Votre question

Problème avec mon ordi pub intenpestif + soit disant virus

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Novembre 2008 20:08:32

Bonjour à tous pour ceux qui me viendront en aide.
Mon problème le voici j'ai formaté mon ordi plusieurs fois cela aller mieux or voici depuis aujourd'hui un message avec une croix rouge dans la barre à coté de l'heure se met :" your computer is infected!!"
Pourtant j'ai spybot et je ne peux même pas installer AVG.
Je ne peux pas également faire une restauration antérieure.

HELP aidez moi please :bounce:  :bounce: 

Autres pages sur : probleme ordi pub intenpestif disant virus

1 Novembre 2008 20:36:32

Bonsoir,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    2 Novembre 2008 12:12:28

    Merci j'ai lu des forums et une fois hijackthis sur mon bureau impossible de l'ouvrir rien a faire. Donc c'est pour ca que j'ai poster un message.
    Contenus similaires
    2 Novembre 2008 12:18:27

    Re,

    Impossible, tu as un message d'erreur ? Si oui, lequel ?
    2 Novembre 2008 12:25:02

    Non justement la page s'ouvre je clique sur excécuter mais ensuite rien !!!
    En plu maintenant j'ai une page internet virusremorver qui s'ouvre.
    Que dois-je faire????
    2 Novembre 2008 12:26:27

    Bizarre, que tu n'aies rien...

    Télécharge random's system information tool (RSIT) (de random/random) et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT    .
  • Clique Continue  à l'écran Disclaimer    .
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de  log.txt  (<<qui sera affiché)
    ainsi que de info.txt  (<<qui sera réduit dans la Barre des Tâche)
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit  
  • Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.
    2 Novembre 2008 12:32:55

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Compaq_Propriétaire at 2008-11-02 12:32:05
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 220 GB (95%) free of 232 GB
    Total RAM: 446 MB (28% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:32:14, on 02/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe
    C:\Program Files\trend micro\Compaq_Propriétaire.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {30F893D5-DF15-4C74-8397-0DE46A084C42} - C:\WINDOWS\system32\qoMfgEXq.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5A796189-8AA1-4F48-9342-A063494F8F59} - (no file)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O2 - BHO: (no name) - {FBFD382A-AC6E-4EB7-8944-F97D358B378D} - C:\WINDOWS\system32\hgGayawV.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [407323ce] rundll32.exe "C:\WINDOWS\system32\vvtyxsmo.dll",b
    O4 - HKLM\..\Run: [NIS] "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\IXP000.TMP\NIS09EN.exe" /RELAUNCH /RUNONCE /NOPROMPT /PATH "C:\Program Files\Norton Internet Security\Norton Internet Security"
    O4 - HKLM\..\Run: [brastk] brastk.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O20 - AppInit_DLLs: karna.dat
    O20 - Winlogon Notify: hgGayawV - C:\WINDOWS\SYSTEM32\hgGayawV.dll
    O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    --
    End of file - 6259 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Connexion facile à Internet.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F893D5-DF15-4C74-8397-0DE46A084C42}]
    C:\WINDOWS\system32\qoMfgEXq.dll [2008-11-01 244224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A796189-8AA1-4F48-9342-A063494F8F59}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}]
    C:\WINDOWS\system32\hgGayawV.dll [2008-10-31 33280]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2436160]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
    "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-14 344064]
    "AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
    "PCDrProfiler"= []
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
    "KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
    "407323ce"=C:\WINDOWS\system32\vvtyxsmo.dll [2008-11-01 69120]
    "NIS"=C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\IXP000.TMP\NIS09EN.exe /RELAUNCH /RUNONCE /NOPROMPT /PATH C:\Program Files\Norton Internet Security\Norton Internet Security []
    "brastk"=C:\WINDOWS\system32\brastk.exe [2008-11-02 10240]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-10-24 171448]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "brastk"=C:\WINDOWS\system32\brastk.exe [2008-11-02 10240]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="karna.dat"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2005-08-14 46080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGayawV]
    C:\WINDOWS\system32\hgGayawV.dll [2008-10-31 33280]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{FBFD382A-AC6E-4EB7-8944-F97D358B378D}"=C:\WINDOWS\system32\hgGayawV.dll [2008-10-31 33280]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    C:\WINDOWS\system32\qoMfgEXq

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======List of files/folders created in the last 3 months======

    2008-11-02 12:32:05 ----D---- C:\rsit
    2008-11-01 22:29:59 ----D---- C:\Program Files\Lavasoft
    2008-11-01 22:29:48 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-11-01 21:17:55 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-11-01 20:16:44 ----A---- C:\HijackThis.exe
    2008-11-01 19:54:12 ----D---- C:\Program Files\Trend Micro
    2008-11-01 18:52:44 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-11-01 18:52:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-01 18:18:14 ----D---- C:\Program Files\AxBx
    2008-11-01 18:04:48 ----A---- C:\WINDOWS\system32\yayvTnmJ.dll
    2008-11-01 18:04:48 ----A---- C:\WINDOWS\system32\tuvTkiJA.dll
    2008-11-01 17:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
    2008-11-01 17:12:09 ----D---- C:\Program Files\NortonInstaller
    2008-11-01 17:12:09 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    2008-11-01 17:11:37 ----SH---- C:\WINDOWS\system32\omsxytvv.ini
    2008-11-01 17:11:37 ----A---- C:\WINDOWS\system32\vvtyxsmo.dll
    2008-11-01 17:11:36 ----A---- C:\WINDOWS\system32\mgqnuo.dll
    2008-11-01 17:11:36 ----A---- C:\WINDOWS\system32\cafwxgbn.dll
    2008-11-01 17:01:08 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\AVGTOOLBAR
    2008-11-01 17:00:58 ----D---- C:\Program Files\AVG
    2008-11-01 17:00:58 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2008-11-01 13:57:58 ----A---- C:\WINDOWS\system32\wini10791.exe
    2008-11-01 13:57:27 ----A---- C:\WINDOWS\brastk.exe
    2008-11-01 13:55:46 ----A---- C:\WINDOWS\system32\brastk.exe
    2008-11-01 09:29:43 ----SH---- C:\WINDOWS\system32\qrivcxwq.ini
    2008-11-01 09:29:37 ----A---- C:\WINDOWS\system32\txrtnh.dll
    2008-11-01 09:29:37 ----A---- C:\WINDOWS\system32\muugbplp.dll
    2008-11-01 09:29:11 ----A---- C:\WINDOWS\system32\4b50e7b0-.txt
    2008-11-01 09:28:44 ----ASH---- C:\WINDOWS\system32\qXEgfMoq.ini2
    2008-11-01 09:28:43 ----ASH---- C:\WINDOWS\system32\qXEgfMoq.ini
    2008-11-01 09:28:38 ----A---- C:\WINDOWS\system32\qoMfgEXq.dll
    2008-10-31 21:14:05 ----A---- C:\WINDOWS\system32\urqRKCrP.dll
    2008-10-31 21:14:05 ----A---- C:\WINDOWS\system32\hgGayawV.dll
    2008-10-27 20:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2008-10-27 08:00:20 ----D---- C:\WINDOWS\Prefetch
    2008-10-26 19:11:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-10-26 19:11:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-26 19:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-10-26 19:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-26 19:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-26 19:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-10-26 19:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-10-26 19:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-10-26 19:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-10-26 19:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-10-26 19:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-10-26 19:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-10-26 19:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-10-26 19:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-10-26 19:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-10-26 19:04:56 ----D---- C:\WINDOWS\l2schemas
    2008-10-26 19:04:55 ----D---- C:\WINDOWS\system32\fr
    2008-10-26 19:04:55 ----D---- C:\WINDOWS\system32\bits
    2008-10-26 19:02:24 ----D---- C:\WINDOWS\ServicePackFiles
    2008-10-26 18:55:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2008-10-26 18:55:15 ----D---- C:\WINDOWS\EHome
    2008-10-25 19:53:04 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-10-25 19:52:53 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
    2008-10-25 19:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
    2008-10-25 19:39:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-10-25 19:35:10 ----D---- C:\Program Files\Windows Live
    2008-10-25 19:29:25 ----D---- C:\temp
    2008-10-25 19:23:17 ----A---- C:\WINDOWS\system32\muweb.dll
    2008-10-25 19:23:17 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
    2008-10-25 19:23:16 ----A---- C:\WINDOWS\system32\mucltui.dll
    2008-10-24 19:59:41 ----A---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\QuickZip45.ini
    2008-10-24 19:59:34 ----D---- C:\Program Files\QuickZip4
    2008-10-24 19:54:34 ----A---- C:\WINDOWS\system32\chsbrkr.dll
    2008-10-24 19:54:33 ----A---- C:\WINDOWS\system32\korwbrkr.dll
    2008-10-24 19:54:33 ----A---- C:\WINDOWS\system32\chtbrkr.dll
    2008-10-24 19:54:31 ----A---- C:\WINDOWS\system32\msir3jp.dll
    2008-10-24 19:54:23 ----A---- C:\WINDOWS\system32\kbd101a.dll
    2008-10-24 19:54:23 ----A---- C:\WINDOWS\system32\c_g18030.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdnec95.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\kbdibm02.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\kbdax2.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\kbd106n.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\kbd101.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
    2008-10-24 19:53:58 ----A---- C:\WINDOWS\system32\c_is2022.dll
    2008-10-24 19:53:56 ----A---- C:\WINDOWS\system32\uniime.dll
    2008-10-24 19:53:49 ----A---- C:\WINDOWS\system32\imjp81k.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbdkor.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbdjpn.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbd106.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbd103.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbd101c.dll
    2008-10-24 19:53:41 ----A---- C:\WINDOWS\system32\kbd101b.dll
    2008-10-24 19:37:18 ----D---- C:\WINDOWS\system32\fr-fr
    2008-10-24 19:35:18 ----A---- C:\WINDOWS\system32\xmllite.dll
    2008-10-24 19:27:37 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-10-24 18:09:43 ----D---- C:\WINDOWS\I386
    2008-10-24 18:05:47 ----RSD---- C:\WINDOWS\assembly
    2008-10-24 17:44:55 ----ASH---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\desktop.ini
    2008-10-24 17:44:54 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Real
    2008-10-24 17:44:54 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft
    2008-10-24 17:44:54 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Identities
    2008-10-24 17:40:53 ----D---- C:\WINDOWS\system32\SoftwareDistribution
    2008-10-24 17:24:55 ----N---- C:\WINDOWS\system32\tzchange.exe
    2008-10-24 17:23:53 ----N---- C:\WINDOWS\system32\verclsid.exe
    2008-10-24 17:23:34 ----N---- C:\WINDOWS\system32\xpsp3res.dll
    2008-10-24 17:22:18 ----RSHD---- C:\cmdcons
    2008-10-24 17:22:00 ----D---- C:\WINDOWS\setupupd
    2008-10-24 17:09:42 ----D---- C:\WINDOWS\system32\PreInstall
    2008-10-24 17:08:15 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
    2008-10-24 16:49:57 ----D---- C:\Program Files\Sun
    2008-10-24 16:49:46 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-10-24 16:49:46 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-10-24 16:49:46 ----A---- C:\WINDOWS\system32\java.exe
    2008-10-24 16:46:21 ----A---- C:\WINDOWS\system32\wmpns.dll
    2008-10-24 11:36:01 ----D---- C:\Program Files\uTorrent
    2008-10-24 11:35:53 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\uTorrent
    2008-10-24 11:34:16 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-10-24 11:33:53 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-10-24 11:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
    2008-10-24 11:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
    2008-10-24 11:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
    2008-10-24 11:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
    2008-10-24 11:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
    2008-10-24 11:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-24 11:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
    2008-10-24 11:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
    2008-10-24 11:23:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
    2008-10-24 11:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-10-24 11:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
    2008-10-24 11:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
    2008-10-24 11:23:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
    2008-10-24 11:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
    2008-10-24 11:23:22 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
    2008-10-24 11:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
    2008-10-24 11:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
    2008-10-24 11:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
    2008-10-24 11:22:50 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
    2008-10-24 11:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
    2008-10-24 11:22:42 ----D---- C:\Program Files\MSXML 4.0
    2008-10-24 11:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
    2008-10-24 11:22:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
    2008-10-24 11:22:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
    2008-10-24 11:20:56 ----D---- C:\WINDOWS\ie7updates
    2008-10-24 11:20:15 ----D---- C:\WINDOWS\WBEM
    2008-10-24 11:19:18 ----HDC---- C:\WINDOWS\ie7
    2008-10-24 11:19:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    2008-10-24 11:18:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    2008-10-24 11:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
    2008-10-24 11:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
    2008-10-24 11:17:06 ----D---- C:\WINDOWS\network diagnostic
    2008-10-24 11:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
    2008-10-24 11:16:56 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
    2008-10-24 11:14:58 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Adobe
    2008-10-24 11:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
    2008-10-24 11:13:43 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
    2008-10-24 11:13:36 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
    2008-10-24 11:13:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
    2008-10-24 11:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
    2008-10-24 11:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2008-10-24 11:12:53 ----D---- C:\Program Files\Microsoft Visual Studio 8
    2008-10-24 11:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
    2008-10-24 11:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB943460_0$
    2008-10-24 11:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
    2008-10-24 11:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
    2008-10-24 11:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
    2008-10-24 11:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
    2008-10-24 11:10:44 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Google
    2008-10-24 11:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
    2008-10-24 11:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
    2008-10-24 11:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
    2008-10-24 11:09:42 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
    2008-10-24 11:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
    2008-10-24 11:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
    2008-10-24 11:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
    2008-10-24 11:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
    2008-10-24 11:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
    2008-10-24 11:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
    2008-10-24 11:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
    2008-10-24 11:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
    2008-10-24 11:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
    2008-10-24 11:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
    2008-10-24 11:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
    2008-10-24 11:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
    2008-10-24 11:06:56 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
    2008-10-24 11:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
    2008-10-24 11:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
    2008-10-24 11:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
    2008-10-24 11:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
    2008-10-24 11:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
    2008-10-24 11:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
    2008-10-24 11:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
    2008-10-24 11:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
    2008-10-24 11:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
    2008-10-24 11:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
    2008-10-24 11:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
    2008-10-24 11:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
    2008-10-24 11:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
    2008-10-24 11:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
    2008-10-24 11:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
    2008-10-24 11:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
    2008-10-24 11:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
    2008-10-24 11:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
    2008-10-24 11:04:16 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
    2008-10-24 11:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
    2008-10-24 11:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
    2008-10-24 11:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
    2008-10-24 11:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
    2008-10-24 11:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
    2008-10-24 11:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
    2008-10-24 11:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
    2008-10-24 11:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
    2008-10-24 11:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
    2008-10-24 11:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
    2008-10-24 11:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
    2008-10-24 11:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
    2008-10-24 11:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
    2008-10-24 11:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
    2008-10-24 11:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
    2008-10-24 11:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
    2008-10-24 11:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
    2008-10-24 11:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
    2008-10-24 11:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
    2008-10-24 10:55:30 ----D---- C:\Program Files\MSBuild
    2008-10-24 10:54:47 ----D---- C:\Program Files\Microsoft Visual Studio
    2008-10-24 10:54:46 ----D---- C:\Program Files\Fichiers communs\DESIGNER
    2008-10-24 10:53:38 ----D---- C:\Program Files\Microsoft.NET
    2008-10-24 10:51:32 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2008-10-24 10:48:28 ----D---- C:\WINDOWS\SHELLNEW
    2008-10-24 10:47:36 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-24 10:46:59 ----RHD---- C:\MSOCache
    2008-10-24 10:46:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2008-10-24 10:46:32 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Macromedia
    2008-10-24 10:43:17 ----RASH---- C:\BOOT.BAK
    2008-10-24 10:43:11 ----D---- C:\WINDOWS\setup.pss
    2008-10-24 10:43:11 ----A---- C:\WINDOWS\UPGRADE.TXT
    2008-10-24 10:38:57 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2008-10-24 10:38:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
    2008-10-24 10:34:28 ----SHD---- C:\RECYCLER
    2008-10-24 10:25:25 ----SHD---- C:\System Volume Information
    2008-09-17 14:16:33 ----RASH---- C:\Program Files\Norton2009Reset.exe

    ======List of files/folders modified in the last 3 months======

    2008-11-02 12:30:07 ----D---- C:\WINDOWS\Temp
    2008-11-02 12:10:14 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-11-01 23:15:54 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-11-01 22:33:16 ----SHD---- C:\WINDOWS\Installer
    2008-11-01 22:32:47 ----D---- C:\WINDOWS
    2008-11-01 22:29:59 ----D---- C:\WINDOWS\system32\drivers
    2008-11-01 22:29:59 ----D---- C:\WINDOWS\system32
    2008-11-01 22:29:59 ----D---- C:\Program Files
    2008-11-01 21:17:55 ----D---- C:\Program Files\Fichiers communs
    2008-11-01 17:38:13 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
    2008-11-01 17:13:54 ----D---- C:\WINDOWS\Tasks
    2008-11-01 17:00:43 ----D---- C:\WINDOWS\WinSxS
    2008-11-01 13:57:28 ----D---- C:\WINDOWS\system32\dllcache
    2008-10-30 19:02:46 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-10-27 20:11:19 ----HD---- C:\WINDOWS\inf
    2008-10-27 19:51:13 ----HD---- C:\WINDOWS\$hf_mig$
    2008-10-27 08:02:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-10-27 08:00:48 ----A---- C:\WINDOWS\OEWABLog.txt
    2008-10-27 08:00:15 ----A---- C:\WINDOWS\setuplog.txt
    2008-10-27 07:59:30 ----D---- C:\WINDOWS\system32\wbem
    2008-10-27 07:59:30 ----D---- C:\WINDOWS\system32\Setup
    2008-10-27 07:59:30 ----D---- C:\WINDOWS\AppPatch
    2008-10-27 07:59:29 ----RSD---- C:\WINDOWS\Fonts
    2008-10-26 20:42:10 ----D---- C:\WINDOWS\security
    2008-10-26 19:13:38 ----D---- C:\WINDOWS\system32\CatRoot
    2008-10-26 19:11:52 ----A---- C:\WINDOWS\imsins.BAK
    2008-10-26 19:09:30 ----D---- C:\Program Files\Messenger
    2008-10-26 19:05:14 ----D---- C:\WINDOWS\ime
    2008-10-26 19:05:13 ----D---- C:\WINDOWS\Help
    2008-10-26 19:04:57 ----D---- C:\WINDOWS\system32\usmt
    2008-10-26 19:04:55 ----D---- C:\WINDOWS\PeerNet
    2008-10-26 19:04:54 ----D---- C:\Program Files\Movie Maker
    2008-10-26 19:02:18 ----D---- C:\WINDOWS\system32\Restore
    2008-10-26 19:02:18 ----D---- C:\WINDOWS\system32\npp
    2008-10-26 19:02:16 ----D---- C:\WINDOWS\msagent
    2008-10-26 19:02:15 ----D---- C:\WINDOWS\srchasst
    2008-10-26 19:02:12 ----D---- C:\Program Files\NetMeeting
    2008-10-26 19:02:11 ----D---- C:\WINDOWS\system32\Com
    2008-10-26 19:02:08 ----D---- C:\Program Files\Windows NT
    2008-10-26 19:02:08 ----D---- C:\Program Files\Windows Media Player
    2008-10-26 19:02:08 ----D---- C:\Program Files\Outlook Express
    2008-10-26 19:02:04 ----D---- C:\Program Files\Fichiers communs\System
    2008-10-26 19:01:43 ----D---- C:\WINDOWS\system32\oobe
    2008-10-26 19:01:41 ----D---- C:\WINDOWS\system
    2008-10-26 18:58:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2008-10-26 18:43:16 ----HD---- C:\hp
    2008-10-25 19:21:26 ----D---- C:\Program Files\Internet Explorer
    2008-10-25 01:31:10 ----D---- C:\Program Files\Fichiers communs\Services
    2008-10-25 01:31:06 ----D---- C:\WINDOWS\system32\ras
    2008-10-25 01:31:01 ----D---- C:\WINDOWS\system32\icsxml
    2008-10-25 01:31:01 ----D---- C:\WINDOWS\system32\ias
    2008-10-25 01:30:41 ----RD---- C:\WINDOWS\Web
    2008-10-25 01:30:41 ----D---- C:\WINDOWS\Media
    2008-10-25 01:30:41 ----D---- C:\WINDOWS\addins
    2008-10-25 01:30:33 ----D---- C:\WINDOWS\Cursors
    2008-10-25 01:30:27 ----AHDC---- C:\WINDOWS\$NtUninstallKB902400$
    2008-10-25 01:30:26 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
    2008-10-24 19:49:06 ----D---- C:\WINDOWS\Downloaded Program Files
    2008-10-24 19:47:50 ----D---- C:\WINDOWS\Debug
    2008-10-24 19:37:24 ----D---- C:\WINDOWS\system32\config
    2008-10-24 19:02:17 ----D---- C:\Program Files\MSN
    2008-10-24 17:44:53 ----D---- C:\Documents and Settings
    2008-10-24 17:41:16 ----D---- C:\WINDOWS\SoftwareDistribution
    2008-10-24 17:41:16 ----D---- C:\WINDOWS\Registration
    2008-10-24 17:39:30 ----A---- C:\WINDOWS\system.ini
    2008-10-24 17:22:33 ----RASH---- C:\boot.ini
    2008-10-24 17:21:03 ----D---- C:\Program Files\Google
    2008-10-24 16:49:45 ----D---- C:\Program Files\Java
    2008-10-24 16:46:17 ----AD---- C:\WINDOWS\system32\pcintro
    2008-10-15 17:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll
    2008-10-03 18:12:27 ----A---- C:\WINDOWS\system32\ieframe.dll
    2008-08-27 13:41:52 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-08-26 09:11:54 ----A---- C:\WINDOWS\system32\wininet.dll
    2008-08-26 09:11:53 ----A---- C:\WINDOWS\system32\webcheck.dll
    2008-08-26 09:11:53 ----A---- C:\WINDOWS\system32\urlmon.dll
    2008-08-26 09:11:52 ----N---- C:\WINDOWS\system32\occache.dll
    2008-08-26 09:11:52 ----N---- C:\WINDOWS\system32\mstime.dll
    2008-08-26 09:11:52 ----N---- C:\WINDOWS\system32\msrating.dll
    2008-08-26 09:11:52 ----A---- C:\WINDOWS\system32\url.dll
    2008-08-26 09:11:52 ----A---- C:\WINDOWS\system32\pngfilt.dll
    2008-08-26 09:11:52 ----A---- C:\WINDOWS\system32\mshtmled.dll
    2008-08-26 09:11:49 ----N---- C:\WINDOWS\system32\jsproxy.dll
    2008-08-26 09:11:49 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
    2008-08-26 09:11:49 ----A---- C:\WINDOWS\system32\msfeeds.dll
    2008-08-26 09:11:48 ----N---- C:\WINDOWS\system32\iernonce.dll
    2008-08-26 09:11:48 ----A---- C:\WINDOWS\system32\iertutil.dll
    2008-08-26 09:11:46 ----N---- C:\WINDOWS\system32\iedkcs32.dll
    2008-08-26 09:11:46 ----A---- C:\WINDOWS\system32\ieapfltr.dll
    2008-08-26 09:11:45 ----N---- C:\WINDOWS\system32\ieaksie.dll
    2008-08-26 09:11:45 ----N---- C:\WINDOWS\system32\ieakeng.dll
    2008-08-26 09:11:45 ----N---- C:\WINDOWS\system32\extmgr.dll
    2008-08-26 09:11:45 ----A---- C:\WINDOWS\system32\icardie.dll
    2008-08-26 09:11:45 ----A---- C:\WINDOWS\system32\dxtrans.dll
    2008-08-26 09:11:45 ----A---- C:\WINDOWS\system32\dxtmsft.dll
    2008-08-26 09:11:45 ----A---- C:\WINDOWS\system32\advpack.dll
    2008-08-25 09:39:40 ----N---- C:\WINDOWS\system32\ie4uinit.exe
    2008-08-25 09:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
    2008-08-23 06:54:51 ----N---- C:\WINDOWS\system32\ieakui.dll
    2008-08-14 14:23:49 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 14:23:49 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-14 1313792]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-01 611664]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-14 376832]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S2 .norton2009Reset;Norton2009 Reset; C:\Program Files\Norton2009Reset.exe [2008-09-17 549159]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-24 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

    -----------------EOF-----------------
    2 Novembre 2008 12:34:31

    J'ai également le bloc note qui s'est ouvert avec ceci :
    info.txt logfile of random's system information tool 1.04 2008-11-02 12:32:18

    ======Uninstall list======

    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
    Amélioration de nos services-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1036
    Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
    High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
    InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    Multi Virus Cleaner 2008-->"C:\Program Files\AxBx\Multi Virus Cleaner 2008\unins000.exe"
    Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.0.0.125\InstStub.exe /X
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
    Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
    PS2-->C:\WINDOWS\system32\ps2.exe uninstall
    Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
    Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
    Quick Zip 4.60.019-->"C:\Program Files\QuickZip4\unins000.exe"
    RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Security center information======

    AV: AVG Anti-Virus (disabled) (outdated)

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=2f02
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "SonicCentral"=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\

    -----------------EOF-----------------
    2 Novembre 2008 12:40:45

    Re,

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    2 Novembre 2008 12:49:13

    jcomprend pa il ne s'ouvre pa non plus.
    2 Novembre 2008 13:19:18

    Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
    (Si tu es sous Vista, clique seulement sur démarrer, tape CMD et valide par entrée)
    Colle ligne par ligne en validant entre deux (par entrée) les lignes suivantes dans la fenêtre noire qui apparaît.
    reg export "hkcr\.exe" temp.log
    reg export "hkcr\exefile" temp2.log
    temp.log & temp2.log
    echo Je poste le contenu des deux fichiers qui viennent de s'ouvrir
    del temp?.log
    2 Novembre 2008 13:30:31

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\exefile]
    @="Application"
    "EditFlags"=hex:38,07,00,00
    "TileInfo"="prop:FileDescription;Company;FileVersion"
    "InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

    [HKEY_CLASSES_ROOT\exefile\DefaultIcon]
    @="%1"

    [HKEY_CLASSES_ROOT\exefile\shell]

    [HKEY_CLASSES_ROOT\exefile\shell\open]
    "EditFlags"=hex:00,00,00,00

    [HKEY_CLASSES_ROOT\exefile\shell\open\command]
    @="\"%1\" %*"

    [HKEY_CLASSES_ROOT\exefile\shell\runas]

    [HKEY_CLASSES_ROOT\exefile\shell\runas\command]
    @="\"%1\" %*"

    [HKEY_CLASSES_ROOT\exefile\shellex]

    [HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
    @="{86C86720-42A0-1069-A2E8-08002B30309D}"

    [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

    [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
    @="{86F19A00-42A0-1069-A2E9-08002B30309D}"

    [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
    @="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

    Alor pour l'instant tu arrives a comprendre d'ou vient mon problème???
    2 Novembre 2008 13:31:05

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\.exe]
    @="exefile"
    "Content Type"="application/x-msdownload"

    [HKEY_CLASSES_ROOT\.exe\PersistentHandler]
    @="{098f2470-bae0-11cd-b579-08002b30bfeb}"
    2 Novembre 2008 15:01:21

    Bizarre ..

    Peux-tu essayer d'exécuter l'outil en mode sans échec ?

  • Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
    2 Novembre 2008 15:19:57

    Ni ComboFix HijackThis ne fonctionnent en mode sans echec
    2 Novembre 2008 15:22:08

    Curieux.. Les autres extensions marchent ou tu ne peux plus rien ouvrir ?

    2 Novembre 2008 15:24:10

    Je sais pas mais la cela commence à me prendre la tête. Dois je refaire un formatage du disque dur?
    2 Novembre 2008 15:42:16

    Je ne comprends pas pourquoi les .EXE ne s'exécutent pas .....
    Quand tu lances HijackThis.exe par exemple, as-tu HijackThis.exe dans les processus dans la Barre des Tâches ?
    2 Novembre 2008 15:52:15

    J'ai juste hijackthis sans le .exe sur le bureau ainsi que dans les programmes.
    2 Novembre 2008 16:08:21

    Juste regarder quelque chose ... :) 

    Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
    (Si tu es sous Vista, clique seulement sur démarrer, tape CMD et valide par entrée)
    Colle ligne par ligne en validant entre deux (par entrée) les lignes suivantes dans la fenêtre noire qui apparaît.
    reg export "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" temp1.log
    reg export "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" temp2.log
    temp1.log & temp2.log
    echo Je poste le contenu des deux fichiers qui viennent de s'ouvrir
    del temp?.log
    2 Novembre 2008 16:13:12

    ca fonctionne pas nom de clé invalide ou chemin d'accès introuvable
    2 Novembre 2008 16:26:03

    J'ai édité, refais-le stp
    2 Novembre 2008 16:39:45

    le premier s'est bien déroulé le deuxième le système n'a pu trouver la clé ou la valeur du registre spécifié.
    2 Novembre 2008 18:13:11

    Poste moi le premier alors stp :) 
    2 Novembre 2008 20:31:48

    Ben oui mais aucun bloc note c'est ouvert mais c'est ce que le programme avait inscrit. Désolé de ne pouvoir plus t'aider et merci à toi pour le temps que tu m'accordes.
    2 Novembre 2008 21:55:19

    Re,

    Et si tu tapes : temp1.log ?
    3 Novembre 2008 19:12:28

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    3 Novembre 2008 19:49:54

    Ok, bizarre..

    On va essayer de s'en débarasser avec un autre outil :) 

    Télécharge OTMoveIt3 (de OldTimer). Sauvegarde-le sur ton Bureau.
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    :processes
    explorer.exe

    :services
    .norton2009Reset

    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGayawV]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"=-
    "brastk"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "AlcxMonitor"=-
    "PCDrProfiler"=-
    "407323ce"=-
    "brastk"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F893D5-DF15-4C74-8397-0DE46A084C42}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A796189-8AA1-4F48-9342-A063494F8F59}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{FBFD382A-AC6E-4EB7-8944-F97D358B378D}"=-
    [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner]
    [-HKEY_CLASSES_ROOT\CLSID\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}]
    [-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
    [-HKEY_CLASSES_ROOT\CLSID\{5A796189-8AA1-4F48-9342-A063494F8F59}]
    [-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    [-HKEY_CLASSES_ROOT\CLSID\{30F893D5-DF15-4C74-8397-0DE46A084C42}]
    [-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]

    :files
    C:\Program Files\Norton2009Reset.exe
    C:\WINDOWS\system32\wini10791.exe
    C:\WINDOWS\brastk.exe
    C:\WINDOWS\system32\brastk.exe
    C:\WINDOWS\system32\qrivcxwq.ini
    C:\WINDOWS\system32\txrtnh.dll
    C:\WINDOWS\system32\muugbplp.dll
    C:\WINDOWS\system32\4b50e7b0-.txt
    C:\WINDOWS\system32\qXEgfMoq.ini2
    C:\WINDOWS\system32\qXEgfMoq.ini
    C:\WINDOWS\system32\qoMfgEXq.dll
    C:\WINDOWS\system32\urqRKCrP.dll
    C:\WINDOWS\system32\hgGayawV.dll
    C:\WINDOWS\system32\omsxytvv.ini
    C:\WINDOWS\system32\vvtyxsmo.dll
    C:\WINDOWS\system32\mgqnuo.dll
    C:\WINDOWS\system32\cafwxgbn.dll
    C:\WINDOWS\system32\yayvTnmJ.dll
    C:\WINDOWS\system32\tuvTkiJA.dll
    C:\WINDOWS\system32\karna.dat

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


    Double clique sur OTMoveIt3.exe afin de le lancer.
    Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    3 Novembre 2008 21:12:34

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    Service .norton2009Reset stopped successfully.
    Service .norton2009Reset deleted successfully.
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGayawV\\ deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\brastk deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\407323ce not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\brastk deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F893D5-DF15-4C74-8397-0DE46A084C42}\\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A796189-8AA1-4F48-9342-A063494F8F59}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{FBFD382A-AC6E-4EB7-8944-F97D358B378D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}\ deleted successfully.
    Registry key HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner\\ deleted successfully.
    Registry key HKEY_CLASSES_ROOT\CLSID\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}\\ deleted successfully.
    Registry key HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{5A796189-8AA1-4F48-9342-A063494F8F59}\\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\\ deleted successfully.
    Registry key HKEY_CLASSES_ROOT\CLSID\{30F893D5-DF15-4C74-8397-0DE46A084C42}\\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\\ deleted successfully.
    ========== FILES ==========
    C:\Program Files\Norton2009Reset.exe moved successfully.
    C:\WINDOWS\system32\wini10791.exe moved successfully.
    C:\WINDOWS\brastk.exe moved successfully.
    C:\WINDOWS\system32\brastk.exe moved successfully.
    C:\WINDOWS\system32\qrivcxwq.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\txrtnh.dll
    C:\WINDOWS\system32\txrtnh.dll NOT unregistered.
    C:\WINDOWS\system32\txrtnh.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\muugbplp.dll
    C:\WINDOWS\system32\muugbplp.dll NOT unregistered.
    C:\WINDOWS\system32\muugbplp.dll moved successfully.
    C:\WINDOWS\system32\4b50e7b0-.txt moved successfully.
    C:\WINDOWS\system32\qXEgfMoq.ini2 moved successfully.
    C:\WINDOWS\system32\qXEgfMoq.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\qoMfgEXq.dll
    C:\WINDOWS\system32\qoMfgEXq.dll NOT unregistered.
    C:\WINDOWS\system32\qoMfgEXq.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\urqRKCrP.dll
    C:\WINDOWS\system32\urqRKCrP.dll NOT unregistered.
    C:\WINDOWS\system32\urqRKCrP.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGayawV.dll
    C:\WINDOWS\system32\hgGayawV.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\hgGayawV.dll scheduled to be moved on reboot.
    C:\WINDOWS\system32\omsxytvv.ini moved successfully.
    File/Folder C:\WINDOWS\system32\vvtyxsmo.dll not found.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\mgqnuo.dll
    C:\WINDOWS\system32\mgqnuo.dll NOT unregistered.
    C:\WINDOWS\system32\mgqnuo.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\cafwxgbn.dll
    C:\WINDOWS\system32\cafwxgbn.dll NOT unregistered.
    C:\WINDOWS\system32\cafwxgbn.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayvTnmJ.dll
    C:\WINDOWS\system32\yayvTnmJ.dll NOT unregistered.
    C:\WINDOWS\system32\yayvTnmJ.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvTkiJA.dll
    C:\WINDOWS\system32\tuvTkiJA.dll NOT unregistered.
    C:\WINDOWS\system32\tuvTkiJA.dll moved successfully.
    C:\WINDOWS\system32\karna.dat moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF2075.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF2082.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF72A.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF9BA.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11032008_205753

    Files moved on Reboot...
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGayawV.dll
    C:\WINDOWS\system32\hgGayawV.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\hgGayawV.dll scheduled to be moved on reboot.
    File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF2075.tmp not found!
    File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF2082.tmp not found!
    File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF72A.tmp not found!
    File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF9BA.tmp not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
    4 Novembre 2008 00:40:24

    Hello,

    C'est mieux ?

    Poste un nouveau rapport RSIT.
    4 Novembre 2008 20:55:35

    J'ai toujours ma croix rouge à coté de l'heure avec une alerte virus. Sinon moi de page.

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Compaq_Propriétaire at 2008-11-04 20:54:26
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 220 GB (95%) free of 232 GB
    Total RAM: 446 MB (9% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:54:30, on 04/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe
    C:\Program Files\trend micro\Compaq_Propriétaire.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {545AF2FA-5866-4761-9005-57A24DE7E954} - C:\WINDOWS\system32\qoMfgEXq.dll (file missing)
    O2 - BHO: (no name) - {5553a608-96a1-49eb-b37d-135947de8477} - C:\WINDOWS\system32\phmuhj.dll
    O2 - BHO: (no name) - {57E4D3E7-11D5-4464-B214-123F363EC8D3} - C:\WINDOWS\system32\iifefFXo.dll
    O2 - BHO: (no name) - {93E27662-6576-4AC8-992F-942FCE6F98F8} - (no file)
    O2 - BHO: (no name) - {C7010EF9-85E1-4598-881C-270C28F56B48} - (no file)
    O2 - BHO: (no name) - {FBFD382A-AC6E-4EB7-8944-F97D358B378D} - C:\WINDOWS\system32\hgGayawV.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [NIS] "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\IXP000.TMP\NIS09EN.exe" /RELAUNCH /RUNONCE /NOPROMPT /PATH "C:\Program Files\Norton Internet Security\Norton Internet Security"
    O4 - HKLM\..\Run: [407323ce] rundll32.exe "C:\WINDOWS\system32\hhcklhbh.dll",b
    O4 - HKLM\..\Run: [brastk] brastk.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: karna.dat
    O20 - Winlogon Notify: hgGayawV - C:\WINDOWS\SYSTEM32\hgGayawV.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    --
    End of file - 5771 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Connexion facile à Internet.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{545AF2FA-5866-4761-9005-57A24DE7E954}]
    C:\WINDOWS\system32\qoMfgEXq.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5553a608-96a1-49eb-b37d-135947de8477}]
    C:\WINDOWS\system32\phmuhj.dll [2008-11-03 101888]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57E4D3E7-11D5-4464-B214-123F363EC8D3}]
    C:\WINDOWS\system32\iifefFXo.dll [2008-11-03 244224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93E27662-6576-4AC8-992F-942FCE6F98F8}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7010EF9-85E1-4598-881C-270C28F56B48}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}]
    C:\WINDOWS\system32\hgGayawV.dll [2008-10-31 33280]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2436160]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
    "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-14 344064]
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
    "KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
    "NIS"=C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\IXP000.TMP\NIS09EN.exe /RELAUNCH /RUNONCE /NOPROMPT /PATH C:\Program Files\Norton Internet Security\Norton Internet Security []
    "407323ce"=C:\WINDOWS\system32\hhcklhbh.dll []
    "brastk"=C:\WINDOWS\system32\brastk.exe [2008-11-03 10240]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-10-24 171448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="karna.dat"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2005-08-14 46080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGayawV]
    C:\WINDOWS\system32\hgGayawV.dll [2008-10-31 33280]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{FBFD382A-AC6E-4EB7-8944-F97D358B378D}"=C:\WINDOWS\system32\hgGayawV.dll [2008-10-31 33280]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    C:\WINDOWS\system32\iifefFXo

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "ForceClassicControlPanel"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======List of files/folders created in the last 1 months======

    2008-11-04 18:15:14 ----A---- C:\WINDOWS\system32\wini10791.exe
    2008-11-03 21:13:04 ----SH---- C:\WINDOWS\system32\komprwub.ini
    2008-11-03 21:13:03 ----A---- C:\WINDOWS\system32\buwrpmok.dll
    2008-11-03 21:10:47 ----A---- C:\WINDOWS\system32\phmuhj.dll
    2008-11-03 21:10:46 ----A---- C:\WINDOWS\system32\mfkubisy.dll
    2008-11-03 21:10:16 ----A---- C:\WINDOWS\system32\4b50e7b0-.txt
    2008-11-03 21:10:02 ----ASH---- C:\WINDOWS\system32\oXFfefii.ini2
    2008-11-03 21:10:02 ----ASH---- C:\WINDOWS\system32\oXFfefii.ini
    2008-11-03 21:09:57 ----A---- C:\WINDOWS\system32\iifefFXo.dll
    2008-11-03 21:04:43 ----A---- C:\WINDOWS\system32\brastk.exe
    2008-11-03 21:04:40 ----A---- C:\WINDOWS\brastk.exe
    2008-11-03 20:57:53 ----D---- C:\_OTMoveIt
    2008-11-03 20:51:08 ----A---- C:\WINDOWS\system32\okor.vbs
    2008-11-03 20:51:08 ----A---- C:\WINDOWS\esuponeg.exe
    2008-11-03 20:51:08 ----A---- C:\Program Files\Fichiers communs\ojoju.exe
    2008-11-03 20:51:08 ----A---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\voboj.com
    2008-11-03 20:50:44 ----D---- C:\Program Files\XP_Antispyware
    2008-11-03 19:02:28 ----A---- C:\WINDOWS\system32\kqmhuf.dll
    2008-11-03 19:02:27 ----A---- C:\WINDOWS\system32\kjobucsc.dll
    2008-11-03 18:59:42 ----SH---- C:\WINDOWS\system32\hbhlkchh.ini
    2008-11-02 17:31:39 ----A---- C:\WINDOWS\system32\vzrtio.dll
    2008-11-02 17:31:39 ----A---- C:\WINDOWS\system32\qnbpuyuy.dll
    2008-11-02 17:13:38 ----SH---- C:\WINDOWS\system32\nxevgmal.ini
    2008-11-02 17:13:38 ----A---- C:\WINDOWS\system32\lamgvexn.dll
    2008-11-02 15:07:33 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-11-02 12:32:05 ----D---- C:\rsit
    2008-11-01 22:29:59 ----D---- C:\Program Files\Lavasoft
    2008-11-01 22:29:48 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-11-01 21:17:55 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-11-01 20:16:44 ----A---- C:\HijackThis.exe
    2008-11-01 19:54:12 ----D---- C:\Program Files\Trend Micro
    2008-11-01 18:52:44 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-11-01 18:52:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-01 18:18:14 ----D---- C:\Program Files\AxBx
    2008-11-01 17:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
    2008-11-01 17:12:09 ----D---- C:\Program Files\NortonInstaller
    2008-11-01 17:12:09 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    2008-11-01 17:01:08 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\AVGTOOLBAR
    2008-11-01 17:00:58 ----D---- C:\Program Files\AVG
    2008-11-01 17:00:58 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2008-10-31 21:14:05 ----A---- C:\WINDOWS\system32\hgGayawV.dll
    2008-10-27 20:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2008-10-27 08:00:20 ----D---- C:\WINDOWS\Prefetch
    2008-10-26 19:11:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-10-26 19:11:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-26 19:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-10-26 19:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-26 19:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-26 19:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-10-26 19:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-10-26 19:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-10-26 19:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-10-26 19:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-10-26 19:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-10-26 19:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-10-26 19:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-10-26 19:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-10-26 19:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-10-26 19:04:56 ----D---- C:\WINDOWS\l2schemas
    2008-10-26 19:04:55 ----D---- C:\WINDOWS\system32\fr
    2008-10-26 19:04:55 ----D---- C:\WINDOWS\system32\bits
    2008-10-26 19:02:24 ----D---- C:\WINDOWS\ServicePackFiles
    2008-10-26 18:55:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2008-10-26 18:55:15 ----D---- C:\WINDOWS\EHome
    2008-10-25 19:53:04 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-10-25 19:52:53 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
    2008-10-25 19:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
    2008-10-25 19:39:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-10-25 19:35:10 ----D---- C:\Program Files\Windows Live
    2008-10-25 19:29:25 ----D---- C:\temp
    2008-10-25 19:23:17 ----A---- C:\WINDOWS\system32\muweb.dll
    2008-10-25 19:23:17 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
    2008-10-25 19:23:16 ----A---- C:\WINDOWS\system32\mucltui.dll
    2008-10-24 19:59:41 ----A---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\QuickZip45.ini
    2008-10-24 19:59:34 ----D---- C:\Program Files\QuickZip4
    2008-10-24 19:54:34 ----A---- C:\WINDOWS\system32\chsbrkr.dll
    2008-10-24 19:54:33 ----A---- C:\WINDOWS\system32\korwbrkr.dll
    2008-10-24 19:54:33 ----A---- C:\WINDOWS\system32\chtbrkr.dll
    2008-10-24 19:54:31 ----A---- C:\WINDOWS\system32\msir3jp.dll
    2008-10-24 19:54:23 ----A---- C:\WINDOWS\system32\kbd101a.dll
    2008-10-24 19:54:23 ----A---- C:\WINDOWS\system32\c_g18030.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdnec95.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\kbdibm02.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\kbdax2.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\kbd106n.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\kbd101.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
    2008-10-24 19:53:58 ----A---- C:\WINDOWS\system32\c_is2022.dll
    2008-10-24 19:53:56 ----A---- C:\WINDOWS\system32\uniime.dll
    2008-10-24 19:53:49 ----A---- C:\WINDOWS\system32\imjp81k.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbdkor.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbdjpn.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbd106.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbd103.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbd101c.dll
    2008-10-24 19:53:41 ----A---- C:\WINDOWS\system32\kbd101b.dll
    2008-10-24 19:37:18 ----D---- C:\WINDOWS\system32\fr-fr
    2008-10-24 19:35:18 ----A---- C:\WINDOWS\system32\xmllite.dll
    2008-10-24 19:27:37 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-10-24 18:09:43 ----D---- C:\WINDOWS\I386
    2008-10-24 18:05:47 ----RSD---- C:\WINDOWS\assembly
    2008-10-24 17:44:55 ----ASH---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\desktop.ini
    2008-10-24 17:44:54 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Real
    2008-10-24 17:44:54 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft
    2008-10-24 17:44:54 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Identities
    2008-10-24 17:40:53 ----D---- C:\WINDOWS\system32\SoftwareDistribution
    2008-10-24 17:24:55 ----N---- C:\WINDOWS\system32\tzchange.exe
    2008-10-24 17:23:53 ----N---- C:\WINDOWS\system32\verclsid.exe
    2008-10-24 17:23:34 ----N---- C:\WINDOWS\system32\xpsp3res.dll
    2008-10-24 17:22:18 ----RSHD---- C:\cmdcons
    2008-10-24 17:22:00 ----D---- C:\WINDOWS\setupupd
    2008-10-24 17:09:42 ----D---- C:\WINDOWS\system32\PreInstall
    2008-10-24 17:08:15 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
    2008-10-24 16:49:57 ----D---- C:\Program Files\Sun
    2008-10-24 16:49:46 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-10-24 16:49:46 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-10-24 16:49:46 ----A---- C:\WINDOWS\system32\java.exe
    2008-10-24 16:46:21 ----A---- C:\WINDOWS\system32\wmpns.dll
    2008-10-24 11:36:01 ----D---- C:\Program Files\uTorrent
    2008-10-24 11:35:53 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\uTorrent
    2008-10-24 11:34:16 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-10-24 11:33:53 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-10-24 11:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
    2008-10-24 11:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
    2008-10-24 11:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
    2008-10-24 11:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
    2008-10-24 11:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
    2008-10-24 11:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-24 11:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
    2008-10-24 11:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
    2008-10-24 11:23:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
    2008-10-24 11:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-10-24 11:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
    2008-10-24 11:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
    2008-10-24 11:23:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
    2008-10-24 11:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
    2008-10-24 11:23:22 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
    2008-10-24 11:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
    2008-10-24 11:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
    2008-10-24 11:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
    2008-10-24 11:22:50 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
    2008-10-24 11:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
    2008-10-24 11:22:42 ----D---- C:\Program Files\MSXML 4.0
    2008-10-24 11:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
    2008-10-24 11:22:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
    2008-10-24 11:22:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
    2008-10-24 11:20:56 ----D---- C:\WINDOWS\ie7updates
    2008-10-24 11:20:15 ----D---- C:\WINDOWS\WBEM
    2008-10-24 11:19:18 ----HDC---- C:\WINDOWS\ie7
    2008-10-24 11:19:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    2008-10-24 11:18:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    2008-10-24 11:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
    2008-10-24 11:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
    2008-10-24 11:17:06 ----D---- C:\WINDOWS\network diagnostic
    2008-10-24 11:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
    2008-10-24 11:16:56 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
    2008-10-24 11:14:58 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Adobe
    2008-10-24 11:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
    2008-10-24 11:13:43 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
    2008-10-24 11:13:36 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
    2008-10-24 11:13:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
    2008-10-24 11:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
    2008-10-24 11:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2008-10-24 11:12:53 ----D---- C:\Program Files\Microsoft Visual Studio 8
    2008-10-24 11:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
    2008-10-24 11:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB943460_0$
    2008-10-24 11:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
    2008-10-24 11:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
    2008-10-24 11:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
    2008-10-24 11:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
    2008-10-24 11:10:44 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Google
    2008-10-24 11:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
    2008-10-24 11:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
    2008-10-24 11:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
    2008-10-24 11:09:42 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
    2008-10-24 11:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
    2008-10-24 11:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
    2008-10-24 11:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
    2008-10-24 11:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
    2008-10-24 11:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
    2008-10-24 11:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
    2008-10-24 11:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
    2008-10-24 11:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
    2008-10-24 11:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
    2008-10-24 11:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
    2008-10-24 11:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
    2008-10-24 11:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
    2008-10-24 11:06:56 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
    2008-10-24 11:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
    2008-10-24 11:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
    2008-10-24 11:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
    2008-10-24 11:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
    2008-10-24 11:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
    2008-10-24 11:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
    2008-10-24 11:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
    2008-10-24 11:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
    2008-10-24 11:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
    2008-10-24 11:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
    2008-10-24 11:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
    2008-10-24 11:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
    2008-10-24 11:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
    2008-10-24 11:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
    2008-10-24 11:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
    2008-10-24 11:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
    2008-10-24 11:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
    2008-10-24 11:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
    2008-10-24 11:04:16 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
    2008-10-24 11:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
    2008-10-24 11:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
    2008-10-24 11:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
    2008-10-24 11:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
    2008-10-24 11:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
    2008-10-24 11:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
    2008-10-24 11:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
    2008-10-24 11:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
    2008-10-24 11:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
    2008-10-24 11:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
    2008-10-24 11:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
    2008-10-24 11:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
    2008-10-24 11:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
    2008-10-24 11:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
    2008-10-24 11:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
    2008-10-24 11:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
    2008-10-24 11:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
    2008-10-24 11:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
    2008-10-24 11:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
    2008-10-24 10:55:30 ----D---- C:\Program Files\MSBuild
    2008-10-24 10:54:47 ----D---- C:\Program Files\Microsoft Visual Studio
    2008-10-24 10:54:46 ----D---- C:\Program Files\Fichiers communs\DESIGNER
    2008-10-24 10:53:38 ----D---- C:\Program Files\Microsoft.NET
    2008-10-24 10:51:32 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2008-10-24 10:48:28 ----D---- C:\WINDOWS\SHELLNEW
    2008-10-24 10:47:36 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-24 10:46:59 ----RHD---- C:\MSOCache
    2008-10-24 10:46:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2008-10-24 10:46:32 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Macromedia
    2008-10-24 10:43:17 ----RASH---- C:\BOOT.BAK
    2008-10-24 10:43:11 ----D---- C:\WINDOWS\setup.pss
    2008-10-24 10:43:11 ----A---- C:\WINDOWS\UPGRADE.TXT
    2008-10-24 10:38:57 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2008-10-24 10:38:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
    2008-10-24 10:34:28 ----SHD---- C:\RECYCLER
    2008-10-24 10:25:25 ----SHD---- C:\System Volume Information

    ======List of files/folders modified in the last 1 months======

    2008-11-04 20:09:17 ----D---- C:\WINDOWS\system32\dllcache
    2008-11-04 20:09:12 ----D---- C:\WINDOWS\system32\drivers
    2008-11-04 18:15:31 ----HD---- C:\WINDOWS\inf
    2008-11-04 18:15:14 ----D---- C:\WINDOWS\system32
    2008-11-04 18:15:12 ----D---- C:\WINDOWS\Temp
    2008-11-04 18:15:02 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-11-03 21:50:46 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-11-03 21:04:40 ----D---- C:\WINDOWS
    2008-11-03 20:57:56 ----D---- C:\Program Files
    2008-11-03 20:51:08 ----D---- C:\Program Files\Fichiers communs
    2008-11-02 15:08:25 ----D---- C:\Documents and Settings
    2008-11-01 22:33:16 ----SHD---- C:\WINDOWS\Installer
    2008-11-01 17:38:13 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
    2008-11-01 17:13:54 ----D---- C:\WINDOWS\Tasks
    2008-11-01 17:00:43 ----D---- C:\WINDOWS\WinSxS
    2008-10-30 19:02:46 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-10-27 19:51:13 ----HD---- C:\WINDOWS\$hf_mig$
    2008-10-27 08:02:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-10-27 08:00:48 ----A---- C:\WINDOWS\OEWABLog.txt
    2008-10-27 08:00:15 ----A---- C:\WINDOWS\setuplog.txt
    2008-10-27 07:59:30 ----D---- C:\WINDOWS\system32\wbem
    2008-10-27 07:59:30 ----D---- C:\WINDOWS\system32\Setup
    2008-10-27 07:59:30 ----D---- C:\WINDOWS\AppPatch
    2008-10-27 07:59:29 ----RSD---- C:\WINDOWS\Fonts
    2008-10-26 20:42:10 ----D---- C:\WINDOWS\security
    2008-10-26 19:13:38 ----D---- C:\WINDOWS\system32\CatRoot
    2008-10-26 19:11:52 ----A---- C:\WINDOWS\imsins.BAK
    2008-10-26 19:09:30 ----D---- C:\Program Files\Messenger
    2008-10-26 19:05:14 ----D---- C:\WINDOWS\ime
    2008-10-26 19:05:13 ----D---- C:\WINDOWS\Help
    2008-10-26 19:04:57 ----D---- C:\WINDOWS\system32\usmt
    2008-10-26 19:04:55 ----D---- C:\WINDOWS\PeerNet
    2008-10-26 19:04:54 ----D---- C:\Program Files\Movie Maker
    2008-10-26 19:02:18 ----D---- C:\WINDOWS\system32\Restore
    2008-10-26 19:02:18 ----D---- C:\WINDOWS\system32\npp
    2008-10-26 19:02:16 ----D---- C:\WINDOWS\msagent
    2008-10-26 19:02:15 ----D---- C:\WINDOWS\srchasst
    2008-10-26 19:02:12 ----D---- C:\Program Files\NetMeeting
    2008-10-26 19:02:11 ----D---- C:\WINDOWS\system32\Com
    2008-10-26 19:02:08 ----D---- C:\Program Files\Windows NT
    2008-10-26 19:02:08 ----D---- C:\Program Files\Windows Media Player
    2008-10-26 19:02:08 ----D---- C:\Program Files\Outlook Express
    2008-10-26 19:02:04 ----D---- C:\Program Files\Fichiers communs\System
    2008-10-26 19:01:43 ----D---- C:\WINDOWS\system32\oobe
    2008-10-26 19:01:41 ----D---- C:\WINDOWS\system
    2008-10-26 18:58:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2008-10-26 18:43:16 ----HD---- C:\hp
    2008-10-25 19:21:26 ----D---- C:\Program Files\Internet Explorer
    2008-10-25 01:31:10 ----D---- C:\Program Files\Fichiers communs\Services
    2008-10-25 01:31:06 ----D---- C:\WINDOWS\system32\ras
    2008-10-25 01:31:01 ----D---- C:\WINDOWS\system32\icsxml
    2008-10-25 01:31:01 ----D---- C:\WINDOWS\system32\ias
    2008-10-25 01:30:41 ----RD---- C:\WINDOWS\Web
    2008-10-25 01:30:41 ----D---- C:\WINDOWS\Media
    2008-10-25 01:30:41 ----D---- C:\WINDOWS\addins
    2008-10-25 01:30:33 ----D---- C:\WINDOWS\Cursors
    2008-10-25 01:30:27 ----AHDC---- C:\WINDOWS\$NtUninstallKB902400$
    2008-10-25 01:30:26 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
    2008-10-24 19:49:06 ----D---- C:\WINDOWS\Downloaded Program Files
    2008-10-24 19:47:50 ----D---- C:\WINDOWS\Debug
    2008-10-24 19:37:24 ----D---- C:\WINDOWS\system32\config
    2008-10-24 19:02:17 ----D---- C:\Program Files\MSN
    2008-10-24 17:41:16 ----D---- C:\WINDOWS\SoftwareDistribution
    2008-10-24 17:41:16 ----D---- C:\WINDOWS\Registration
    2008-10-24 17:39:30 ----A---- C:\WINDOWS\system.ini
    2008-10-24 17:22:33 ----RASH---- C:\boot.ini
    2008-10-24 17:21:03 ----D---- C:\Program Files\Google
    2008-10-24 16:49:45 ----D---- C:\Program Files\Java
    2008-10-24 16:46:17 ----AD---- C:\WINDOWS\system32\pcintro
    2008-10-15 17:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-14 1313792]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-01 611664]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-14 376832]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-24 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

    -----------------EOF-----------------
    4 Novembre 2008 20:58:38

    Hello,

    Ouais, entre temps, l'infection continue de se développer.

    Toujours impossible d'exécuter ComboFix ?

    Sinon, je te répondrai demain, pas le temps ce soir, désolé.
    4 Novembre 2008 21:02:25

    non toujours pas. Ok merci à toi et bonne soirée.
    Désolé de t'embeter avec mes soucis et je trouve super ces forums avec ses aides.
    5 Novembre 2008 20:33:51

    Re,

    1 )Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
    Ne tiens pas compte de l'avertissement
    En bas à gauche , clique sur Outils
    Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
    Et décoche l'option Resident "TeaTimer" (Tu pourras la recocher lorsque nous aurons terminé)

    2) Télécharge OTMoveIt3 (de OldTimer). Sauvegarde-le sur ton Bureau.
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    :processes
    explorer.exe

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{FBFD382A-AC6E-4EB7-8944-F97D358B378D}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGayawV]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "407323ce"=-
    "brastk"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{545AF2FA-5866-4761-9005-57A24DE7E954}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5553a608-96a1-49eb-b37d-135947de8477}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57E4D3E7-11D5-4464-B214-123F363EC8D3}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93E27662-6576-4AC8-992F-942FCE6F98F8}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7010EF9-85E1-4598-881C-270C28F56B48}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}]

    :files
    C:\WINDOWS\system32\kqmhuf.dll
    C:\WINDOWS\system32\kjobucsc.dll
    C:\WINDOWS\system32\hbhlkchh.ini
    C:\WINDOWS\system32\vzrtio.dll
    C:\WINDOWS\system32\qnbpuyuy.dll
    C:\WINDOWS\system32\nxevgmal.ini
    C:\WINDOWS\system32\lamgvexn.dll
    C:\Program Files\XP_Antispyware
    C:\WINDOWS\system32\wini10791.exe
    C:\WINDOWS\system32\buwrpmok.dll
    C:\WINDOWS\system32\phmuhj.dll
    C:\WINDOWS\system32\mfkubisy.dll
    C:\WINDOWS\system32\4b50e7b0-.txt
    C:\WINDOWS\system32\oXFfefii.ini2
    C:\WINDOWS\system32\oXFfefii.ini
    C:\WINDOWS\system32\iifefFXo.dll
    C:\WINDOWS\system32\brastk.exe
    C:\WINDOWS\brastk.exe
    C:\WINDOWS\system32\okor.vbs
    C:\WINDOWS\esuponeg.exe
    C:\Program Files\Fichiers communs\ojoju.exe
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\voboj.com

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


    Double clique sur OTMoveIt3.exe afin de le lancer.
    Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton MoveIt![/#f] puis ferme OTMoveIt3.

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    3) Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • [#00aa55]Fais redémarrer ton ordinateur en mode sans échec

  • - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    ~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
  • Comment faire démarrer son ordinateur en mode sans échec.

    4) Installe un parefeu :
    Je t'en propose plusieurs (à toi d'en choisir un !) :

  • Sygate
  • Oupost
  • Kerio
  • Zone Alarm, etc ....

    Désactive le parefeu de Windows après avoir installé un nouveau parefeu.

    Aide : Comment désactiver le parefeu de Windows..

    5) Poste un nouveau log RSIT.
    6 Novembre 2008 12:58:02

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{FBFD382A-AC6E-4EB7-8944-F97D358B378D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGayawV\\ deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\407323ce deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\brastk deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{545AF2FA-5866-4761-9005-57A24DE7E954}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5553a608-96a1-49eb-b37d-135947de8477}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57E4D3E7-11D5-4464-B214-123F363EC8D3}\\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93E27662-6576-4AC8-992F-942FCE6F98F8}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7010EF9-85E1-4598-881C-270C28F56B48}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}\\ deleted successfully.
    ========== FILES ==========
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\kqmhuf.dll
    C:\WINDOWS\system32\kqmhuf.dll NOT unregistered.
    C:\WINDOWS\system32\kqmhuf.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\kjobucsc.dll
    C:\WINDOWS\system32\kjobucsc.dll NOT unregistered.
    C:\WINDOWS\system32\kjobucsc.dll moved successfully.
    C:\WINDOWS\system32\hbhlkchh.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\vzrtio.dll
    C:\WINDOWS\system32\vzrtio.dll NOT unregistered.
    C:\WINDOWS\system32\vzrtio.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\qnbpuyuy.dll
    C:\WINDOWS\system32\qnbpuyuy.dll NOT unregistered.
    C:\WINDOWS\system32\qnbpuyuy.dll moved successfully.
    C:\WINDOWS\system32\nxevgmal.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\lamgvexn.dll
    C:\WINDOWS\system32\lamgvexn.dll NOT unregistered.
    C:\WINDOWS\system32\lamgvexn.dll moved successfully.
    C:\Program Files\XP_Antispyware moved successfully.
    C:\WINDOWS\system32\wini10791.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\buwrpmok.dll
    C:\WINDOWS\system32\buwrpmok.dll NOT unregistered.
    C:\WINDOWS\system32\buwrpmok.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\phmuhj.dll
    C:\WINDOWS\system32\phmuhj.dll NOT unregistered.
    C:\WINDOWS\system32\phmuhj.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\mfkubisy.dll
    C:\WINDOWS\system32\mfkubisy.dll NOT unregistered.
    C:\WINDOWS\system32\mfkubisy.dll moved successfully.
    C:\WINDOWS\system32\4b50e7b0-.txt moved successfully.
    C:\WINDOWS\system32\oXFfefii.ini2 moved successfully.
    C:\WINDOWS\system32\oXFfefii.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\iifefFXo.dll
    C:\WINDOWS\system32\iifefFXo.dll NOT unregistered.
    C:\WINDOWS\system32\iifefFXo.dll moved successfully.
    C:\WINDOWS\system32\brastk.exe moved successfully.
    C:\WINDOWS\brastk.exe moved successfully.
    C:\WINDOWS\system32\okor.vbs moved successfully.
    C:\WINDOWS\esuponeg.exe moved successfully.
    C:\Program Files\Fichiers communs\ojoju.exe moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\voboj.com moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFA805.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFA814.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFD437.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFD444.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11062008_065603

    Files moved on Reboot...
    File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFA805.tmp not found!
    File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFA814.tmp not found!
    File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFD437.tmp not found!
    File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFD444.tmp not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
    6 Novembre 2008 12:59:14

    Malwarebytes' Anti-Malware 1.30
    Database version: 1368
    Windows 5.1.2600 Service Pack 3

    06/11/2008 12:51:31
    mbam-log-2008-11-06 (12-51-31).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 99417
    Time elapsed: 2 hour(s), 5 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 10
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 31

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\hgGayawV.dll (Trojan.Vundo.H) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbfd382a-ac6e-4eb7-8944-f97d358b378d} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggayawv (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{fbfd382a-ac6e-4eb7-8944-f97d358b378d} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{fbfd382a-ac6e-4eb7-8944-f97d358b378d} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\hgGayawV.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\dlbaxwnm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mnwxabld.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP15\A0006789.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP17\A0007852.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP18\A0007896.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11032008_205753\WINDOWS\system32\cafwxgbn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11032008_205753\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11032008_205753\WINDOWS\system32\mgqnuo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11032008_205753\WINDOWS\system32\muugbplp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11032008_205753\WINDOWS\system32\qoMfgEXq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11032008_205753\WINDOWS\system32\tuvTkiJA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11032008_205753\WINDOWS\system32\txrtnh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11032008_205753\WINDOWS\system32\urqRKCrP.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11032008_205753\WINDOWS\system32\yayvTnmJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11062008_065603\WINDOWS\system32\buwrpmok.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11062008_065603\WINDOWS\system32\iifefFXo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11062008_065603\WINDOWS\system32\kjobucsc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11062008_065603\WINDOWS\system32\kqmhuf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11062008_065603\WINDOWS\system32\lamgvexn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11062008_065603\WINDOWS\system32\mfkubisy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11062008_065603\WINDOWS\system32\phmuhj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11062008_065603\WINDOWS\system32\qnbpuyuy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\11062008_065603\WINDOWS\system32\vzrtio.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    6 Novembre 2008 13:00:26

    CA y est ouffff la croix rouge est partie je te tiens au courant si les pages de pub reviennent. Merci en tout cas pour le temps que tu as passé sur mon cas. Heureusement qu'il y a des gens comme toi.
    MERCI
    6 Novembre 2008 21:36:29

    Re,

    Je préfère qu'on finisse :) 

    ComboFix marche ?
    Si non,

    Télécharge SDFix (d’Andy Manchesta)

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<

    Note : Si SDFix ne se lance pas (ça arrive!)

    * Démarrer->Exécuter
    * Copie/colle ceci:
    %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

    * Clique sur ok, et valide.
    * Redémarre et essaye de nouveau de lancer SDFix.

    Aide : Comment faire démarrer son ordinateur en mode sans échec.

    Puis poste un nouveau rapport RSIT.
    8 Novembre 2008 16:37:53


    CA y est ca fonctionne
    Merci de ton aide et peux tu me dire si mon ordi est hors de cause maintenant.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:34:24, on 08/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\eMule\emule.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {24BA7355-E1E5-49B4-9F82-5C5A4EA19AF6} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {545AF2FA-5866-4761-9005-57A24DE7E954} - C:\WINDOWS\system32\qoMfgEXq.dll (file missing)
    O2 - BHO: (no name) - {5553a608-96a1-49eb-b37d-135947de8477} - C:\WINDOWS\system32\phmuhj.dll (file missing)
    O2 - BHO: (no name) - {93E27662-6576-4AC8-992F-942FCE6F98F8} - (no file)
    O2 - BHO: (no name) - {C7010EF9-85E1-4598-881C-270C28F56B48} - (no file)
    O2 - BHO: (no name) - {E9062724-2567-49AF-9E89-D40E8C18BCBF} - C:\WINDOWS\system32\iifefFXo.dll (file missing)
    O2 - BHO: (no name) - {FBFD382A-AC6E-4EB7-8944-F97D358B378D} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [NIS] "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\IXP000.TMP\NIS09EN.exe" /RELAUNCH /RUNONCE /NOPROMPT /PATH "C:\Program Files\Norton Internet Security\Norton Internet Security"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: karna.dat
    O20 - Winlogon Notify: hgGayawV - C:\WINDOWS\
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    --
    End of file - 5862 bytes
    8 Novembre 2008 16:39:10

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Compaq_Propriétaire at 2008-11-08 16:38:30
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 214 GB (92%) free of 232 GB
    Total RAM: 446 MB (16% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:38:32, on 08/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\eMule\emule.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\Compaq_Propriétaire.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {24BA7355-E1E5-49B4-9F82-5C5A4EA19AF6} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {545AF2FA-5866-4761-9005-57A24DE7E954} - C:\WINDOWS\system32\qoMfgEXq.dll (file missing)
    O2 - BHO: (no name) - {5553a608-96a1-49eb-b37d-135947de8477} - C:\WINDOWS\system32\phmuhj.dll (file missing)
    O2 - BHO: (no name) - {93E27662-6576-4AC8-992F-942FCE6F98F8} - (no file)
    O2 - BHO: (no name) - {C7010EF9-85E1-4598-881C-270C28F56B48} - (no file)
    O2 - BHO: (no name) - {E9062724-2567-49AF-9E89-D40E8C18BCBF} - C:\WINDOWS\system32\iifefFXo.dll (file missing)
    O2 - BHO: (no name) - {FBFD382A-AC6E-4EB7-8944-F97D358B378D} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [NIS] "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\IXP000.TMP\NIS09EN.exe" /RELAUNCH /RUNONCE /NOPROMPT /PATH "C:\Program Files\Norton Internet Security\Norton Internet Security"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: karna.dat
    O20 - Winlogon Notify: hgGayawV - C:\WINDOWS\
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    --
    End of file - 5934 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Connexion facile à Internet.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24BA7355-E1E5-49B4-9F82-5C5A4EA19AF6}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{545AF2FA-5866-4761-9005-57A24DE7E954}]
    C:\WINDOWS\system32\qoMfgEXq.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5553a608-96a1-49eb-b37d-135947de8477}]
    C:\WINDOWS\system32\phmuhj.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93E27662-6576-4AC8-992F-942FCE6F98F8}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7010EF9-85E1-4598-881C-270C28F56B48}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9062724-2567-49AF-9E89-D40E8C18BCBF}]
    C:\WINDOWS\system32\iifefFXo.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBFD382A-AC6E-4EB7-8944-F97D358B378D}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2436160]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
    "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-14 344064]
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
    "KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
    "NIS"=C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\IXP000.TMP\NIS09EN.exe /RELAUNCH /RUNONCE /NOPROMPT /PATH C:\Program Files\Norton Internet Security\Norton Internet Security []
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2005-12-10 180269]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-10-24 171448]
    "brastk"=C:\WINDOWS\system32\brastk.exe []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="karna.dat"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2005-08-14 46080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGayawV]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    C:\WINDOWS\system32\iifefFXo

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "ForceClassicControlPanel"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{070b7616-a1ea-11dd-88d4-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


    ======List of files/folders created in the last 1 months======

    2008-11-08 15:52:14 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\dvdcss
    2008-11-08 14:33:06 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\vlc
    2008-11-07 10:18:07 ----D---- C:\Program Files\eMule
    2008-11-07 07:11:58 ----D---- C:\Program Files\AviSynth 2.5
    2008-11-07 07:11:29 ----D---- C:\Program Files\eRightSoft
    2008-11-07 06:48:54 ----D---- C:\Program Files\VideoLAN
    2008-11-06 07:15:54 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
    2008-11-06 07:15:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-11-06 07:15:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-05 20:07:08 ----A---- C:\WINDOWS\system32\kcapdd.dll
    2008-11-05 20:07:07 ----A---- C:\WINDOWS\system32\jtpytalp.dll
    2008-11-03 21:13:04 ----SH---- C:\WINDOWS\system32\komprwub.ini
    2008-11-03 20:57:53 ----D---- C:\_OTMoveIt
    2008-11-02 15:07:33 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-11-02 12:32:05 ----D---- C:\rsit
    2008-11-01 22:29:59 ----D---- C:\Program Files\Lavasoft
    2008-11-01 22:29:48 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-11-01 21:17:55 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-11-01 20:16:44 ----A---- C:\HijackThis.exe
    2008-11-01 19:54:12 ----D---- C:\Program Files\Trend Micro
    2008-11-01 18:52:44 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-11-01 18:52:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-01 18:18:14 ----D---- C:\Program Files\AxBx
    2008-11-01 17:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
    2008-11-01 17:12:09 ----D---- C:\Program Files\NortonInstaller
    2008-11-01 17:12:09 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    2008-11-01 17:01:08 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\AVGTOOLBAR
    2008-11-01 17:00:58 ----D---- C:\Program Files\AVG
    2008-11-01 17:00:58 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2008-10-27 20:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2008-10-27 08:00:20 ----D---- C:\WINDOWS\Prefetch
    2008-10-26 19:11:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-10-26 19:11:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-26 19:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-10-26 19:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-26 19:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-26 19:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-10-26 19:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-10-26 19:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-10-26 19:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-10-26 19:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-10-26 19:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-10-26 19:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-10-26 19:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-10-26 19:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-10-26 19:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-10-26 19:04:56 ----D---- C:\WINDOWS\l2schemas
    2008-10-26 19:04:55 ----D---- C:\WINDOWS\system32\fr
    2008-10-26 19:04:55 ----D---- C:\WINDOWS\system32\bits
    2008-10-26 19:02:24 ----D---- C:\WINDOWS\ServicePackFiles
    2008-10-26 18:55:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2008-10-26 18:55:15 ----D---- C:\WINDOWS\EHome
    2008-10-25 19:53:04 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-10-25 19:52:53 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
    2008-10-25 19:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
    2008-10-25 19:39:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-10-25 19:35:10 ----D---- C:\Program Files\Windows Live
    2008-10-25 19:29:25 ----D---- C:\temp
    2008-10-25 19:23:17 ----A---- C:\WINDOWS\system32\muweb.dll
    2008-10-25 19:23:17 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
    2008-10-25 19:23:16 ----A---- C:\WINDOWS\system32\mucltui.dll
    2008-10-24 19:59:41 ----A---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\QuickZip45.ini
    2008-10-24 19:59:34 ----D---- C:\Program Files\QuickZip4
    2008-10-24 19:54:34 ----A---- C:\WINDOWS\system32\chsbrkr.dll
    2008-10-24 19:54:33 ----A---- C:\WINDOWS\system32\korwbrkr.dll
    2008-10-24 19:54:33 ----A---- C:\WINDOWS\system32\chtbrkr.dll
    2008-10-24 19:54:31 ----A---- C:\WINDOWS\system32\msir3jp.dll
    2008-10-24 19:54:23 ----A---- C:\WINDOWS\system32\kbd101a.dll
    2008-10-24 19:54:23 ----A---- C:\WINDOWS\system32\c_g18030.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdnec95.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
    2008-10-24 19:54:15 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\kbdibm02.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\kbdax2.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\kbd106n.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\kbd101.dll
    2008-10-24 19:54:14 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
    2008-10-24 19:53:58 ----A---- C:\WINDOWS\system32\c_is2022.dll
    2008-10-24 19:53:56 ----A---- C:\WINDOWS\system32\uniime.dll
    2008-10-24 19:53:49 ----A---- C:\WINDOWS\system32\imjp81k.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbdkor.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbdjpn.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbd106.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbd103.dll
    2008-10-24 19:53:45 ----A---- C:\WINDOWS\system32\kbd101c.dll
    2008-10-24 19:53:41 ----A---- C:\WINDOWS\system32\kbd101b.dll
    2008-10-24 19:37:18 ----D---- C:\WINDOWS\system32\fr-fr
    2008-10-24 19:35:18 ----A---- C:\WINDOWS\system32\xmllite.dll
    2008-10-24 19:27:37 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-10-24 18:09:43 ----D---- C:\WINDOWS\I386
    2008-10-24 18:05:47 ----RSD---- C:\WINDOWS\assembly
    2008-10-24 17:44:55 ----ASH---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\desktop.ini
    2008-10-24 17:44:54 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Real
    2008-10-24 17:44:54 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft
    2008-10-24 17:44:54 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Identities
    2008-10-24 17:40:53 ----D---- C:\WINDOWS\system32\SoftwareDistribution
    2008-10-24 17:24:55 ----N---- C:\WINDOWS\system32\tzchange.exe
    2008-10-24 17:23:53 ----N---- C:\WINDOWS\system32\verclsid.exe
    2008-10-24 17:23:34 ----N---- C:\WINDOWS\system32\xpsp3res.dll
    2008-10-24 17:22:18 ----RSHD---- C:\cmdcons
    2008-10-24 17:22:00 ----D---- C:\WINDOWS\setupupd
    2008-10-24 17:09:42 ----D---- C:\WINDOWS\system32\PreInstall
    2008-10-24 17:08:15 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
    2008-10-24 16:49:57 ----D---- C:\Program Files\Sun
    2008-10-24 16:49:46 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-10-24 16:49:46 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-10-24 16:49:46 ----A---- C:\WINDOWS\system32\java.exe
    2008-10-24 16:46:21 ----A---- C:\WINDOWS\system32\wmpns.dll
    2008-10-24 11:36:01 ----D---- C:\Program Files\uTorrent
    2008-10-24 11:35:53 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\uTorrent
    2008-10-24 11:34:16 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-10-24 11:33:53 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-10-24 11:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
    2008-10-24 11:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
    2008-10-24 11:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
    2008-10-24 11:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
    2008-10-24 11:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
    2008-10-24 11:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-24 11:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
    2008-10-24 11:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
    2008-10-24 11:23:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
    2008-10-24 11:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-10-24 11:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
    2008-10-24 11:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
    2008-10-24 11:23:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
    2008-10-24 11:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
    2008-10-24 11:23:22 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
    2008-10-24 11:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
    2008-10-24 11:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
    2008-10-24 11:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
    2008-10-24 11:22:50 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
    2008-10-24 11:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
    2008-10-24 11:22:42 ----D---- C:\Program Files\MSXML 4.0
    2008-10-24 11:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
    2008-10-24 11:22:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
    2008-10-24 11:22:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
    2008-10-24 11:20:56 ----D---- C:\WINDOWS\ie7updates
    2008-10-24 11:20:15 ----D---- C:\WINDOWS\WBEM
    2008-10-24 11:19:18 ----HDC---- C:\WINDOWS\ie7
    2008-10-24 11:19:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    2008-10-24 11:18:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    2008-10-24 11:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
    2008-10-24 11:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
    2008-10-24 11:17:06 ----D---- C:\WINDOWS\network diagnostic
    2008-10-24 11:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
    2008-10-24 11:16:56 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
    2008-10-24 11:14:58 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Adobe
    2008-10-24 11:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
    2008-10-24 11:13:43 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
    2008-10-24 11:13:36 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
    2008-10-24 11:13:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
    2008-10-24 11:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
    2008-10-24 11:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2008-10-24 11:12:53 ----D---- C:\Program Files\Microsoft Visual Studio 8
    2008-10-24 11:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
    2008-10-24 11:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB943460_0$
    2008-10-24 11:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
    2008-10-24 11:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
    2008-10-24 11:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
    2008-10-24 11:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
    2008-10-24 11:10:44 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Google
    2008-10-24 11:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
    2008-10-24 11:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
    2008-10-24 11:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
    2008-10-24 11:09:42 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
    2008-10-24 11:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
    2008-10-24 11:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
    2008-10-24 11:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
    2008-10-24 11:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
    2008-10-24 11:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
    2008-10-24 11:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
    2008-10-24 11:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
    2008-10-24 11:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
    2008-10-24 11:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
    2008-10-24 11:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
    2008-10-24 11:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
    2008-10-24 11:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
    2008-10-24 11:06:56 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
    2008-10-24 11:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
    2008-10-24 11:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
    2008-10-24 11:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
    2008-10-24 11:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
    2008-10-24 11:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
    2008-10-24 11:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
    2008-10-24 11:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
    2008-10-24 11:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
    2008-10-24 11:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
    2008-10-24 11:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
    2008-10-24 11:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
    2008-10-24 11:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
    2008-10-24 11:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
    2008-10-24 11:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
    2008-10-24 11:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
    2008-10-24 11:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
    2008-10-24 11:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
    2008-10-24 11:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
    2008-10-24 11:04:16 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
    2008-10-24 11:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
    2008-10-24 11:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
    2008-10-24 11:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
    2008-10-24 11:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
    2008-10-24 11:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
    2008-10-24 11:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
    2008-10-24 11:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
    2008-10-24 11:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
    2008-10-24 11:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
    2008-10-24 11:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
    2008-10-24 11:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
    2008-10-24 11:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
    2008-10-24 11:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
    2008-10-24 11:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
    2008-10-24 11:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
    2008-10-24 11:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
    2008-10-24 11:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
    2008-10-24 11:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
    2008-10-24 11:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
    2008-10-24 10:55:30 ----D---- C:\Program Files\MSBuild
    2008-10-24 10:54:47 ----D---- C:\Program Files\Microsoft Visual Studio
    2008-10-24 10:54:46 ----D---- C:\Program Files\Fichiers communs\DESIGNER
    2008-10-24 10:53:38 ----D---- C:\Program Files\Microsoft.NET
    2008-10-24 10:51:32 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2008-10-24 10:48:28 ----D---- C:\WINDOWS\SHELLNEW
    2008-10-24 10:47:36 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-24 10:46:59 ----RHD---- C:\MSOCache
    2008-10-24 10:46:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2008-10-24 10:46:32 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Macromedia
    2008-10-24 10:43:17 ----RASH---- C:\BOOT.BAK
    2008-10-24 10:43:11 ----D---- C:\WINDOWS\setup.pss
    2008-10-24 10:43:11 ----A---- C:\WINDOWS\UPGRADE.TXT
    2008-10-24 10:38:57 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2008-10-24 10:38:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
    2008-10-24 10:34:28 ----SHD---- C:\RECYCLER
    2008-10-24 10:25:25 ----SHD---- C:\System Volume Information

    ======List of files/folders modified in the last 1 months======

    2008-11-08 15:56:35 ----D---- C:\Documents and Settings
    2008-11-08 13:51:42 ----D---- C:\WINDOWS\Temp
    2008-11-08 13:50:18 ----D---- C:\WINDOWS\system32\config
    2008-11-08 13:50:13 ----D---- C:\WINDOWS\system32\wbem
    2008-11-08 13:50:13 ----D---- C:\WINDOWS\Registration
    2008-11-08 13:50:02 ----D---- C:\WINDOWS\system32\drivers
    2008-11-08 13:50:02 ----D---- C:\WINDOWS\system32\dllcache
    2008-11-08 13:50:01 ----D---- C:\WINDOWS
    2008-11-08 13:49:58 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-11-08 13:49:48 ----D---- C:\WINDOWS\system32\Restore
    2008-11-08 09:44:46 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-11-07 10:18:07 ----D---- C:\Program Files
    2008-11-07 07:11:59 ----D---- C:\WINDOWS\system32
    2008-11-06 06:56:05 ----D---- C:\Program Files\Fichiers communs
    2008-11-04 18:15:31 ----HD---- C:\WINDOWS\inf
    2008-11-01 22:33:16 ----SHD---- C:\WINDOWS\Installer
    2008-11-01 17:38:13 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
    2008-11-01 17:13:54 ----D---- C:\WINDOWS\Tasks
    2008-11-01 17:00:43 ----D---- C:\WINDOWS\WinSxS
    2008-10-30 19:02:46 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-10-27 19:51:13 ----HD---- C:\WINDOWS\$hf_mig$
    2008-10-27 08:02:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-10-27 08:00:48 ----A---- C:\WINDOWS\OEWABLog.txt
    2008-10-27 08:00:15 ----A---- C:\WINDOWS\setuplog.txt
    2008-10-27 07:59:30 ----D---- C:\WINDOWS\system32\Setup
    2008-10-27 07:59:30 ----D---- C:\WINDOWS\AppPatch
    2008-10-27 07:59:29 ----RSD---- C:\WINDOWS\Fonts
    2008-10-26 20:42:10 ----D---- C:\WINDOWS\security
    2008-10-26 19:13:38 ----D---- C:\WINDOWS\system32\CatRoot
    2008-10-26 19:11:52 ----A---- C:\WINDOWS\imsins.BAK
    2008-10-26 19:09:30 ----D---- C:\Program Files\Messenger
    2008-10-26 19:05:14 ----D---- C:\WINDOWS\ime
    2008-10-26 19:05:13 ----D---- C:\WINDOWS\Help
    2008-10-26 19:04:57 ----D---- C:\WINDOWS\system32\usmt
    2008-10-26 19:04:55 ----D---- C:\WINDOWS\PeerNet
    2008-10-26 19:04:54 ----D---- C:\Program Files\Movie Maker
    2008-10-26 19:02:18 ----D---- C:\WINDOWS\system32\npp
    2008-10-26 19:02:16 ----D---- C:\WINDOWS\msagent
    2008-10-26 19:02:15 ----D---- C:\WINDOWS\srchasst
    2008-10-26 19:02:12 ----D---- C:\Program Files\NetMeeting
    2008-10-26 19:02:11 ----D---- C:\WINDOWS\system32\Com
    2008-10-26 19:02:08 ----D---- C:\Program Files\Windows NT
    2008-10-26 19:02:08 ----D---- C:\Program Files\Windows Media Player
    2008-10-26 19:02:08 ----D---- C:\Program Files\Outlook Express
    2008-10-26 19:02:04 ----D---- C:\Program Files\Fichiers communs\System
    2008-10-26 19:01:43 ----D---- C:\WINDOWS\system32\oobe
    2008-10-26 19:01:41 ----D---- C:\WINDOWS\system
    2008-10-26 18:58:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2008-10-26 18:43:16 ----HD---- C:\hp
    2008-10-25 19:21:26 ----D---- C:\Program Files\Internet Explorer
    2008-10-25 01:31:10 ----D---- C:\Program Files\Fichiers communs\Services
    2008-10-25 01:31:06 ----D---- C:\WINDOWS\system32\ras
    2008-10-25 01:31:01 ----D---- C:\WINDOWS\system32\icsxml
    2008-10-25 01:31:01 ----D---- C:\WINDOWS\system32\ias
    2008-10-25 01:30:41 ----RD---- C:\WINDOWS\Web
    2008-10-25 01:30:41 ----D---- C:\WINDOWS\Media
    2008-10-25 01:30:41 ----D---- C:\WINDOWS\addins
    2008-10-25 01:30:33 ----D---- C:\WINDOWS\Cursors
    2008-10-25 01:30:27 ----AHDC---- C:\WINDOWS\$NtUninstallKB902400$
    2008-10-25 01:30:26 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
    2008-10-24 19:49:06 ----D---- C:\WINDOWS\Downloaded Program Files
    2008-10-24 19:47:50 ----D---- C:\WINDOWS\Debug
    2008-10-24 19:02:17 ----D---- C:\Program Files\MSN
    2008-10-24 17:41:16 ----D---- C:\WINDOWS\SoftwareDistribution
    2008-10-24 17:39:30 ----A---- C:\WINDOWS\system.ini
    2008-10-24 17:22:33 ----RASH---- C:\boot.ini
    2008-10-24 17:21:03 ----D---- C:\Program Files\Google
    2008-10-24 16:49:45 ----D---- C:\Program Files\Java
    2008-10-24 16:46:17 ----AD---- C:\WINDOWS\system32\pcintro
    2008-10-15 17:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-14 1313792]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-01 611664]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-14 376832]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-24 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

    -----------------EOF-----------------
    9 Novembre 2008 12:06:30

    Hello,

    Non, hélas, ce n'est pas fini.

    Tu n'as pas utilisé SDFix ? Si tu renommes ComboFix, il ne marche toujours pas ?

    ------------------

    Je vais te proposer un marché, visiblement, on a pas le choix.

    As-tu un autre ordinateur chez toi ?

    Il faudrait que tu reste tout le temps en mode sans échec, jusqu'à que nous ayons terminé, car l'infection revient entre chaque Fix ... :( 

    Est-ce dans tes possibilités ?
    9 Novembre 2008 12:43:28

    Bonjour,

    bisounours9,

    Essaie la procédure suivant :

    Fais un clic droit sur ComboFix (de sUBs) et choisis Enregistrer la cible (du lien) sous.

  • Choisis le Bureau, insère un trait d'union entre Combo et Fix de telle manière à obtenir Combo-Fix.exe, puis choisis Enregistrer.
  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Merci de visiter ce lien pour savoir comment installer et exécuter ComboFix :

    http://www.bleepingcomputer.com/combofix/fr/comment-uti...

    Cela inclut l'installation de la console de récupération windows si jamais elle n'est pas déjà été installée sur le PC. Il est vivement recommandé d'installer la console de récupération windows, car elle permet d'avoir accès à un très grand nombre de fonctionnalités dans le cas où le PC ne redémarrerait plus. C'est une sécurité supplémentaire en quelque sorte.

    N.B : Pour les utilisateurs du SP3, veuillez télécharger la version de la console de récupération pour le SP2.

    Une fois la console de récupération installée, vous aurez le choix au démarrage entre votre windows habituel et la console de récupération. Lancez votre windows habituel, puisque nous n'avons pas besoin d'utiliser la console de récupération, qui ne sert qu'en cas de problèmes. Par défaut, votre OS est sélectionné et il se lance automatiquement au bout de deux secondes. C'est normal :) 

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS