa210-3579-d1c7-bff3-f8e0d7da8d53}]
    2009-01-06 18:29 679424 --a------ c:\windows\system32\nsf26.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
    "Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
    "Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-09-28 1396736]
    "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
    "Foxmail"="c:\program files\Foxmail\Foxmail.exe" [2004-08-02 3272704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
    "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
    Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
    -ra------ 2008-04-11 19:50 347648 c:\documents and settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    --a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
    "c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
    "c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
    "c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "53773:TCP"= 53773:TCP:emule tcp
    "16399:UDP"= 16399:UDP:emule udp

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-27 22272]
    R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-27 68424]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-30 93696]
    R3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-08-15 1407976]
    R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-27 48712]
    R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-27 32328]
    R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
    R4 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904]
    R4 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
    R4 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
    R4 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-27 51016]
    S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
    S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-02 14336]
    S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-02 13312]
    S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-12-18 93056]
    S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-12-18 4992]
    S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-12-18 179328]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-14 98488]
    S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
    S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
    \Shell\AutoRun\command - J:\Launch.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-25 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{E639E9C3-ADB4-61D9-262B-0624B2AC2AEC} - c:\windows\system32\bmebuqjhloygkrxtf.dll


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel
    FF - ProfilePath - c:\documents and settings\Jacques\Application Data\Mozilla\Firefox\Profiles\qn6y59q6.default\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-25 18:22:28
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1960408961-117609710-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:70,cd,3d,9f,fb,04,c1,88,c0,3e,16,1e,95,be,42,cc,fa,39,1c,35,e6,
    2d,56,91,6c,33,af,ce,f6,84,81,11,ec,51,3a,92,4c,df,b4,99,e4,d6,00,b8,34,a8,\
    "rkeysecu"=hex:90,35,3a,83,0b,f6,a1,91,59,e3,93,c8,c6,aa,5b,5e

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:fa,1f,4e,6a,ec,41,da,68,df,fc,f3,f4,de,48,a5,31,bb,39,42,b8,86,
    01,c2,3b,5b,da,78,a1,ba,6d,f1,8d,29,20,7d,eb,8e,55,d4,52,64,e4,9c,d9,a3,d9,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG06.00.00.01WORKSTATION"="55B7733310162CB888C7860131300449D1A069E7434D25A4272B8D9A8E07EE98BB6238A8497947BEF678953B72B4D239B78CA1D8842E8B0068E8E3BA6B511FBF61D7F1B5D3981EC9238550AFC7B57E13547293A59AD0E93E1B755B42A54D6240C04F1D05D3A82D09A1CD397981E318C679FAE47AA27C86B270E1628C47F953EB85640CC36005836EBD15A6B5E2134388ADB211862FA0376ECAA5387BCE0020D71013612305AC442FF382C088A4B9B94DAC0AE57E42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407789133A894319A28CE3858370EDD2A2F47931148E4143B99EAC0FA1F699C57B512EC513F7435EFAA569A25B6977BA3A60E2C302DE2AA95DCCD4A304BB39BD0508D0F56709CA2C4F14B0D46305039478BCC17A5302B712BFC60E838C6434268C741148FF00A9D536D7CBEC9967D5C5F1BEC38E0A06F75F925C4D7055AD281ED542A29902A211ADA025EF48411CD81BC867C0B1502C41581734064CA89001E301FE3142FBA2BE21D0707088C79519532F1AA1B3B0D2586C7F83DF003074E328649332A84F250956148B364BCDDFADB18F74D8A102CECCE553D4AF3EA3C23A84BE500D7EFD82324F185C30AB482A56ACA24DD0E9200DDCB353917788344C9435AF9D31B122695D21EF33C0C575C8C2E287778EE86DA1E2CF95C7B1B92F26F969682DC89D2487D3EB8BA43144C164EE315685D8B764436743706718F20C8A80B66EDEFC7DB6019D11775A6DEFD8F729FF7DE73D3ABF7157B068E151C7901695F311E82149AC386CF143654BB1CD8DF473EB7C14DB7E60A6E02BFAA9AB0078DA165EB303B417D49CE8FFEE10F99BB6216D5C47692EEB24B4B4DD595799A7B53387521B620C64948B6EBC785D0ADAFAB1A34CA614FE93373678C05E1B9CFB35C5B57FD7ABCE49ACF480F7E9D0F54E4CE38CE02F74583757DE9E6F13D73AE37B0188334029999158E13648028674BBD45A42318D2CADB374DCD8A387850D74239CFF76BF8D8A713977D5A25C91096D0EA6B31AEAF47D76C27E427E30A8E2F47C335B6BD2C2B94A16341E231C9CF7C6781EA7AD96E3920BDB4D071F78B01DEE80553453C10D7AA83CD6BF4E2940589812BD5882414B12085028AA26A3B0CD3001285ADE7BABC78AC145F0CE8B91E8BD1F034E5874B5508D282DDF6A5FA2D401965FD7CB86847CFC7DAD126686D21963DC05FA2F75EDECB6A8A6A2F07D06F18F5DC40431AF57AC532AACCC5F787A4015F6986525A3F9A244353231061E5F6150ABBA4996A676EB6FC6C2E72268354E60820AC0D0504690D89FAD162F90978B37E2859977CE4CD3FED72A735EF0273A7B67CA76E48E3C1C69C8210720BAC40B5"

    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:c5,20,54,f3,8a,c4,b9,7c,43,ed,04,81,39,df,4c,0d,b0,38,34,9a,85,
    f1,ad,a4,17,a6,76,aa,18,8c,73,f1,58,ad,64,0c,51,f6,0b,17,79,65,c6,db,0d,1e,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(880)
    c:\windows\system32\Ati2evxx.dll
    .
    Heure de fin: 2009-01-25 18:24:10
    ComboFix-quarantined-files.txt 2009-01-25 17:24:08
    ComboFix2.txt 2009-01-24 08:10:07
    ComboFix3.txt 2009-01-22 18:18:00
    ComboFix4.txt 2009-01-21 16:29:14
    ComboFix5.txt 2009-01-25 17:19:18

    Avant-CF: 20 878 733 312 octets libres
    Après-CF: 20,958,277,632 octets libres

    389 --- E O F --- 2009-01-15 08:41:14
    a b 8 Sécurité
    26 Janvier 2009 19:47:27

    Re,

    Analyse le fichier suivant sur VirusTotal puis poste le rapport :
    d3dx9_303232323232323232323232323232323232.dll
    27 Janvier 2009 10:33:08

    j'ai fais cette opération sans succès "apparement" le site analyse ce fichier depuis 2 heures....es-ce Normal ?
    Je refais une tentative
    a b 8 Sécurité
    27 Janvier 2009 13:16:01

    Euh nan. Recommence pour voir.
    27 Janvier 2009 15:44:11

    Pareil ! rien ne bouge et cela fait des heures que ça tourne...
    Que faire?
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS