Se connecter / S'enregistrer
Votre question

pubs intempestives firefox... j'ai tout essayé...

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Septembre 2008 00:51:13

Pour commencer, bonjour tout le monde!
Je me suis deja baladé sur le forum pour essayer de trouver une reponse a mon probleme, et j'avoue qu'apres quelques essais et recherches infructueuses, je me tourne vers vous pour me tirer de ce mauvais pas...
Quand je surfe sur le net avec firefox, des fenetres de pub s'ouvrent n'importe quand, mais pas le genre popup, le genre qui viendrait de virus plutot!
Alors j'ai un rapport hijackthis que voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:44:43, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\Explorer.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Windows Sidebar\sidebar.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
I:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
I:\Program Files\Winamp Remote\bin\OrbTray.exe
I:\Program Files\WinTV\Ir.exe
I:\Program Files\Windows Sidebar\sidebar.exe
I:\Program Files\Winamp Remote\bin\Orb.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\lsass.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Documents and Settings\Administrateur\Bureau\PimpStreamerDLNA12.exe
I:\WINDOWS\system32\lsass.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {ba9d8fa7-d729-b22b-5a64-94cfca5228d0} - {0d8225ac-fc49-46a5-b22b-927d7af8d9ab} - I:\WINDOWS\system32\vxlqhu.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - I:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [StartCCC] I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [rs32net] I:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [00170de9] rundll32.exe "I:\WINDOWS\system32\kwjgljli.dll",b
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] I:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [UberIcon] "I:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] I:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Orb] "I:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: AutoStart IR.lnk = I:\Program Files\WinTV\Ir.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: vxlqhu.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O20 - Winlogon Notify: ywpidpq - I:\WINDOWS\SYSTEM32\ywpidpq.dll
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPGService - Hauppauge Computer Works - I:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

--
End of file - 8466 bytes

J'en ai aussi profité pour faire un navilog, en mode normal et sans echec, et voila le resultat:

Search Navipromo version 3.6.6 commencé le 29/09/2008 à 23:27:52,07

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis I:\Program Files\navilog1
Session actuelle : "Administrateur"

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "I:\WINDOWS" ***


*** Recherche dossiers dans "I:\Program Files" ***


*** Recherche dossiers dans "I:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "I:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "i:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "I:\Documents and Settings\Administrateur\applic~1" ***


*** Recherche dossiers dans "I:\DOCUME~1\Parents\applic~1" ***


*** Recherche dossiers dans "I:\Documents and Settings\Administrateur\locals~1\applic~1" ***


*** Recherche dossiers dans "I:\DOCUME~1\Parents\locals~1\applic~1" ***


*** Recherche dossiers dans "I:\Documents and Settings\Administrateur\menudm~1\progra~1" ***


*** Recherche dossiers dans "I:\DOCUME~1\Parents\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "I:\WINDOWS\system32" *

* Recherche dans "I:\Documents and Settings\Administrateur\locals~1\applic~1" *

* Recherche dans "I:\DOCUME~1\Parents\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "I:\WINDOWS\system32" :


* Dans "I:\Documents and Settings\Administrateur\locals~1\applic~1" :


* Dans "I:\DOCUME~1\Parents\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 29/09/2008 à 23:29:52,29 ***

J'ai egalement passé la moulinette LOP S&D, et voila le resultat...


--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ )
BIOS : Default System BIOS
USER : Administrateur ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total : 102 Go Free : 26 Go
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total : 19 Go Free : 2 Go
F:\ (Local Disk) - NTFS - Total : 14 Go Free : 9 Go
G:\ (CD or DVD)
H:\ (Local Disk) - NTFS - Total : 39 Go Free : 9 Go
I:\ (Local Disk) - NTFS - Total : 465 Go Free : 401 Go
J:\ (Local Disk) - NTFS - Total : 78 Go Free : 9 Go
K:\ (Local Disk) - NTFS - Total : 108 Go Free : 49 Go
L:\ (USB)
M:\ (USB)
N:\ (USB)
O:\ (USB)
P:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go

"I:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [2] ( 30/09/2008| 0:37 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[29/09/2008|19:12] I:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[29/09/2008|14:45] I:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
[29/09/2008|20:03] I:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[27/09/2008|22:31] I:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[29/09/2008|17:55] I:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
[27/09/2008|22:13] I:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[28/09/2008|02:10] I:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[29/09/2008|17:55] I:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[29/09/2008|19:36] I:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[28/09/2008|23:36] I:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[29/09/2008|17:54] I:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[28/09/2008|00:36] I:\DOCUME~1\ADMINI~1\APPLIC~1\Styler
[30/09/2008|00:26] I:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
[28/09/2008|02:35] I:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
[29/09/2008|19:52] I:\DOCUME~1\ADMINI~1\APPLIC~1\Winamp

[29/09/2008|20:02] I:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[29/09/2008|18:05] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[29/09/2008|14:44] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[29/09/2008|20:01] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[29/09/2008|20:02] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[28/09/2008|01:13] I:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[29/09/2008|13:28] I:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[28/09/2008|23:26] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[29/09/2008|20:06] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[29/09/2008|20:08] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[29/09/2008|14:40] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[29/09/2008|23:01] I:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[29/09/2008|17:54] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[28/09/2008|13:52] I:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[28/09/2008|13:07] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[23/08/2005|23:36] I:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[27/09/2008|22:12] I:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[27/09/2008|20:25] I:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\ATI
[29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Axialis
[29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Identities
[29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Macromedia
[29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Microsoft
[29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Mozilla
[29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Nokia
[29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\PC Suite
[29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Teleca
[29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\TuneUp Software

--------------------\\ Tâches planifiées dans I:\WINDOWS\tasks

[29/09/2008 20:01][--a------] I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[30/09/2008 00:35][--ah-----] I:\WINDOWS\tasks\SA.DAT
[28/08/2001 14:00][-r-h-----] I:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans I:\Program Files

[29/09/2008|17:56] I:\Program Files\AC3Filter
[14/06/2006|18:46] I:\Program Files\Ad-Aware
[29/09/2008|18:04] I:\Program Files\Adobe
[29/09/2008|17:41] I:\Program Files\Alcohol Soft
[29/09/2008|20:01] I:\Program Files\Apple Software Update
[28/09/2008|01:12] I:\Program Files\ATI Technologies
[29/09/2008|17:51] I:\Program Files\AviSynth 2.5
[29/09/2008|20:02] I:\Program Files\Bonjour
[28/09/2008|05:10] I:\Program Files\CCleaner
[14/06/2006|18:46] I:\Program Files\Compare It!
[27/09/2008|20:16] I:\Program Files\ComPlus Applications
[27/09/2008|22:28] I:\Program Files\DIFX
[29/09/2008|17:52] I:\Program Files\DivX
[24/10/2006|07:44] I:\Program Files\Everest
[29/09/2008|20:06] I:\Program Files\Fichiers communs
[29/09/2008|17:54] I:\Program Files\Haali
[14/06/2006|18:46] I:\Program Files\IE Privacy Keeper
[29/09/2008|17:57] I:\Program Files\InstallShield Installation Information
[28/09/2008|14:03] I:\Program Files\Internet Explorer
[29/09/2008|20:02] I:\Program Files\iPod
[29/09/2008|20:02] I:\Program Files\iTunes
[28/09/2008|14:01] I:\Program Files\Messenger Plus! Live
[29/09/2008|20:06] I:\Program Files\Microsoft Office
[29/09/2008|20:06] I:\Program Files\Microsoft Visual Studio
[29/09/2008|19:12] I:\Program Files\Microsoft Visual Studio 8
[29/09/2008|20:06] I:\Program Files\Microsoft Works
[29/09/2008|20:06] I:\Program Files\Microsoft.NET
[29/09/2008|17:51] I:\Program Files\MKVtoolnix
[27/09/2008|23:59] I:\Program Files\Movie Maker
[28/09/2008|04:24] I:\Program Files\MozBackup
[30/09/2008|00:37] I:\Program Files\Mozilla Firefox
[29/09/2008|20:06] I:\Program Files\MSBuild
[29/09/2008|23:39] I:\Program Files\Navilog1
[29/09/2008|14:40] I:\Program Files\Nero
[29/09/2008|17:55] I:\Program Files\On2 Technologies
[28/09/2008|00:00] I:\Program Files\Outlook Express
[29/09/2008|17:51] I:\Program Files\Pack PSP - Ri4m
[29/09/2008|17:56] I:\Program Files\PiMPWare
[29/09/2008|17:51] I:\Program Files\Producer
[29/09/2008|20:02] I:\Program Files\QuickTime Alternative
[29/09/2008|17:54] I:\Program Files\Real Alternative
[28/09/2008|02:45] I:\Program Files\Realtek
[29/09/2008|17:52] I:\Program Files\Ripp-It Codec Pack
[29/09/2008|17:51] I:\Program Files\Ripp-it_AM
[28/09/2008|13:49] I:\Program Files\Runtime Software
[28/09/2008|00:36] I:\Program Files\Styler
[29/09/2008|22:10] I:\Program Files\Trend Micro
[05/07/2006|03:20] I:\Program Files\TweakRAM
[14/06/2006|18:46] I:\Program Files\UberIcon
[27/09/2008|20:15] I:\Program Files\Uninstall Information
[29/09/2008|19:54] I:\Program Files\uTorrent
[28/09/2008|02:34] I:\Program Files\VideoLAN
[29/09/2008|19:52] I:\Program Files\Winamp
[29/09/2008|23:01] I:\Program Files\Winamp Remote
[10/01/2007|22:21] I:\Program Files\Windows Defender
[28/09/2008|13:54] I:\Program Files\Windows Live
[28/09/2008|00:00] I:\Program Files\Windows Media Player
[10/01/2007|22:20] I:\Program Files\Windows Sidebar
[27/09/2008|20:18] I:\Program Files\WindowsUpdate
[29/09/2008|17:44] I:\Program Files\Winrar
[30/09/2008|00:36] I:\Program Files\WinTV
[29/09/2008|17:54] I:\Program Files\Xvid
[28/09/2008|05:10] I:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans I:\Program Files\Fichiers communs

[29/09/2008|18:04] I:\Program Files\Fichiers communs\Adobe
[29/09/2008|14:42] I:\Program Files\Fichiers communs\Ahead
[29/09/2008|20:01] I:\Program Files\Fichiers communs\Apple
[27/09/2008|22:22] I:\Program Files\Fichiers communs\ATI Technologies
[29/09/2008|20:06] I:\Program Files\Fichiers communs\DESIGNER
[28/09/2008|01:08] I:\Program Files\Fichiers communs\InstallShield
[28/09/2008|23:19] I:\Program Files\Fichiers communs\IviSDK
[29/09/2008|13:20] I:\Program Files\Fichiers communs\LightScribe
[29/09/2008|20:06] I:\Program Files\Fichiers communs\Microsoft Shared
[27/09/2008|20:17] I:\Program Files\Fichiers communs\MSSoap
[27/09/2008|22:02] I:\Program Files\Fichiers communs\ODBC
[28/09/2008|00:00] I:\Program Files\Fichiers communs\Services
[29/09/2008|19:12] I:\Program Files\Fichiers communs\System
[28/09/2008|13:54] I:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 47 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 00:41:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
I:\WINDOWS\System32\drivers\str.sys 49183 bytes
I:\WINDOWS\System32\drivers\xrjbpnrcxxgs.sys 30976 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Epocware.Handy.Blacklist.v2.0.S60v3.SymbianOS9.incl.Keygen-HSpda.rar
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Mobisystems Office Suite 4.50 s60v3 include keygen-BiNPDA
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Mobisystems Office Suite 4.50 s60v3 include keygen-BiNPDA.zip
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Resco Photo Viewer v4.43 S60v3 SymbianOS9.1 Incl Keygen-HSpda.rar
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Zensis PhotoRite SP v6.13 S60v3 SymbianOS9.1 Incl. Keygen Patch-BiNPDA.rar
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Mobisystems Office Suite 4.50 s60v3 include keygen-BiNPDA\MobiSystems_OfficeSuite_4.50
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Mobisystems Office Suite 4.50 s60v3 include keygen-BiNPDA\MobiSystems_OfficeSuite_4.50\keygen.exe
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Mobisystems Office Suite 4.50 s60v3 include keygen-BiNPDA\MobiSystems_OfficeSuite_4.50\OfficeSuite_S60_3_0_v_4_50_0_signed.sis
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\January\0113-0115\0115\Garmin Fodor's Travel Guide North America with KeyGen.zip
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\January\0116-0119\0118\Killer Mobile Total Recall v 2.0.1[Updated] S60v3 SymbianOS incl Keygen- BiNPDA.zip
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\January\0120-0122\0122\Rock.Your.Mobile.AppMan.v1.04.S60.SymbianOS8.1.keygen.TeamPV.zip
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\January\0125-0126\0125\Lonely.Cat.Games.X-plore.v1.21.S60v3.SymbianOS9.1.Keygen-[wl]-intro.zip
I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\N-gage Games (sis)\Asphalt 2 Crack.sis
I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)
I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)\Garmin MapSource City Navigator Europe NT v9.torrent
I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)\GarminMobileXTforSymbianS60_41020 - install third.exe
I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)\GarminMobileXTFreeBasemap_4xxxx - install second.exe
I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)\GarminMobileXTSupportFiles_4xxxx - install first.exe
I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)\garmin_kgen.exe
I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)\guide.txt
I:\DOCUME~1\ADMINI~1\Mes documents\logiciel divers de michel\Acronis Trueimage 8\Acronis Trueimage 8 Fr & Keygen(Ror).rar


[F:34][D:2]-> I:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:7][D:0]-> I:\DOCUME~1\ADMINI~1\Cookies
[F:29][D:4]-> I:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "I:\Lop SD\LopR_1.txt" - 29/09/2008|18:13 - Option : [2]
2 - "I:\Lop SD\LopR_2.txt" - 29/09/2008|23:59 - Option : [1]
3 - "I:\Lop SD\LopR_3.txt" - 30/09/2008| 0:09 - Option : [2]
4 - "I:\Lop SD\LopR_4.txt" - 30/09/2008| 0:20 - Option : [3]
5 - "I:\Lop SD\LopR_5.txt" - 30/09/2008| 0:34 - Option : [2]
6 - "I:\Lop SD\LopR_6.txt" - 30/09/2008| 0:42 - Option : [2]

--------------------\\ Fin du rapport a 0:42:45

Voila voila, il me semble que les fichiers LOP S&D detectés sur mon disque I, ne sont pas normaux (fichiers sys), mais il m'est impossible de lancer une desinfection avec ce meme LOP, ni meme de les virer manuellement, ne les trouvant pas (meme dans les fichiers cachés...)

Et donc, apres tout ca, ca continue et les fenetres de pub s'ouvrent toujours, je ne sais plus quoi faire, et surtout ca devient partivulierement penible!!!!
Donc si quelqu'un pouvait m'eclairer un peu sur la marche a suivre pour virer ce virus (si c'est bien ca...), ca serait vraiment genial!

Merci a vous tous d'avance, et bon courage pour la lecture de mon post!

Autres pages sur : pubs intempestives firefox essaye

30 Septembre 2008 12:55:26

Bonjour,

Je vais m'occuper de toi. Merci de prendre en compte que je suis bénévole, que j'ai une vie privée et que j'aide plusieurs internautes à la fois, donc merci d'être patient. Cependant, je ne lâche jamais un internaute tant que son PC n'est pas propre ;) 

Tu es en effet bien infecté(e). Mais cela ne me surprend pas vu le nombre de cracks et de keygens que tu as. On va donc commencer par les enlever avant de désinfecter, sinon l'infection reviendra.

Télécharger OTMoveIt2 par OldTimer.

  • Enregistrer ce fichier sur le Bureau.
  • Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    [kill explorer]
    I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Epocware.Handy.Blacklist.v2.0.S60v3.SymbianOS9.incl.Keygen-HSpda.rar
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Mobisystems Office Suite 4.50 s60v3 include keygen-BiNPDA
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Mobisystems Office Suite 4.50 s60v3 include keygen-BiNPDA.zip
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Resco Photo Viewer v4.43 S60v3 SymbianOS9.1 Incl Keygen-HSpda.rar
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Zensis PhotoRite SP v6.13 S60v3 SymbianOS9.1 Incl. Keygen Patch-BiNPDA.rar
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Mobisystems Office Suite 4.50 s60v3 include keygen-BiNPDA\MobiSystems_OfficeSuite_4.50
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Mobisystems Office Suite 4.50 s60v3 include keygen-BiNPDA\MobiSystems_OfficeSuite_4.50\keygen.exe
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\App Pack 3\Mobisystems Office Suite 4.50 s60v3 include keygen-BiNPDA\MobiSystems_OfficeSuite_4.50\OfficeSuite_S60_3_0_v_4_50_0_signed.sis
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\January\0113-0115\0115\Garmin Fodor's Travel Guide North America with KeyGen.zip
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\January\0116-0119\0118\Killer Mobile Total Recall v 2.0.1[Updated] S60v3 SymbianOS incl Keygen- BiNPDA.zip
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\January\0120-0122\0122\Rock.Your.Mobile.AppMan.v1.04.S60.SymbianOS8.1.keygen.TeamPV.zip
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\January\0125-0126\0125\Lonely.Cat.Games.X-plore.v1.21.S60v3.SymbianOS9.1.Keygen-[wl]-intro.zip
    I:\DOCUME~1\ADMINI~1\Bureau\BUREAU\Nokia\N-gage Games (sis)\Asphalt 2 Crack.sis
    I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)
    I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)\Garmin MapSource City Navigator Europe NT v9.torrent
    I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)\GarminMobileXTforSymbianS60_41020 - install third.exe
    I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)\GarminMobileXTFreeBasemap_4xxxx - install second.exe
    I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)\GarminMobileXTSupportFiles_4xxxx - install first.exe
    I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)\garmin_kgen.exe
    I:\DOCUME~1\ADMINI~1\Bureau\garminXT( keygen)\garminXT( keygen)\guide.txt
    I:\DOCUME~1\ADMINI~1\Mes documents\logiciel divers de michel\Acronis Trueimage 8\Acronis Trueimage 8 Fr & Keygen(Ror).rar
    purity
    emptytemp
    [start explorer]

    N.B : Le bureeau va disparaître, c'est normal !
  • Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre jaune clair) puis choisir Coller.
  • Cliquer sur le bouton rouge Moveit!.
  • Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Fermer OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

    Et poste moi un nouveau rapport LopSD option 1 dans ta prochaine réponse.

    ;) 
    30 Septembre 2008 14:30:44

    Tout d'abord, merci de ta reponse, et merci de t'occuper de mon ordi qui, en ce moment n'est pas au top!!!
    En fait, j'ai du changer quelques elements, et jusque la tout se passait bien, mais l'installation du nouveau disque dur a un peu changé la donne...
    Bon, revenons a nos moutons... OTmoveIt a bien fait son travail et je te reposte le nouveau rapport LOP:


    --------------------\\ Lop S&D 4.2.4-4 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ )
    BIOS : Default System BIOS
    USER : Administrateur ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total : 102 Go Free : 26 Go
    D:\ (CD or DVD)
    E:\ (Local Disk) - NTFS - Total : 19 Go Free : 2 Go
    F:\ (Local Disk) - NTFS - Total : 14 Go Free : 9 Go
    G:\ (CD or DVD)
    H:\ (Local Disk) - NTFS - Total : 39 Go Free : 9 Go
    I:\ (Local Disk) - NTFS - Total : 465 Go Free : 400 Go
    J:\ (Local Disk) - NTFS - Total : 78 Go Free : 9 Go
    K:\ (Local Disk) - NTFS - Total : 108 Go Free : 49 Go
    L:\ (USB)
    M:\ (USB)
    N:\ (USB)
    O:\ (USB)
    P:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go

    "I:\Lop SD" ( MAJ : 19-09-2008|22:20 )
    Option : [1] ( 30/09/2008|14:26 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [29/09/2008|19:12] I:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [29/09/2008|14:45] I:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
    [29/09/2008|20:03] I:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    [27/09/2008|22:31] I:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
    [29/09/2008|17:55] I:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
    [27/09/2008|22:13] I:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [28/09/2008|02:10] I:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [29/09/2008|17:55] I:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
    [29/09/2008|19:36] I:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [28/09/2008|23:36] I:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
    [29/09/2008|17:54] I:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    [28/09/2008|00:36] I:\DOCUME~1\ADMINI~1\APPLIC~1\Styler
    [30/09/2008|14:21] I:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
    [28/09/2008|02:35] I:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
    [29/09/2008|19:52] I:\DOCUME~1\ADMINI~1\APPLIC~1\Winamp

    [29/09/2008|20:02] I:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [29/09/2008|18:05] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [29/09/2008|14:44] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [29/09/2008|20:01] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [29/09/2008|20:02] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [28/09/2008|01:13] I:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [29/09/2008|13:28] I:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
    [28/09/2008|23:26] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [29/09/2008|20:06] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [29/09/2008|20:08] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    [29/09/2008|14:40] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [29/09/2008|23:01] I:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
    [29/09/2008|17:54] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
    [28/09/2008|13:52] I:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [28/09/2008|13:07] I:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    [23/08/2005|23:36] I:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [27/09/2008|22:12] I:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [27/09/2008|20:25] I:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\ATI
    [29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Axialis
    [29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Identities
    [29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Macromedia
    [29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Microsoft
    [29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Mozilla
    [29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Nokia
    [29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\PC Suite
    [29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\Teleca
    [29/09/2008|17:11] I:\DOCUME~1\Parents\APPLIC~1\TuneUp Software

    --------------------\\ Tâches planifiées dans I:\WINDOWS\tasks

    [29/09/2008 20:01][--a------] I:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [30/09/2008 14:22][--ah-----] I:\WINDOWS\tasks\SA.DAT
    [28/08/2001 14:00][-r-h-----] I:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans I:\Program Files

    [29/09/2008|17:56] I:\Program Files\AC3Filter
    [14/06/2006|18:46] I:\Program Files\Ad-Aware
    [29/09/2008|18:04] I:\Program Files\Adobe
    [29/09/2008|17:41] I:\Program Files\Alcohol Soft
    [29/09/2008|20:01] I:\Program Files\Apple Software Update
    [28/09/2008|01:12] I:\Program Files\ATI Technologies
    [29/09/2008|17:51] I:\Program Files\AviSynth 2.5
    [29/09/2008|20:02] I:\Program Files\Bonjour
    [28/09/2008|05:10] I:\Program Files\CCleaner
    [14/06/2006|18:46] I:\Program Files\Compare It!
    [27/09/2008|20:16] I:\Program Files\ComPlus Applications
    [27/09/2008|22:28] I:\Program Files\DIFX
    [29/09/2008|17:52] I:\Program Files\DivX
    [24/10/2006|07:44] I:\Program Files\Everest
    [29/09/2008|20:06] I:\Program Files\Fichiers communs
    [29/09/2008|17:54] I:\Program Files\Haali
    [14/06/2006|18:46] I:\Program Files\IE Privacy Keeper
    [29/09/2008|17:57] I:\Program Files\InstallShield Installation Information
    [28/09/2008|14:03] I:\Program Files\Internet Explorer
    [29/09/2008|20:02] I:\Program Files\iPod
    [29/09/2008|20:02] I:\Program Files\iTunes
    [30/09/2008|03:46] I:\Program Files\Lopxp
    [28/09/2008|14:01] I:\Program Files\Messenger Plus! Live
    [29/09/2008|20:06] I:\Program Files\Microsoft Office
    [29/09/2008|20:06] I:\Program Files\Microsoft Visual Studio
    [29/09/2008|19:12] I:\Program Files\Microsoft Visual Studio 8
    [29/09/2008|20:06] I:\Program Files\Microsoft Works
    [29/09/2008|20:06] I:\Program Files\Microsoft.NET
    [29/09/2008|17:51] I:\Program Files\MKVtoolnix
    [27/09/2008|23:59] I:\Program Files\Movie Maker
    [28/09/2008|04:24] I:\Program Files\MozBackup
    [30/09/2008|14:23] I:\Program Files\Mozilla Firefox
    [29/09/2008|20:06] I:\Program Files\MSBuild
    [30/09/2008|00:46] I:\Program Files\Navilog1
    [29/09/2008|14:40] I:\Program Files\Nero
    [29/09/2008|17:55] I:\Program Files\On2 Technologies
    [28/09/2008|00:00] I:\Program Files\Outlook Express
    [29/09/2008|17:51] I:\Program Files\Pack PSP - Ri4m
    [29/09/2008|17:56] I:\Program Files\PiMPWare
    [29/09/2008|17:51] I:\Program Files\Producer
    [29/09/2008|20:02] I:\Program Files\QuickTime Alternative
    [29/09/2008|17:54] I:\Program Files\Real Alternative
    [28/09/2008|02:45] I:\Program Files\Realtek
    [29/09/2008|17:52] I:\Program Files\Ripp-It Codec Pack
    [29/09/2008|17:51] I:\Program Files\Ripp-it_AM
    [28/09/2008|13:49] I:\Program Files\Runtime Software
    [28/09/2008|00:36] I:\Program Files\Styler
    [29/09/2008|22:10] I:\Program Files\Trend Micro
    [05/07/2006|03:20] I:\Program Files\TweakRAM
    [14/06/2006|18:46] I:\Program Files\UberIcon
    [27/09/2008|20:15] I:\Program Files\Uninstall Information
    [29/09/2008|19:54] I:\Program Files\uTorrent
    [28/09/2008|02:34] I:\Program Files\VideoLAN
    [29/09/2008|19:52] I:\Program Files\Winamp
    [29/09/2008|23:01] I:\Program Files\Winamp Remote
    [10/01/2007|22:21] I:\Program Files\Windows Defender
    [28/09/2008|13:54] I:\Program Files\Windows Live
    [28/09/2008|00:00] I:\Program Files\Windows Media Player
    [10/01/2007|22:20] I:\Program Files\Windows Sidebar
    [27/09/2008|20:18] I:\Program Files\WindowsUpdate
    [29/09/2008|17:44] I:\Program Files\Winrar
    [30/09/2008|14:22] I:\Program Files\WinTV
    [29/09/2008|17:54] I:\Program Files\Xvid
    [28/09/2008|05:10] I:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans I:\Program Files\Fichiers communs

    [29/09/2008|18:04] I:\Program Files\Fichiers communs\Adobe
    [29/09/2008|14:42] I:\Program Files\Fichiers communs\Ahead
    [29/09/2008|20:01] I:\Program Files\Fichiers communs\Apple
    [27/09/2008|22:22] I:\Program Files\Fichiers communs\ATI Technologies
    [29/09/2008|20:06] I:\Program Files\Fichiers communs\DESIGNER
    [28/09/2008|01:08] I:\Program Files\Fichiers communs\InstallShield
    [28/09/2008|23:19] I:\Program Files\Fichiers communs\IviSDK
    [29/09/2008|13:20] I:\Program Files\Fichiers communs\LightScribe
    [29/09/2008|20:06] I:\Program Files\Fichiers communs\Microsoft Shared
    [27/09/2008|20:17] I:\Program Files\Fichiers communs\MSSoap
    [27/09/2008|22:02] I:\Program Files\Fichiers communs\ODBC
    [28/09/2008|00:00] I:\Program Files\Fichiers communs\Services
    [29/09/2008|19:12] I:\Program Files\Fichiers communs\System
    [28/09/2008|13:54] I:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 46 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-30 14:28:40
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    I:\WINDOWS\System32\drivers\str.sys 49183 bytes
    I:\WINDOWS\System32\drivers\xrjbpnrcxxgs.sys 30976 bytes executable
    scan completed successfully
    hidden processes: 0
    hidden files: 2

    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [F:32][D:4]-> I:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    [F:5][D:0]-> I:\DOCUME~1\ADMINI~1\Cookies
    [F:24][D:4]-> I:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "I:\Lop SD\LopR_1.txt" - 29/09/2008|18:13 - Option : [2]
    2 - "I:\Lop SD\LopR_2.txt" - 29/09/2008|23:59 - Option : [1]
    3 - "I:\Lop SD\LopR_3.txt" - 30/09/2008| 0:09 - Option : [2]
    4 - "I:\Lop SD\LopR_4.txt" - 30/09/2008| 0:20 - Option : [3]
    5 - "I:\Lop SD\LopR_5.txt" - 30/09/2008| 0:34 - Option : [2]
    6 - "I:\Lop SD\LopR_6.txt" - 30/09/2008| 0:42 - Option : [2]
    7 - "I:\Lop SD\LopR_7.txt" - 30/09/2008| 3:36 - Option : [2]
    8 - "I:\Lop SD\LopR_8.txt" - 30/09/2008|14:29 - Option : [1]

    --------------------\\ Fin du rapport a 14:29:49
    Contenus similaires
    30 Septembre 2008 14:50:08

    Re,

    1) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    2) Télécharge [#f0000e]random's system information tool (RSIT)
    par random/random et sauvegarde-le sur le Bureau.
  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  • Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.

    ;) 
    30 Septembre 2008 20:20:16

    Merci beaucoup pour la rapidité de tes reponses et pour tes conseils bien illustrés!
    Voila donc ce que donne tout ca!
    Rapport MBAM post traitement:

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1225
    Windows 5.1.2600 Service Pack 2

    30/09/2008 20:14:19
    mbam-log-2008-09-30 (20-14-19).txt

    Type de recherche: Examen complet (C:\|I:\|K:\|)
    Eléments examinés: 203753
    Temps écoulé: 56 minute(s), 28 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 16
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 13

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    I:\WINDOWS\system32\ywpidpq32.dll (Trojan.FakeAlert) -> Delete on reboot.
    I:\WINDOWS\system32\vxlqhu.dll (Trojan.Vundo) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d8225ac-fc49-46a5-b22b-927d7af8d9ab} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0d8225ac-fc49-46a5-b22b-927d7af8d9ab} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ywpidpq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati7glxx (Rootkit.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati7glxx (Rootkit.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati7glxx (Rootkit.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iujqwriyouc (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingdm32 (Dialer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\00170de9 (Trojan.Vundo) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    I:\WINDOWS\system32\vxlqhu.dll (Trojan.Vundo.H) -> Delete on reboot.
    I:\WINDOWS\system32\iqloknyh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    I:\WINDOWS\system32\hynkolqi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    I:\WINDOWS\system32\ywpidpq32.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    I:\WINDOWS\system32\kabnlffy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    I:\WINDOWS\system32\ozmgoe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    I:\WINDOWS\system32\ybntclec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    I:\WINDOWS\system32\ywpidpq.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    I:\WINDOWS\system32\drivers\ati7glxx.sys (Rootkit.Agent) -> Delete on reboot.
    I:\WINDOWS\system32\drivers\xrjbpnrcxxgs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    I:\WINDOWS\system32\wingdm32.dll (Dialer) -> Quarantined and deleted successfully.
    I:\WINDOWS\faceback.exe (Trojan.Agent) -> Quarantined and deleted successfully.




    rapports RSIT:

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Administrateur at 2008-09-30 20:17:22
    Microsoft Windows XP Professionnel Service Pack 2
    System drive I: has 408 GB (86%) free of 477 GB
    Total RAM: 3327 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:17:25, on 30/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\Ati2evxx.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\Ati2evxx.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\Explorer.EXE
    C:\Program Files\UberIcon\UberIcon Manager.exe
    I:\WINDOWS\RTHDCPL.EXE
    I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    I:\Program Files\iTunes\iTunesHelper.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Program Files\Windows Sidebar\sidebar.exe
    I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    I:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    I:\Program Files\Winamp Remote\bin\OrbTray.exe
    I:\Program Files\HDD Health\HDDHealth.exe
    I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    I:\Program Files\Windows Sidebar\sidebar.exe
    I:\Program Files\WinTV\Ir.exe
    I:\Program Files\Bonjour\mDNSResponder.exe
    I:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    I:\WINDOWS\System32\svchost.exe
    I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    I:\Program Files\Winamp Remote\bin\Orb.exe
    I:\Program Files\iPod\bin\iPodService.exe
    I:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    I:\Program Files\Mozilla Firefox\firefox.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\lsass.exe
    I:\Program Files\Mozilla Firefox\firefox.exe
    I:\Documents and Settings\Administrateur\Bureau\RSIT.exe
    I:\Program Files\Trend Micro\HijackThis\Administrateur.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - I:\Program Files\Styler\TB\StylerTB.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [StartCCC] I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sidebar] I:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [UberIcon] "I:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] I:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Orb] "I:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [HDDHealth] I:\Program Files\HDD Health\HDDHealth.exe -wl
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: AutoStart IR.lnk = I:\Program Files\WinTV\Ir.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O20 - AppInit_DLLs: vxlqhu.dll
    O20 - Winlogon Notify: ywpidpq - I:\WINDOWS\SYSTEM32\ywpidpq32.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPGService - Hauppauge Computer Works - I:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 8070 bytes

    ======Scheduled tasks folder======

    I:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    Yahoo! Toolbar Helper - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    SaveLinksOrder
    Locked
    {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - I:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
    {0124123D-61B4-456f-AF86-78C53A0790C5}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2005-10-10 180224]
    "StartCCC"=I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    "RTHDCPL"=I:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
    "Alcmtr"=I:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "NeroFilterCheck"=I:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
    "Adobe Reader Speed Launcher"=I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "QuickTime Task"=I:\Program Files\QuickTime Alternative\QTTask.exe [2008-09-06 413696]
    "iTunesHelper"=I:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=I:\WINDOWS\system32\ctfmon.exe [2006-12-06 25088]
    "Sidebar"=I:\Program Files\Windows Sidebar\sidebar.exe [2007-01-10 1235456]
    "UberIcon"=I:\Program Files\UberIcon\UberIcon Manager.exe [2005-08-12 180224]
    "LightScribe Control Panel"=I:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe [2007-07-18 451872]
    "Orb"=I:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]
    "HDDHealth"=I:\Program Files\HDD Health\HDDHealth.exe [2008-02-01 1607168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00170de9]
    I:\WINDOWS\system32\iqloknyh.dll []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
    I:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe [2007-08-01 675840]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    I:\WINDOWS\faceback.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257 []

    I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    AutoStart IR.lnk - I:\Program Files\WinTV\Ir.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="vxlqhu.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    I:\WINDOWS\system32\Ati2evxx.dll [2007-06-27 118784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    I:\WINDOWS\system32\WgaLogon.dll [2006-06-27 3584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ywpidpq]
    I:\WINDOWS\system32\ywpidpq32.dll [2008-09-30 21504]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    I:\WINDOWS\system32\nnnKBRHA

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7glxx.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati7glxx.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoSMHelp"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "I:\WINDOWS\system32\sessmgr.exe"="I:\WINDOWS\system32\sessmgr.exe:*:D isabled:@xpsp2res.dll,-22019"
    "I:\Program Files\Windows Live\Messenger\msnmsgr.exe"="I:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "I:\Program Files\Windows Live\Messenger\livecall.exe"="I:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "I:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe"="I:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
    "I:\Documents and Settings\Administrateur\Local Settings\Temp\Nero Web\SetupXu.exe"="I:\Documents and Settings\Administrateur\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup"
    "I:\WINDOWS\system32\winver.exe"="I:\WINDOWS\system32\winver.exe:*:Enabled:winver"
    "I:\Program Files\Winamp Remote\bin\Orb.exe"="I:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:o rb"
    "I:\Program Files\Winamp Remote\bin\OrbTray.exe"="I:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:o rbTray"
    "I:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="I:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:o rb Stream Client"
    "I:\Program Files\uTorrent\uTorrent.exe"="I:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "I:\Program Files\Bonjour\mDNSResponder.exe"="I:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "I:\Program Files\iTunes\iTunes.exe"="I:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "I:\Documents and Settings\Administrateur\Bureau\PimpStreamerDLNA12\PimpStreamerDLNA12.exe"="I:\Documents and Settings\Administrateur\Bureau\PimpStreamerDLNA12\PimpStreamerDLNA12.exe:*:Enabled:p impStreamer DLNA"
    "I:\Documents and Settings\Administrateur\Bureau\PimpStreamerDLNA12.exe"="I:\Documents and Settings\Administrateur\Bureau\PimpStreamerDLNA12.exe:*:Enabled:p impStreamer DLNA"
    "I:\Documents and Settings\Administrateur\Bureau\microtorrent_torrent_1.8_build_11813_anglais_18245.exe"="I:\Documents and Settings\Administrateur\Bureau\microtorrent_torrent_1.8_build_11813_anglais_18245.exe:*:Enabled:µTorrent"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "I:\Program Files\Windows Live\Messenger\msnmsgr.exe"="I:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "I:\Program Files\Windows Live\Messenger\livecall.exe"="I:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
    shell\AutoRun\command - P:\SETUP.EXE
    shell\configure\command - P:\SETUP.EXE
    shell\install\command - P:\SETUP.EXE


    ======List of files/folders created in the last 1 months======

    2008-09-30 20:17:22 ----D---- I:\rsit
    2008-09-30 18:00:00 ----D---- I:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-30 17:59:58 ----D---- I:\Program Files\Malwarebytes' Anti-Malware
    2008-09-30 17:59:58 ----D---- I:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-30 14:41:44 ----D---- I:\Program Files\HDD Health
    2008-09-30 14:19:15 ----D---- I:\_OTMoveIt
    2008-09-30 03:43:39 ----D---- I:\Program Files\Lopxp
    2008-09-30 00:28:09 ----A---- I:\WINDOWS\ntbtlog.txt
    2008-09-29 23:33:24 ----A---- I:\cleannavi.txt
    2008-09-29 22:45:58 ----N---- I:\WINDOWS\system32\ywpidpq32.dll
    2008-09-29 22:27:40 ----A---- I:\fixnavi.txt
    2008-09-29 22:10:23 ----D---- I:\Program Files\Trend Micro
    2008-09-29 20:06:36 ----D---- I:\Program Files\Microsoft Works
    2008-09-29 20:06:31 ----D---- I:\Program Files\MSBuild
    2008-09-29 20:06:26 ----D---- I:\Program Files\Microsoft Visual Studio
    2008-09-29 20:06:25 ----D---- I:\Program Files\Fichiers communs\DESIGNER
    2008-09-29 20:06:07 ----D---- I:\Program Files\Microsoft.NET
    2008-09-29 20:03:21 ----D---- I:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2008-09-29 20:02:22 ----D---- I:\Program Files\iPod
    2008-09-29 20:02:20 ----D---- I:\Program Files\iTunes
    2008-09-29 20:02:20 ----D---- I:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-09-29 20:02:11 ----D---- I:\Program Files\Bonjour
    2008-09-29 20:01:41 ----D---- I:\Program Files\Apple Software Update
    2008-09-29 20:01:14 ----D---- I:\Program Files\Fichiers communs\Apple
    2008-09-29 20:01:13 ----D---- I:\Documents and Settings\All Users\Application Data\Apple
    2008-09-29 19:44:58 ----D---- I:\Program Files\uTorrent
    2008-09-29 19:44:41 ----D---- I:\Documents and Settings\Administrateur\Application Data\uTorrent
    2008-09-29 19:39:05 ----D---- I:\Documents and Settings\All Users\Application Data\OrbNetworks
    2008-09-29 19:39:01 ----D---- I:\Program Files\Winamp Remote
    2008-09-29 19:19:37 ----N---- I:\WINDOWS\system32\pxsfs.dll
    2008-09-29 19:19:37 ----N---- I:\WINDOWS\system32\pxinsa64.exe
    2008-09-29 19:19:37 ----N---- I:\WINDOWS\system32\pxhpinst.exe
    2008-09-29 19:19:37 ----N---- I:\WINDOWS\system32\pxdrv.dll
    2008-09-29 19:19:37 ----N---- I:\WINDOWS\system32\pxcpya64.exe
    2008-09-29 19:19:37 ----N---- I:\WINDOWS\system32\pxafs.dll
    2008-09-29 19:19:36 ----N---- I:\WINDOWS\system32\vxblock.dll
    2008-09-29 19:19:36 ----N---- I:\WINDOWS\system32\pxwave.dll
    2008-09-29 19:19:36 ----N---- I:\WINDOWS\system32\pxmas.dll
    2008-09-29 19:19:35 ----N---- I:\WINDOWS\system32\px.dll
    2008-09-29 19:19:32 ----D---- I:\Program Files\Winamp
    2008-09-29 19:19:32 ----D---- I:\Documents and Settings\Administrateur\Application Data\Winamp
    2008-09-29 19:12:35 ----D---- I:\Program Files\Microsoft Visual Studio 8
    2008-09-29 19:12:18 ----A---- I:\WINDOWS\NeroDigital.ini
    2008-09-29 19:11:48 ----D---- I:\WINDOWS\SHELLNEW
    2008-09-29 19:11:22 ----D---- I:\Program Files\Microsoft Office
    2008-09-29 19:11:22 ----D---- I:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-29 19:11:02 ----RHD---- I:\MSOCache
    2008-09-29 18:09:15 ----A---- I:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
    2008-09-29 18:04:41 ----D---- I:\Documents and Settings\All Users\Application Data\Adobe
    2008-09-29 18:04:26 ----D---- I:\Program Files\Fichiers communs\Adobe
    2008-09-29 18:04:26 ----D---- I:\Program Files\Adobe
    2008-09-29 18:01:38 ----A---- I:\lopR.txt
    2008-09-29 18:01:19 ----D---- I:\Lop SD
    2008-09-29 17:57:41 ----A---- I:\WINDOWS\system32\msihnd.dll
    2008-09-29 17:57:41 ----A---- I:\WINDOWS\system32\msiexec.exe
    2008-09-29 17:57:41 ----A---- I:\WINDOWS\system32\msi.dll
    2008-09-29 17:56:36 ----D---- I:\Program Files\PiMPWare
    2008-09-29 17:56:13 ----D---- I:\Program Files\AC3Filter
    2008-09-29 17:56:10 ----A---- I:\WINDOWS\system32\OggDSuninst.exe
    2008-09-29 17:56:04 ----A---- I:\WINDOWS\system32\CoreAAC-uninstall.exe
    2008-09-29 17:55:39 ----A---- I:\WINDOWS\system32\vp7vfw.dll
    2008-09-29 17:55:38 ----D---- I:\Program Files\On2 Technologies
    2008-09-29 17:55:17 ----D---- I:\Documents and Settings\Administrateur\Application Data\DivX
    2008-09-29 17:55:16 ----D---- I:\Documents and Settings\Administrateur\Application Data\Media Player Classic
    2008-09-29 17:54:56 ----D---- I:\Program Files\Real Alternative
    2008-09-29 17:54:56 ----D---- I:\Documents and Settings\All Users\Application Data\Real
    2008-09-29 17:54:56 ----D---- I:\Documents and Settings\Administrateur\Application Data\Real
    2008-09-29 17:54:56 ----A---- I:\WINDOWS\system32\rmoc3260.dll
    2008-09-29 17:54:56 ----A---- I:\WINDOWS\system32\pndx5032.dll
    2008-09-29 17:54:56 ----A---- I:\WINDOWS\system32\pndx5016.dll
    2008-09-29 17:54:56 ----A---- I:\WINDOWS\system32\pncrt.dll
    2008-09-29 17:54:45 ----D---- I:\Program Files\Haali
    2008-09-29 17:54:37 ----D---- I:\Program Files\Xvid
    2008-09-29 17:54:37 ----A---- I:\WINDOWS\system32\xvidvfw.dll
    2008-09-29 17:54:37 ----A---- I:\WINDOWS\system32\xvidcore.dll
    2008-09-29 17:54:17 ----D---- I:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-09-29 17:54:14 ----D---- I:\Program Files\QuickTime Alternative
    2008-09-29 17:54:14 ----A---- I:\WINDOWS\system32\msvcr71.dll
    2008-09-29 17:54:14 ----A---- I:\WINDOWS\system32\msvcp71.dll
    2008-09-29 17:52:48 ----D---- I:\Program Files\DivX
    2008-09-29 17:52:12 ----D---- I:\Program Files\Ripp-It Codec Pack
    2008-09-29 17:51:53 ----D---- I:\Program Files\Producer
    2008-09-29 17:51:44 ----D---- I:\Program Files\MKVtoolnix
    2008-09-29 17:51:38 ----D---- I:\Program Files\Pack PSP - Ri4m
    2008-09-29 17:51:25 ----D---- I:\Program Files\AviSynth 2.5
    2008-09-29 17:51:05 ----D---- I:\Program Files\Ripp-it_AM
    2008-09-29 17:41:34 ----D---- I:\Program Files\Alcohol Soft
    2008-09-29 17:18:32 ----D---- I:\Program Files\Navilog1
    2008-09-29 17:17:03 ----A---- I:\WINDOWS\system32\hidserv.dll
    2008-09-29 17:03:25 ----SH---- I:\WINDOWS\system32\iljlgjwk.ini
    2008-09-29 17:01:21 ----N---- I:\WINDOWS\system32\vxlqhu.dll
    2008-09-29 15:48:38 ----D---- I:\WINDOWS\system32\bfubackups
    2008-09-29 14:40:12 ----D---- I:\Program Files\Nero
    2008-09-29 14:40:12 ----D---- I:\Documents and Settings\All Users\Application Data\Nero
    2008-09-29 14:40:11 ----D---- I:\Program Files\Fichiers communs\Ahead
    2008-09-29 13:53:27 ----D---- I:\WINDOWS\BDOSCAN8
    2008-09-29 13:51:06 ----A---- I:\WINDOWS\system32\0b34c997-.txt
    2008-09-29 13:50:45 ----ASH---- I:\WINDOWS\system32\AHRBKnnn.ini
    2008-09-29 13:28:36 ----D---- I:\Documents and Settings\All Users\Application Data\LightScribe
    2008-09-29 13:20:45 ----D---- I:\Program Files\Fichiers communs\LightScribe
    2008-09-29 13:18:45 ----D---- I:\Documents and Settings\Administrateur\Application Data\Ahead
    2008-09-29 13:18:35 ----D---- I:\Documents and Settings\All Users\Application Data\Ahead
    2008-09-29 13:15:42 ----A---- I:\WINDOWS\system32\d3dx9_30.dll
    2008-09-29 13:15:41 ----A---- I:\WINDOWS\system32\d3dx9_28.dll
    2008-09-29 13:15:40 ----D---- I:\WINDOWS\system32\DirectX
    2008-09-28 23:36:09 ----D---- I:\Documents and Settings\Administrateur\Application Data\Mozilla
    2008-09-28 23:33:06 ----D---- I:\Documents and Settings\Administrateur\Application Data\Adobe
    2008-09-28 23:26:55 ----D---- I:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-09-28 23:19:27 ----HDC---- I:\WINDOWS\$NtUninstallKB896626$
    2008-09-28 23:19:21 ----A---- I:\WINDOWS\system32\UNWISE.INI
    2008-09-28 23:19:20 ----A---- I:\WINDOWS\system32\UNWISE.EXE
    2008-09-28 23:19:20 ----A---- I:\WINDOWS\system32\msvcr71d.dll
    2008-09-28 23:19:20 ----A---- I:\WINDOWS\system32\msvcp71d.dll
    2008-09-28 23:19:20 ----A---- I:\WINDOWS\system32\mfc71d.dll
    2008-09-28 23:19:05 ----D---- I:\Program Files\Fichiers communs\IviSDK
    2008-09-28 23:18:48 ----A---- I:\WINDOWS\Irremote.ini
    2008-09-28 23:18:40 ----A---- I:\WINDOWS\system32\MSSTDFMT.DLL
    2008-09-28 23:18:40 ----A---- I:\WINDOWS\system32\hcwsched.dll
    2008-09-28 23:18:40 ----A---- I:\WINDOWS\system32\dmcrypto.dll
    2008-09-28 23:18:40 ----A---- I:\WINDOWS\system32\3DES.dll
    2008-09-28 23:18:30 ----D---- I:\WINDOWS\system32\hauppauge
    2008-09-28 23:18:23 ----D---- I:\MyVideos
    2008-09-28 23:18:23 ----A---- I:\WINDOWS\ODBC.INI
    2008-09-28 23:18:22 ----A---- I:\WINDOWS\system32\hcwtvwnd.dll
    2008-09-28 23:18:22 ----A---- I:\WINDOWS\system32\hcwpnp32.dll
    2008-09-28 23:18:22 ----A---- I:\WINDOWS\system32\hcwChDB.dll
    2008-09-28 23:18:22 ----A---- I:\WINDOWS\system32\Bt848WST.DLL
    2008-09-28 23:18:13 ----A---- I:\WINDOWS\system32\hcwTVDlg.dll
    2008-09-28 23:18:13 ----A---- I:\WINDOWS\system32\hcwhook.dll
    2008-09-28 23:18:13 ----A---- I:\WINDOWS\system32\hcwChan.dll
    2008-09-28 23:18:00 ----D---- I:\Program Files\WinTV
    2008-09-28 23:18:00 ----A---- I:\WINDOWS\system32\hcwsnbd9.dll
    2008-09-28 23:18:00 ----A---- I:\WINDOWS\system32\hcwi2c32.dll
    2008-09-28 23:17:36 ----A---- I:\WINDOWS\HCWPNP.INI
    2008-09-28 23:16:53 ----A---- I:\WINDOWS\system32\PsisDecd.dll
    2008-09-28 23:16:25 ----A---- I:\WINDOWS\system32\vfwwdm32.dll
    2008-09-28 23:16:07 ----A---- I:\WINDOWS\system32\hcwxds.dll
    2008-09-28 23:16:07 ----A---- I:\WINDOWS\system32\hcwutl32.dll
    2008-09-28 14:37:48 ----A---- I:\WINDOWS\cdplayer.ini
    2008-09-28 14:01:43 ----D---- I:\Program Files\Messenger Plus! Live
    2008-09-28 13:53:22 ----SHDC---- I:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-28 13:53:04 ----D---- I:\Program Files\Windows Live
    2008-09-28 13:52:57 ----D---- I:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-28 13:51:54 ----D---- I:\WINDOWS\ie7updates
    2008-09-28 13:50:47 ----HDC---- I:\WINDOWS\ie7
    2008-09-28 13:50:40 ----HDC---- I:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    2008-09-28 13:50:30 ----HDC---- I:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    2008-09-28 13:50:17 ----HDC---- I:\WINDOWS\$NtUninstallKB915865$
    2008-09-28 13:50:17 ----HD---- I:\WINDOWS\$hf_mig$
    2008-09-28 13:49:25 ----D---- I:\Program Files\Runtime Software
    2008-09-28 13:48:59 ----HDC---- I:\WINDOWS\$NtUninstallKB914440$
    2008-09-28 13:43:58 ----D---- I:\WINDOWS\system32\SoftwareDistribution
    2008-09-28 13:43:58 ----A---- I:\WINDOWS\system32\wucltui.dll.mui
    2008-09-28 13:43:58 ----A---- I:\WINDOWS\system32\wuaueng.dll.mui
    2008-09-28 13:43:58 ----A---- I:\WINDOWS\system32\wuapi.dll.mui
    2008-09-28 13:07:11 ----D---- I:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-09-28 05:10:39 ----D---- I:\Program Files\Yahoo!
    2008-09-28 05:10:34 ----D---- I:\Program Files\CCleaner
    2008-09-28 04:24:57 ----D---- I:\Program Files\MozBackup
    2008-09-28 04:05:19 ----D---- I:\Program Files\Mozilla Firefox
    2008-09-28 02:46:01 ----R---- I:\WINDOWS\system32\ChCfg.exe
    2008-09-28 02:45:37 ----D---- I:\Program Files\Realtek
    2008-09-28 02:44:02 ----R---- I:\WINDOWS\RtlExUpd.dll
    2008-09-28 02:35:13 ----D---- I:\Documents and Settings\Administrateur\Application Data\vlc
    2008-09-28 02:34:57 ----D---- I:\Program Files\VideoLAN
    2008-09-28 02:10:40 ----D---- I:\Documents and Settings\Administrateur\Application Data\Macromedia
    2008-09-28 01:13:52 ----D---- I:\Documents and Settings\All Users\Application Data\ATI
    2008-09-28 01:06:10 ----N---- I:\WINDOWS\system32\ati2sgag.exe
    2008-09-28 00:43:50 ----D---- I:\WINDOWS\Minidump
    2008-09-28 00:36:01 ----D---- I:\Documents and Settings\Administrateur\Application Data\Styler
    2008-09-28 00:19:16 ----RA---- I:\WINDOWS\RtlUpd.exe
    2008-09-28 00:19:16 ----RA---- I:\WINDOWS\ALCMTR.EXE
    2008-09-28 00:19:15 ----RA---- I:\WINDOWS\ALCWZRD.EXE
    2008-09-28 00:19:13 ----RA---- I:\WINDOWS\SOUNDMAN.EXE
    2008-09-28 00:19:13 ----RA---- I:\WINDOWS\RTLCPL.EXE
    2008-09-28 00:19:12 ----RA---- I:\WINDOWS\SkyTel.exe
    2008-09-28 00:19:11 ----RA---- I:\WINDOWS\MicCal.exe
    2008-09-28 00:19:08 ----A---- I:\WINDOWS\RTHDCPL.exe
    2008-09-28 00:11:13 ----D---- I:\TEMP
    2008-09-28 00:03:56 ----N---- I:\WINDOWS\system32\_000119_.tmp.dll
    2008-09-28 00:02:39 ----HD---- I:\WINDOWS\msdownld.tmp
    2008-09-28 00:02:17 ----D---- I:\WINDOWS\%USERPROFILE%
    2008-09-27 23:42:18 ----D---- I:\WINDOWS\pss
    2008-09-27 23:40:33 ----SHD---- I:\RECYCLER
    2008-09-27 23:18:12 ----N---- I:\WINDOWS\system32\spmsg.dll
    2008-09-27 22:31:07 ----D---- I:\Documents and Settings\Administrateur\Application Data\ATI
    2008-09-27 22:29:02 ----A---- I:\WINDOWS\system32\spupdsvc.exe
    2008-09-27 22:28:44 ----A---- I:\WINDOWS\HideWin.exe
    2008-09-27 22:28:18 ----D---- I:\Program Files\DIFX
    2008-09-27 22:28:15 ----DC---- I:\WINDOWS\system32\DRVSTORE
    2008-09-27 22:22:42 ----D---- I:\Program Files\Fichiers communs\ATI Technologies
    2008-09-27 22:20:55 ----D---- I:\WINDOWS\system32\ReinstallBackups
    2008-09-27 22:20:36 ----RA---- I:\WINDOWS\system32\atiiiexx.dll
    2008-09-27 22:20:35 ----RA---- I:\WINDOWS\system32\ATIDEMGX.dll
    2008-09-27 22:20:17 ----D---- I:\Program Files\ATI Technologies
    2008-09-27 22:20:14 ----HD---- I:\Program Files\InstallShield Installation Information
    2008-09-27 22:19:54 ----D---- I:\Program Files\Fichiers communs\InstallShield
    2008-09-27 22:14:20 ----A---- I:\WINDOWS\system32\h323log.txt
    2008-09-27 22:13:52 ----D---- I:\WINDOWS\system32\RTCOM
    2008-09-27 22:13:51 ----A---- I:\WINDOWS\system32\ksuser.dll
    2008-09-27 22:13:31 ----D---- I:\WINDOWS\system32\Lang
    2008-09-27 22:13:09 ----D---- I:\Documents and Settings\Administrateur\Application Data\Identities
    2008-09-27 22:12:56 ----D---- I:\WINDOWS\SoftwareDistribution
    2008-09-27 22:12:55 ----D---- I:\WINDOWS\Prefetch
    2008-09-27 22:12:54 ----SD---- I:\WINDOWS\system32\Microsoft
    2008-09-27 22:12:54 ----A---- I:\WINDOWS\SchedLgU.Txt
    2008-09-27 22:08:29 ----AD---- I:\WINDOWS\i386
    2008-09-27 22:06:28 ----D---- I:\Program Files\Windows Defender
    2008-09-27 22:02:04 ----SHD---- I:\WINDOWS\Installer
    2008-09-27 22:02:04 ----D---- I:\Program Files\Fichiers communs\ODBC
    2008-09-27 22:02:04 ----D---- I:\Program Files\Fichiers communs
    2008-09-27 22:02:04 ----D---- I:\Program Files
    2008-09-27 22:02:04 ----A---- I:\WINDOWS\system32\PerfStringBackup.INI
    2008-09-27 22:02:04 ----A---- I:\WINDOWS\ODBCINST.INI
    2008-09-27 22:01:39 ----A---- I:\WINDOWS\system32\spxcoins.dll
    2008-09-27 22:01:39 ----A---- I:\WINDOWS\system32\irclass.dll
    2008-09-27 22:01:39 ----A---- I:\WINDOWS\system32\EqnClass.Dll
    2008-09-27 22:01:39 ----A---- I:\WINDOWS\system32\dgrpsetu.dll
    2008-09-27 22:01:35 ----A---- I:\WINDOWS\TASKMAN.EXE
    2008-09-27 22:01:32 ----A---- I:\WINDOWS\NOTEPAD.EXE
    2008-09-27 22:01:30 ----A---- I:\WINDOWS\system32\storprop.dll
    2008-09-27 22:01:24 ----ASH---- I:\Documents and Settings\All Users\Application Data\desktop.ini
    2008-09-27 21:59:34 ----D---- I:\WINDOWS\system32\CatRoot2
    2008-09-27 21:59:34 ----D---- I:\WINDOWS\system32\CatRoot
    2008-09-27 21:59:29 ----D---- I:\Documents and Settings\All Users\Application Data\Microsoft
    2008-09-27 21:59:13 ----D---- I:\Documents and Settings
    2008-09-27 21:59:12 ----SHD---- I:\System Volume Information
    2008-09-27 21:58:15 ----SH---- I:\boot.ini
    2008-09-27 21:52:01 ----SD---- I:\WINDOWS\Downloaded Program Files
    2008-09-27 21:52:01 ----RSHDC---- I:\WINDOWS\system32\dllcache
    2008-09-27 21:52:01 ----RSD---- I:\WINDOWS\Fonts
    2008-09-27 21:52:01 ----HD---- I:\WINDOWS\inf
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\WinSxS
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\Web
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\WBEM
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\twain_32
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\Temp
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\wins
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\wbem
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\usmt
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\spool
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\ShellExt
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\Setup
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\ras
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\PreInstall
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\oobe
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\mui
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\IME
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\icsxml
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\ias
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\fr-fr
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\export
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\en
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\drivers
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\dhcp
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\config
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\3com_dmi
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\3076
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\2052
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\1054
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\1042
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\1041
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\1037
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\1036
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\1033
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\1031
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\1028
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32\1025
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system32
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\system
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\security
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\Resources
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\repair
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\Provisioning
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\PeerNet
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\pchealth
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\Offline Web Pages
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\NLDRV
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\Network Diagnostic
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\mui
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\msapps
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\msagent
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\Media
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\java
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\ime
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\Help
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\Driver Cache
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\Debug
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\Cursors
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\Config
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\AppPatch
    2008-09-27 21:52:01 ----D---- I:\WINDOWS\addins
    2008-09-27 21:52:01 ----D---- I:\WINDOWS
    2008-09-27 20:26:16 ----ASH---- I:\Documents and Settings\Administrateur\Application Data\desktop.ini
    2008-09-27 20:26:15 ----D---- I:\Documents and Settings\Administrateur\Application Data\Microsoft
    2008-09-27 20:24:00 ----D---- I:\WINDOWS\VAIO
    2008-09-27 20:23:58 ----RD---- I:\Program Files\Windows Sidebar
    2008-09-27 20:23:56 ----D---- I:\WINDOWS\system32\Vistadrive
    2008-09-27 20:23:55 ----D---- I:\Program Files\Winrar
    2008-09-27 20:23:55 ----D---- I:\Program Files\UberIcon
    2008-09-27 20:23:55 ----D---- I:\Program Files\TweakRAM
    2008-09-27 20:23:55 ----D---- I:\Program Files\Styler
    2008-09-27 20:23:55 ----D---- I:\Program Files\IE Privacy Keeper
    2008-09-27 20:23:55 ----D---- I:\Program Files\Everest
    2008-09-27 20:23:55 ----D---- I:\Program Files\Compare It!
    2008-09-27 20:23:55 ----D---- I:\Program Files\Ad-Aware
    2008-09-27 20:20:15 ----RSD---- I:\WINDOWS\assembly
    2008-09-27 20:20:15 ----D---- I:\WINDOWS\Microsoft.NET
    2008-09-27 20:20:14 ----D---- I:\WINDOWS\system32\URTTemp
    2008-09-27 20:19:57 ----A---- I:\WINDOWS\system32\jit.dll
    2008-09-27 20:19:57 ----A---- I:\WINDOWS\system32\javaee.dll
    2008-09-27 20:19:57 ----A---- I:\WINDOWS\system32\dx3j.dll
    2008-09-27 20:19:57 ----A---- I:\WINDOWS\setdebug.exe
    2008-09-27 20:19:54 ----A---- I:\WINDOWS\system32\wjview.exe
    2008-09-27 20:19:54 ----A---- I:\WINDOWS\system32\vmhelper.dll
    2008-09-27 20:19:54 ----A---- I:\WINDOWS\system32\msjdbc10.dll
    2008-09-27 20:19:54 ----A---- I:\WINDOWS\system32\msjava.dll
    2008-09-27 20:19:54 ----A---- I:\WINDOWS\system32\msawt.dll
    2008-09-27 20:19:54 ----A---- I:\WINDOWS\system32\jview.exe
    2008-09-27 20:19:54 ----A---- I:\WINDOWS\system32\jdbgmgr.exe
    2008-09-27 20:19:53 ----A---- I:\WINDOWS\system32\javart.dll
    2008-09-27 20:19:53 ----A---- I:\WINDOWS\system32\javaprxy.dll
    2008-09-27 20:19:53 ----A---- I:\WINDOWS\system32\javacypt.dll
    2008-09-27 20:19:53 ----A---- I:\WINDOWS\system32\clspack.exe
    2008-09-27 20:19:22 ----N---- I:\WINDOWS\system32\WgaTray.exe
    2008-09-27 20:19:22 ----N---- I:\WINDOWS\system32\WgaLogon.dll
    2008-09-27 20:19:22 ----N---- I:\WINDOWS\system32\LegitCheckControl.dll
    2008-09-27 20:19:07 ----A---- I:\WINDOWS\control.ini
    2008-09-27 20:18:56 ----A---- I:\WINDOWS\system32\mapi32.dll
    2008-09-27 20:18:26 ----RAH---- I:\WINDOWS\system32\logonui.exe.manifest
    2008-09-27 20:18:23 ----RAH---- I:\WINDOWS\system32\cdplayer.exe.manifest
    2008-09-27 20:18:19 ----HD---- I:\Program Files\WindowsUpdate
    2008-09-27 20:17:31 ----A---- I:\WINDOWS\system32\acctres.dll
    2008-09-27 20:17:30 ----D---- I:\Program Files\Fichiers communs\Services
    2008-09-27 20:17:26 ----SD---- I:\WINDOWS\Tasks
    2008-09-27 20:17:25 ----D---- I:\Program Files\Fichiers communs\MSSoap
    2008-09-27 20:17:19 ----D---- I:\WINDOWS\srchasst
    2008-09-27 20:17:18 ----D---- I:\WINDOWS\system32\Macromed
    2008-09-27 20:17:12 ----A---- I:\WINDOWS\system32\wuweb.dll
    2008-09-27 20:17:12 ----A---- I:\WINDOWS\system32\wucltui.dll
    2008-09-27 20:17:12 ----A---- I:\WINDOWS\system32\wuauserv.dll
    2008-09-27 20:17:12 ----A---- I:\WINDOWS\system32\wuaueng1.dll
    2008-09-27 20:17:11 ----A---- I:\WINDOWS\system32\wups.dll
    2008-09-27 20:17:11 ----A---- I:\WINDOWS\system32\wuaueng.dll
    2008-09-27 20:17:10 ----A---- I:\WINDOWS\system32\wuauclt1.exe
    2008-09-27 20:17:10 ----A---- I:\WINDOWS\system32\wuauclt.exe
    2008-09-27 20:17:10 ----A---- I:\WINDOWS\system32\wuapi.dll
    2008-09-27 20:17:10 ----A---- I:\WINDOWS\system32\bitsprx3.dll
    2008-09-27 20:17:10 ----A---- I:\WINDOWS\system32\bitsprx2.dll
    2008-09-27 20:17:09 ----A---- I:\WINDOWS\system32\qmgrprxy.dll
    2008-09-27 20:17:09 ----A---- I:\WINDOWS\system32\qmgr.dll
    2008-09-27 20:17:04 ----D---- I:\Program Files\Movie Maker
    2008-09-27 20:16:58 ----A---- I:\WINDOWS\system32\fltlib.dll
    2008-09-27 20:16:57 ----D---- I:\WINDOWS\system32\Restore
    2008-09-27 20:16:57 ----A---- I:\WINDOWS\system32\srrstr.dll
    2008-09-27 20:16:57 ----A---- I:\WINDOWS\system32\fltMc.exe
    2008-09-27 20:16:56 ----A---- I:\WINDOWS\system32\srsvc.dll
    2008-09-27 20:16:56 ----A---- I:\WINDOWS\system32\srclient.dll
    2008-09-27 20:16:56 ----A---- I:\WINDOWS\system32\msoert2.dll
    2008-09-27 20:16:56 ----A---- I:\WINDOWS\system32\msoeacct.dll
    2008-09-27 20:16:54 ----A---- I:\WINDOWS\system32\inetres.dll
    2008-09-27 20:16:54 ----A---- I:\WINDOWS\system32\inetcomm.dll
    2008-09-27 20:16:50 ----D---- I:\Program Files\Outlook Express
    2008-09-27 20:16:50 ----A---- I:\WINDOWS\system32\schedsvc.dll
    2008-09-27 20:16:50 ----A---- I:\WINDOWS\system32\mstinit.exe
    2008-09-27 20:16:50 ----A---- I:\WINDOWS\system32\mstask.dll
    2008-09-27 20:16:42 ----D---- I:\Program Files\Fichiers communs\System
    2008-09-27 20:16:41 ----D---- I:\Program Files\Fichiers communs\Microsoft Shared
    2008-09-27 20:16:38 ----D---- I:\Program Files\Internet Explorer
    2008-09-27 20:16:28 ----D---- I:\Program Files\ComPlus Applications
    2008-09-27 20:16:26 ----A---- I:\WINDOWS\vbaddin.ini
    2008-09-27 20:16:26 ----A---- I:\WINDOWS\vb.ini
    2008-09-27 20:16:22 ----D---- I:\WINDOWS\Registration
    2008-09-27 20:15:59 ----HD---- I:\Program Files\Uninstall Information
    2008-09-27 20:15:58 ----D---- I:\Program Files\Windows Media Player
    2008-09-27 20:15:54 ----A---- I:\WINDOWS\system32\sndvol32.exe
    2008-09-27 20:15:51 ----A---- I:\WINDOWS\system32\getuname.dll
    2008-09-27 20:15:51 ----A---- I:\WINDOWS\system32\charmap.exe
    2008-09-27 20:15:50 ----A---- I:\WINDOWS\system32\usrlogon.cmd
    2008-09-27 20:15:50 ----A---- I:\WINDOWS\system32\tsshutdn.exe
    2008-09-27 20:15:50 ----A---- I:\WINDOWS\system32\tslabels.ini
    2008-09-27 20:15:50 ----A---- I:\WINDOWS\system32\tskill.exe
    2008-09-27 20:15:50 ----A---- I:\WINDOWS\system32\reset.exe
    2008-09-27 20:15:50 ----A---- I:\WINDOWS\system32\calc.exe
    2008-09-27 20:15:49 ----A---- I:\WINDOWS\system32\tsdiscon.exe
    2008-09-27 20:15:49 ----A---- I:\WINDOWS\system32\tscon.exe
    2008-09-27 20:15:49 ----A---- I:\WINDOWS\system32\shadow.exe
    2008-09-27 20:15:49 ----A---- I:\WINDOWS\system32\rwinsta.exe
    2008-09-27 20:15:49 ----A---- I:\WINDOWS\system32\regini.exe
    2008-09-27 20:15:49 ----A---- I:\WINDOWS\system32\rdpcfgex.dll
    2008-09-27 20:15:49 ----A---- I:\WINDOWS\system32\qwinsta.exe
    2008-09-27 20:15:49 ----A---- I:\WINDOWS\system32\qappsrv.exe
    2008-09-27 20:15:48 ----A---- I:\WINDOWS\system32\msg.exe
    2008-09-27 20:15:48 ----A---- I:\WINDOWS\system32\msdtcprf.ini
    2008-09-27 20:15:48 ----A---- I:\WINDOWS\system32\logoff.exe
    2008-09-27 20:15:48 ----A---- I:\WINDOWS\system32\cdmodem.dll
    2008-09-27 20:15:47 ----A---- I:\WINDOWS\system32\mtxlegih.dll
    2008-09-27 20:15:47 ----A---- I:\WINDOWS\system32\mtxex.dll
    2008-09-27 20:15:47 ----A---- I:\WINDOWS\system32\mtxdm.dll
    2008-09-27 20:15:47 ----A---- I:\WINDOWS\system32\dcomcnfg.exe
    2008-09-27 20:15:46 ----A---- I:\WINDOWS\system32\stclient.dll
    2008-09-27 20:15:46 ----A---- I:\WINDOWS\system32\comsnap.dll
    2008-09-27 20:15:46 ----A---- I:\WINDOWS\system32\comrepl.dll
    2008-09-27 20:15:46 ----A---- I:\WINDOWS\system32\comaddin.dll
    2008-09-27 20:15:37 ----A---- I:\WINDOWS\system32\wmimgmt.msc
    2008-09-27 20:15:36 ----A---- I:\WINDOWS\system32\sndrec32.exe
    2008-09-27 20:15:36 ----A---- I:\WINDOWS\system32\mspaint.exe
    2008-09-27 20:15:36 ----A---- I:\WINDOWS\system32\mplay32.exe
    2008-09-27 20:15:35 ----A---- I:\WINDOWS\system32\tscfgwmi.dll
    2008-09-27 20:15:35 ----A---- I:\WINDOWS\system32\mstscax.dll
    2008-09-27 20:15:34 ----A---- I:\WINDOWS\system32\remotepg.dll
    2008-09-27 20:15:34 ----A---- I:\WINDOWS\system32\rdsaddin.exe
    2008-09-27 20:15:34 ----A---- I:\WINDOWS\system32\mstsc.exe
    2008-09-27 20:15:33 ----A---- I:\WINDOWS\system32\tscupgrd.exe
    2008-09-27 20:15:33 ----A---- I:\WINDOWS\system32\termsrv.dll
    2008-09-27 20:15:33 ----A---- I:\WINDOWS\system32\sessmgr.exe
    2008-09-27 20:15:33 ----A---- I:\WINDOWS\system32\rdshost.exe
    2008-09-27 20:15:33 ----A---- I:\WINDOWS\system32\rdpwsx.dll
    2008-09-27 20:15:33 ----A---- I:\WINDOWS\system32\rdchost.dll
    2008-09-27 20:15:32 ----D---- I:\WINDOWS\system32\MsDtc
    2008-09-27 20:15:32 ----A---- I:\WINDOWS\system32\rdpsnd.dll
    2008-09-27 20:15:32 ----A---- I:\WINDOWS\system32\rdpclip.exe
    2008-09-27 20:15:32 ----A---- I:\WINDOWS\system32\qprocess.exe
    2008-09-27 20:15:32 ----A---- I:\WINDOWS\system32\msdtcuiu.dll
    2008-09-27 20:15:32 ----A---- I:\WINDOWS\system32\icaapi.dll
    2008-09-27 20:15:32 ----A---- I:\WINDOWS\system32\cfgbkend.dll
    2008-09-27 20:15:31 ----A---- I:\WINDOWS\system32\xolehlp.dll
    2008-09-27 20:15:31 ----A---- I:\WINDOWS\system32\mtxoci.dll
    2008-09-27 20:15:31 ----A---- I:\WINDOWS\system32\msdtctm.dll
    2008-09-27 20:15:31 ----A---- I:\WINDOWS\system32\msdtcprx.dll
    2008-09-27 20:15:30 ----D---- I:\WINDOWS\system32\Com
    2008-09-27 20:15:30 ----A---- I:\WINDOWS\system32\msdtclog.dll
    2008-09-27 20:15:30 ----A---- I:\WINDOWS\system32\msdtc.exe
    2008-09-27 20:15:30 ----A---- I:\WINDOWS\system32\colbact.dll
    2008-09-27 20:15:30 ----A---- I:\WINDOWS\system32\catsrvps.dll
    2008-09-27 20:15:29 ----A---- I:\WINDOWS\system32\comsvcs.dll
    2008-09-27 20:15:29 ----A---- I:\WINDOWS\system32\clbcatex.dll
    2008-09-27 20:15:29 ----A---- I:\WINDOWS\system32\catsrvut.dll
    2008-09-27 20:15:29 ----A---- I:\WINDOWS\system32\catsrv.dll
    2008-09-27 20:15:28 ----A---- I:\WINDOWS\system32\comuid.dll
    2008-09-27 20:15:28 ----A---- I:\WINDOWS\system32\clbcatq.dll
    2008-09-27 20:15:18 ----A---- I:\WINDOWS\system32\servdeps.dll
    2008-09-27 20:15:18 ----A---- I:\WINDOWS\system32\mmfutil.dll
    2008-09-27 20:15:18 ----A---- I:\WINDOWS\system32\licwmi.dll
    2008-09-27 20:15:18 ----A---- I:\WINDOWS\system32\cmprops.dll

    ======List of files/folders modified in the last 1 months======

    2008-09-29 19:12:06 ----A---- I:\WINDOWS\win.ini
    2008-09-28 01:03:20 ----A---- I:\WINDOWS\system.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;Pilote de processeur AMD; I:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture; I:\WINDOWS\system32\drivers\hcw88aud.sys [2007-01-23 11904]
    R1 kbdhid;Pilote HID de clavier; I:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    R3 Arp1394;Protocole client ARP 1394; I:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
    R3 ati2mtag;ati2mtag; I:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-27 2303488]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; I:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod; I:\WINDOWS\system32\drivers\hcw88bda.sys [2007-01-23 207872]
    R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder; I:\WINDOWS\System32\Drivers\hcw88rc5.sys [2007-01-23 11776]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture; I:\WINDOWS\system32\drivers\hcw88tse.sys [2007-01-23 299776]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner; I:\WINDOWS\system32\drivers\hcw88tun.sys [2007-01-23 149504]
    R3 hcw88vid;Hauppauge WinTV 88x Video; I:\WINDOWS\system32\drivers\hcw88vid.sys [2007-01-23 498176]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar; I:\WINDOWS\system32\drivers\HCW88BAR.sys [2007-01-23 23552]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; I:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-12-24 138752]
    R3 hidusb;Pilote de classe HID Microsoft; I:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); I:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
    R3 MBAMSwissArmy;MBAMSwissArmy; \??\I:\WINDOWS\system32\drivers\mbamswissarmy.sys []
    R3 mouhid;Pilote HID de souris; I:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; I:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-12-08 61824]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; I:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
    R3 usbaudio;Pilote USB audio (WDM); I:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
    R3 usbccgp;Pilote parent générique USB Microsoft; I:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-06-17 31744]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; I:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; I:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; I:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-10-23 17152]
    R3 usbstor;Pilote de stockage de masse USB; I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
    S3 catchme;catchme; \??\I:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; I:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
    S3 MPE;Filtre BDA MPE; I:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; I:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; I:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 SLIP;Détrameur décalage BDA; I:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 streamip;BDA IPSink; I:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 WSTCODEC;Codec Teletext standard; I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S4 IntelIde;IntelIde; I:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 sr;Pilote de filtre de restauration système; I:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73600]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
    R2 Ati HotKey Poller;Ati HotKey Poller; I:\WINDOWS\system32\Ati2evxx.exe [2007-06-27 483328]
    R2 Bonjour Service;Service Bonjour; I:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 EPGService;EPGService; I:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2007-09-05 374272]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-07-25 79136]
    R3 iPod Service;Service de l’iPod; I:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
    S2 ATI Smart;ATI Smart; I:\WINDOWS\system32\ati2sgag.exe [2007-06-29 520192]
    S3 aspnet_state;Service d'état ASP.NET; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 IDriverT;InstallDriver Table Manager; I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 NBService;NBService; I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
    S3 NMIndexingService;NMIndexingService; I:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
    S3 odserv;Microsoft Office Diagnostics Service; I:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 ose;Office Source Engine; I:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; I:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; I:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

    -----------------EOF-----------------


    2eme rapport

    info.txt logfile of random's system information tool 1.04 2008-09-30 20:17:27

    ======Uninstall list======

    -->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
    -->I:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->I:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->I:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->I:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->I:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->I:\WINDOWS\UNRecode.exe /UNINSTALL
    AC3Filter (remove only)-->I:\Program Files\AC3Filter\uninstall.exe
    Adobe Flash Player Plugin-->I:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->I:\Program Files\WinRAR\uninstall.exe
    ATI - Utilitaire de désinstallation du logiciel-->I:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
    ATI Display Driver-->rundll32 I:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
    AviSynth 2.5-->"I:\Program Files\AviSynth 2.5\Uninstall.exe"
    AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
    AVIVO-->MsiExec.exe /X{5399ACAF-7B15-43D5-9233-4E797B184FD2}
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"I:\Program Files\CCleaner\uninst.exe"
    CoreAAC Audio Decoder (remove only)-->"I:\WINDOWS\system32\CoreAAC-uninstall.exe"
    Correctif pour Windows XP (KB914440)-->"I:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Correctif Windows XP - KB896626-->"I:\WINDOWS\$NtUninstallKB896626$\spuninst\spuninst.exe"
    Direct Show Ogg Vorbis Filter (remove only)-->"I:\WINDOWS\system32\OggDSuninst.exe"
    DivX Codec 3.1alpha release-->I:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 I:\WINDOWS\INF\DivX.inf
    DivX Codec-->I:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DriveImage XML-->"I:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "I:\Program Files\Runtime Software\DriveImage XML\install.log" -u
    encodeur Real Video Producer-->I:\Program Files\Producer\PRODUCER_Uninstal.exe
    GEAR 32bit Driver Installer-->MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
    Haali Media Splitter-->"I:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
    Hauppauge French Help Files and Resources-->I:\PROGRA~1\WinTV\UNHLPfra.EXE I:\PROGRA~1\WinTV\WTV2Kfra.LOG
    Hauppauge WinTV DVB-T EPG Service-->I:\WINDOWS\system32\UNWISE.EXE I:\WINDOWS\system32\UnEPGService.LOG
    Hauppauge WinTV Infrared Remote-->I:\PROGRA~1\WinTV\UNir32.EXE I:\PROGRA~1\WinTV\ir32.LOG
    Hauppauge WinTV Radio-->I:\PROGRA~1\WinTV\UNrad32.EXE I:\PROGRA~1\WinTV\RADIO32.LOG
    Hauppauge WinTV Scheduler-->I:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.exe I:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.log
    Hauppauge WinTV Soft PVR-->I:\PROGRA~1\WinTV\UNSftPVR.EXE I:\PROGRA~1\WinTV\softpvr.LOG
    Hauppauge WinTV-->I:\PROGRA~1\WinTV\UNTV6.EXE I:\PROGRA~1\WinTV\WINTV6.LOG
    HDD Health v3.2 Beta-->"I:\Program Files\HDD Health\unins000.exe"
    HijackThis 2.0.2-->"I:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows XP (KB915865)-->"I:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
    InterVideo FilterSDK for Hauppauge-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
    iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
    Lame ACM MP3 Codec-->I:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 I:\WINDOWS\INF\LameACM.inf
    Malwarebytes' Anti-Malware-->"I:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Messenger Plus! Live-->"I:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"I:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "I:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Internationalized Domain Names Mitigation APIs-->"I:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"I:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"I:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"I:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    MKVtoolnix 2.3.0-->I:\Program Files\MKVtoolnix\uninst.exe
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Mozilla Firefox (2.0.0.17)-->I:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
    Navilog1 3.6.6-->"I:\Program Files\Navilog1\unins000.exe"
    Nero 7 Essentials-->MsiExec.exe /X{1A6A6531-08FC-47AD-BAC4-C41497E71036}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    On2 VP7 Personal Edition-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
    Pack PSP - Ri4m - v1.0a-->I:\Program Files\Pack PSP - Ri4m\Uninstal.exe
    Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->I:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u I:\WINDOWS\system32\DRVSTORE\amdk8_1F9DE4E49C97F59EE9F75C34E0E91E568FC9EEB2\amdk8.inf
    PiMPStreamer-->MsiExec.exe /I{9B40A0CC-AB90-4375-8D35-668393564B57}
    QuickTime Alternative 1.78-->"I:\Program Files\QuickTime Alternative\unins000.exe"
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    Real Alternative 1.51 Lite-->"I:\Program Files\Real Alternative\unins000.exe"
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Ri4m v5.0.1d-->I:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
    Ripp-It Codec Pack v 4.2.6-->I:\Program Files\Ripp-It Codec Pack\uninst.exe
    Security Update pour Microsoft .NET Framework 2.0 (KB917283)-->I:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    Security Update pour Microsoft .NET Framework 2.0 (KB922770)-->I:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    VideoLAN VLC media player 0.8.6i-->I:\Program Files\VideoLAN\VLC\uninstall.exe
    Winamp Remote-->"I:\Program Files\Winamp Remote\uninstall.exe"
    Winamp-->"I:\Program Files\Winamp\UninstWA.exe"
    Windows Internet Explorer 7-->"I:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Xvid 1.1.2 final uninstall-->"I:\Program Files\Xvid\unins000.exe"
    Yahoo! Install Manager-->I:\WINDOWS\system32\regsvr32 /u I:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->I:\PROGRA~1\Yahoo!\Common\unyt.exe

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;I:\Program Files\ATI Technologies\ATI.ACE\Core-Static;I:\Program Files\QuickTime Alternative\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
    "PROCESSOR_REVISION"=6b01
    "NUMBER_OF_PROCESSORS"=2
    "TEMP"=%USERPROFILE%\Local Settings\Temp
    "TMP"=%USERPROFILE%\Local Settings\Temp
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "CLASSPATH"=.;I:\Program Files\QuickTime Alternative\QTSys
    30 Septembre 2008 23:35:33

    Re,

    On continue avec ça ;) 

    Re,

    Télécharge Combofix à partir d'**ICI** ou bien **ICI** et enregistre-le sur ton bureau.

    **Note 1 : Dans le cas où tu aurais déjà une version de combofix, il faudra que tu en télécharges une autre, la toute dernière. De plus il est très important de le sauvegarder directement sur ton bureau.**

  • Merci de ne jamais renommer Combofix, sauf si cela t'es expressément demandé.
  • Ferme toutes les fenêtres en cours, sans exception.
  • Désactive toutes les protections résidentes de tous tes logiciels antivirus, antispyware etc. afin que ces derniers n'interfèrent pas avec le bonfonctionnement de Combofix.
    Très important : Désactive temporairement toutes tes protections résidentes de tous tes logiciels de sécurité avant de lancer un scan avec Combofix. Ils risqueraient d'altérer le bon déroulement du scan de Combofix, ce qui pourrait avoir des conséquences imprévues et désastreuses.
  • Clique sur ce lien pour voir une liste de programmes qui devraient systématiquement être désactivés avant l'utilisation de combofix. A noter que la liste n'est pas exhaustive. Si ton logiciel de sécurité n'est pas dans cette liste et que tu ne sais pas comment le désactiver, ou que tu ne comprends pas l'anglais :p  , merci de me poser la question.
  • ATTENTION : Combofix va automatiquement te déconnecter d'internet dès que le scan débute.
  • Merci ne pas essayer de reconnecter ta machine à internet tant que combofix n'a pas fini son travail.
  • Si jamais tu n'arrives plus à te connecter à internet après l'utilisation de combofix, redémarre ton PC pour restaurer la connexion à internet.
  • Double clique sur combofix.exe et suis les instructions qui s'affichent.
  • Quand le scan sera fini, un rapport devrait normalement s'afficher à l'écran.
  • Merci de poster le rapport suivant, "C:\ComboFix.txt" , dans votre prochaine réponse, accompagné d'un nouveau rapport HiJackThis.

    **Note 2 : Ne pas cliquer dans la fenêtre de combofix pendant qu'il travaille. Tu risquerais de planter le PC et de causer d'importants dommages.**

    ;) 
    1 Octobre 2008 00:18:14

    Bon, deja, le probleme semble reglé et je n'ai plus de pubs qui s'ouvrent toutes les 30 sec qd je surfe sur firefox... donc deja merci!
    Je poste quand meme le rapport combofix, et le rapport hijackthis a la suite (ca va encore en faire de long post lol)

    ComboFix 08-09-30.02 - Administrateur 2008-10-01 0:06:32.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2775 [GMT 2:00]
    Lancé depuis: I:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Parents\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    I:\WINDOWS\system32\_000119_.tmp.dll
    I:\WINDOWS\system32\drivers\str.sys

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-30 22:09 . 2008-09-30 22:10 <REP> d-------- I:\Program Files\CD-LabelPrint
    2008-09-30 22:09 . 2008-09-30 22:09 <REP> d-------- I:\Program Files\Canon
    2008-09-30 22:08 . 2004-08-03 23:01 25,856 --a------ I:\WINDOWS\system32\drivers\usbprint.sys
    2008-09-30 22:07 . 2008-09-30 22:08 <REP> d-------- I:\WINDOWS\LastGood.Tmp
    2008-09-30 22:07 . 2008-09-30 22:07 <REP> d--h----- I:\BJPrinter
    2008-09-30 22:07 . 2004-06-15 07:00 116,736 --a------ I:\WINDOWS\system32\CNMLM61.DLL
    2008-09-30 22:07 . 2004-06-04 17:34 86,016 --a------ I:\WINDOWS\system32\CNMCP61.exe
    2008-09-30 22:07 . 2004-06-15 07:00 7,680 --a------ I:\WINDOWS\system32\CNMVS61.DLL
    2008-09-30 20:17 . 2008-09-30 20:17 <REP> d-------- I:\rsit
    2008-09-30 18:00 . 2008-09-30 18:00 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-30 17:59 . 2008-09-30 18:00 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
    2008-09-30 17:59 . 2008-09-30 17:59 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-30 17:59 . 2008-09-10 00:08 38,528 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-30 17:59 . 2008-09-10 00:08 17,200 --a------ I:\WINDOWS\system32\drivers\mbam.sys
    2008-09-30 14:41 . 2008-09-30 14:41 <REP> d-------- I:\Program Files\HDD Health
    2008-09-30 14:19 . 2008-09-30 14:19 <REP> d-------- I:\_OTMoveIt
    2008-09-30 03:43 . 2008-09-30 03:46 <REP> d-------- I:\Program Files\Lopxp
    2008-09-29 22:10 . 2008-09-29 22:10 <REP> d-------- I:\Program Files\Trend Micro
    2008-09-29 20:06 . 2008-09-29 20:06 <REP> d-------- I:\Program Files\MSBuild
    2008-09-29 20:06 . 2008-09-29 20:06 <REP> d-------- I:\Program Files\Microsoft.NET
    2008-09-29 20:06 . 2008-09-29 20:06 <REP> d-------- I:\Program Files\Microsoft Works
    2008-09-29 20:03 . 2008-09-29 20:03 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2008-09-29 20:02 . 2008-09-29 20:02 <REP> d-------- I:\Program Files\iTunes
    2008-09-29 20:02 . 2008-09-29 20:02 <REP> d-------- I:\Program Files\iPod
    2008-09-29 20:02 . 2008-09-29 20:02 <REP> d-------- I:\Program Files\Bonjour
    2008-09-29 20:02 . 2008-09-29 20:02 <REP> d-------- I:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-09-29 20:01 . 2008-09-29 20:01 <REP> d-------- I:\Program Files\Fichiers communs\Apple
    2008-09-29 20:01 . 2008-09-29 20:01 <REP> d-------- I:\Program Files\Apple Software Update
    2008-09-29 20:01 . 2008-09-29 20:01 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Apple
    2008-09-29 19:44 . 2008-09-29 19:54 <REP> d-------- I:\Program Files\uTorrent
    2008-09-29 19:44 . 2008-10-01 00:07 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\uTorrent
    2008-09-29 19:39 . 2008-09-29 23:01 <REP> d-------- I:\Program Files\Winamp Remote
    2008-09-29 19:39 . 2008-09-29 23:01 <REP> d-------- I:\Documents and Settings\All Users\Application Data\OrbNetworks
    2008-09-29 19:19 . 2008-09-29 19:52 <REP> d-------- I:\Program Files\Winamp
    2008-09-29 19:19 . 2008-09-29 19:52 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Winamp
    2008-09-29 19:12 . 2008-09-29 19:12 <REP> d-------- I:\Program Files\Microsoft Visual Studio 8
    2008-09-29 19:12 . 2008-09-30 03:20 69 --a------ I:\WINDOWS\NeroDigital.ini
    2008-09-29 19:11 . 2008-09-29 20:06 <REP> d-------- I:\WINDOWS\SHELLNEW
    2008-09-29 19:11 . 2008-09-29 19:11 <REP> dr-h----- I:\MSOCache
    2008-09-29 19:11 . 2008-09-29 20:08 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-29 18:09 . 2007-03-26 21:04 87,608 --a------ I:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
    2008-09-29 18:09 . 2006-12-30 01:00 24,192 --a------ I:\Documents and Settings\Administrateur\usbsermptxp.sys
    2008-09-29 18:09 . 2006-12-30 01:00 22,768 --a------ I:\Documents and Settings\Administrateur\usbsermpt.sys
    2008-09-29 18:04 . 2008-09-29 18:04 <REP> d-------- I:\Program Files\Fichiers communs\Adobe
    2008-09-29 18:02 . 2008-09-29 18:02 47,184 --a------ I:\WINDOWS\system32\drivers\MiniIcpt.sys
    2008-09-29 18:01 . 2008-09-30 14:29 <REP> d-------- I:\Lop SD
    2008-09-29 17:57 . 2006-11-14 05:05 2,960,384 --a------ I:\WINDOWS\system32\msi.dll
    2008-09-29 17:57 . 2006-11-10 01:48 476,160 --a------ I:\WINDOWS\system32\msihnd.dll
    2008-09-29 17:57 . 2006-11-14 05:06 116,224 --a------ I:\WINDOWS\system32\msiexec.exe
    2008-09-29 17:56 . 2008-09-29 17:56 <REP> d-------- I:\Program Files\PiMPWare
    2008-09-29 17:56 . 2008-09-29 17:56 <REP> d-------- I:\Program Files\AC3Filter
    2008-09-29 17:56 . 2008-09-29 17:56 36,734 --a------ I:\WINDOWS\system32\OggDSuninst.exe
    2008-09-29 17:56 . 2008-09-29 17:56 21,764 --a------ I:\WINDOWS\system32\CoreAAC-uninstall.exe
    2008-09-29 17:55 . 2008-09-29 17:55 <REP> d-------- I:\Program Files\On2 Technologies
    2008-09-29 17:55 . 2008-09-29 17:55 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Media Player Classic
    2008-09-29 17:55 . 2008-09-29 17:55 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\DivX
    2008-09-29 17:55 . 2006-03-24 17:01 630,784 --a------ I:\WINDOWS\system32\vp7vfw.dll
    2008-09-29 17:55 . 2006-03-24 17:09 237,568 --a------ I:\WINDOWS\system32\vp7dec.ax
    2008-09-29 17:55 . 2005-10-25 13:10 53,248 --a------ I:\WINDOWS\system32\vp7dec_settings.cpl
    2008-09-29 17:54 . 2008-09-29 17:54 <REP> d-------- I:\Program Files\Xvid
    2008-09-29 17:54 . 2008-09-29 17:54 <REP> d-------- I:\Program Files\Real Alternative
    2008-09-29 17:54 . 2008-09-29 20:02 <REP> d-------- I:\Program Files\QuickTime Alternative
    2008-09-29 17:54 . 2008-09-29 17:54 <REP> d-------- I:\Program Files\Haali
    2008-09-29 17:54 . 2008-09-29 20:02 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-09-29 17:54 . 2006-11-01 14:52 765,952 --a------ I:\WINDOWS\system32\xvidcore.dll
    2008-09-29 17:54 . 2003-03-19 05:14 499,712 --a------ I:\WINDOWS\system32\msvcp71.dll
    2008-09-29 17:54 . 2004-01-12 00:00 348,160 --a------ I:\WINDOWS\system32\msvcr71.dll
    2008-09-29 17:54 . 2006-11-01 14:54 180,224 --a------ I:\WINDOWS\system32\xvidvfw.dll
    2008-09-29 17:54 . 2006-11-01 15:26 77,824 --a------ I:\WINDOWS\system32\xvid.ax
    2008-09-29 17:52 . 2008-09-29 17:52 <REP> d-------- I:\Program Files\Ripp-It Codec Pack
    2008-09-29 17:52 . 2008-09-29 17:52 <REP> d-------- I:\Program Files\DivX
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\Ripp-it_AM
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\Producer
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\Pack PSP - Ri4m
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\MKVtoolnix
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\AviSynth 2.5
    2008-09-29 17:41 . 2008-09-29 17:41 <REP> d-------- I:\Program Files\Alcohol Soft
    2008-09-29 17:41 . 2004-08-23 13:20 158,720 --a------ I:\WINDOWS\system32\drivers\a347bus.sys
    2008-09-29 17:41 . 2004-04-30 09:33 5,248 --a------ I:\WINDOWS\system32\drivers\a347scsi.sys
    2008-09-29 17:18 . 2008-09-30 00:46 <REP> d-------- I:\Program Files\Navilog1
    2008-09-29 17:17 . 2004-08-04 00:54 21,504 --a------ I:\WINDOWS\system32\hidserv.dll
    2008-09-29 17:16 . 2004-08-04 00:45 14,848 --a------ I:\WINDOWS\system32\drivers\kbdhid.sys
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d--h----- I:\Documents and Settings\Parents\Voisinage r‚seau
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d--h----- I:\Documents and Settings\Parents\Voisinage d'impression
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d--h----- I:\Documents and Settings\Parents\ModŠles
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d---s---- I:\Documents and Settings\Parents\Mes documents
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> dr------- I:\Documents and Settings\Parents\Menu D‚marrer
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d---s---- I:\Documents and Settings\Parents\Favoris
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d-------- I:\Documents and Settings\Parents\Bureau
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d-------- I:\Documents and Settings\Parents
    2008-09-29 17:03 . 2008-09-29 17:03 955,882 ---hs---- I:\WINDOWS\system32\iljlgjwk.ini
    2008-09-29 17:02 . 2004-08-03 23:07 59,264 --a------ I:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-09-29 17:01 . 2005-06-17 01:18 31,744 --a------ I:\WINDOWS\system32\drivers\usbccgp.sys
    2008-09-29 15:48 . 2008-09-29 15:48 <REP> d-------- I:\WINDOWS\system32\bfubackups
    2008-09-29 14:40 . 2008-09-29 14:40 <REP> d-------- I:\Program Files\Nero
    2008-09-29 14:40 . 2008-09-29 14:42 <REP> d-------- I:\Program Files\Fichiers communs\Ahead
    2008-09-29 14:40 . 2008-09-29 14:40 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Nero
    2008-09-29 13:53 . 2008-09-29 22:42 <REP> d-------- I:\WINDOWS\BDOSCAN8
    2008-09-29 13:50 . 2008-09-29 19:49 345 --ahs---- I:\WINDOWS\system32\AHRBKnnn.ini
    2008-09-29 13:28 . 2008-09-29 13:28 <REP> d-------- I:\Documents and Settings\All Users\Application Data\LightScribe
    2008-09-29 13:20 . 2008-09-29 13:20 <REP> d-------- I:\Program Files\Fichiers communs\LightScribe
    2008-09-29 13:18 . 2008-09-29 14:44 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Ahead
    2008-09-29 13:18 . 2008-09-29 14:45 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Ahead
    2008-09-28 23:26 . 2008-09-28 23:26 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-09-28 23:19 . 2008-09-28 23:19 <REP> d-------- I:\Program Files\Fichiers communs\IviSDK
    2008-09-28 23:19 . 2007-07-19 15:44 2,179,072 --a------ I:\WINDOWS\system32\mfc71d.dll
    2008-09-28 23:19 . 2007-07-19 15:44 765,952 --a------ I:\WINDOWS\system32\msvcp71d.dll
    2008-09-28 23:19 . 2007-07-19 15:44 544,768 --a------ I:\WINDOWS\system32\msvcr71d.dll
    2008-09-28 23:19 . 1999-06-24 22:55 149,504 --a------ I:\WINDOWS\system32\UNWISE.EXE
    2008-09-28 23:19 . 2008-09-28 23:19 30 --a------ I:\WINDOWS\system32\UNWISE.INI
    2008-09-28 23:18 . 2008-10-01 00:09 <REP> d-------- I:\Program Files\WinTV
    2008-09-28 23:17 . 2004-08-03 23:10 85,376 --a------ I:\WINDOWS\system32\drivers\NABTSFEC.sys
    2008-09-28 23:17 . 2004-08-03 23:10 19,328 --a------ I:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2008-09-28 23:17 . 2004-08-03 23:10 17,024 --a------ I:\WINDOWS\system32\drivers\CCDECODE.sys
    2008-09-28 23:17 . 2004-08-04 00:55 16,384 --a------ I:\WINDOWS\system32\ipsink.ax
    2008-09-28 23:17 . 2004-08-03 23:10 15,360 --a------ I:\WINDOWS\system32\drivers\StreamIP.sys
    2008-09-28 23:17 . 2004-08-03 23:10 15,360 --a------ I:\WINDOWS\system32\drivers\MPE.sys
    2008-09-28 23:17 . 2004-08-03 23:10 11,136 --a------ I:\WINDOWS\system32\drivers\SLIP.sys
    2008-09-28 23:17 . 2004-08-03 23:10 10,880 --a------ I:\WINDOWS\system32\drivers\NdisIP.sys
    2008-09-28 23:17 . 2004-08-03 22:58 5,504 --a------ I:\WINDOWS\system32\drivers\MSTEE.sys
    2008-09-28 23:17 . 2008-09-28 23:19 1,998 --a------ I:\WINDOWS\HCWPNP.INI
    2008-09-28 14:37 . 2008-09-28 14:37 34 --a------ I:\WINDOWS\cdplayer.ini
    2008-09-28 14:01 . 2008-09-28 14:01 <REP> d-------- I:\Program Files\Messenger Plus! Live
    2008-09-28 13:56 . 2008-09-29 14:13 <REP> d-------- I:\Documents and Settings\Administrateur\Contacts
    2008-09-28 13:53 . 2008-09-28 13:54 <REP> d-------- I:\Program Files\Windows Live

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-27 22:36 --------- d-----w I:\Program Files\Styler
    2008-09-27 21:18 155,995 ----a-w I:\WINDOWS\java\Packages\S3J7R9R3.ZIP
    .

    ------- Sigcheck -------

    2004-08-04 02:55 14336 1bd6c2f707a275cb7c16fd99fe0f31ca I:\WINDOWS\system32\svchost.exe

    2006-12-15 00:21 578048 4a048552ca537ef146a8c21a0881b1ba I:\WINDOWS\system32\user32.dll

    2004-08-04 02:54 82944 bc41f51a39d3b255805fdb759b7814ae I:\WINDOWS\system32\ws2_32.dll

    2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 I:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP2GDR\tcpip.sys
    2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 I:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP2QFE\tcpip.sys
    2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d I:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP3GDR\tcpip.sys
    2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e I:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP3QFE\tcpip.sys
    2004-08-04 14:57 360576 c7be59b07c6eb74bea6fd67c1b164015 I:\WINDOWS\system32\drivers\tcpip.sys

    2006-12-15 00:30 507904 fb66744d525ea5df9a719f1db9b2dff4 I:\WINDOWS\system32\winlogon.exe

    2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e I:\WINDOWS\system32\drivers\ndis.sys

    2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 I:\WINDOWS\system32\drivers\ip6fw.sys

    2004-08-28 14:00 2175488 ef82e2aba188743cb88c220e22953966 I:\WINDOWS\system32\ntkrnlpa.exe

    2001-08-28 14:00 2295808 2f8ac58c3a7f73bc5ae132f2b452f6ce I:\WINDOWS\system32\ntoskrnl.exe

    2001-08-28 14:00 1934848 1630d57b8370b7a20a41bb4c1e459edf I:\WINDOWS\explorer.exe

    2004-08-04 02:55 108544 732e0b1abaace15d80ec19056b0a2af9 I:\WINDOWS\system32\services.exe

    2004-08-04 02:54 13312 9f3744a5c6f49291a7a685040a013399 I:\WINDOWS\system32\lsass.exe

    2006-12-06 18:56 25088 43836cffabac8d6779e8ee55e308df2c I:\WINDOWS\system32\ctfmon.exe

    2006-12-24 03:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 I:\WINDOWS\system32\spoolsv.exe

    2004-08-04 02:55 25088 d6d65ea32b190401b57edb6706f29669 I:\WINDOWS\system32\userinit.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2006-12-06 25088]
    "Sidebar"="I:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
    "UberIcon"="I:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224]
    "LightScribe Control Panel"="I:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
    "Orb"="I:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
    "HDDHealth"="I:\Program Files\HDD Health\HDDHealth.exe" [2008-02-01 1607168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-10-10 180224]
    "StartCCC"="I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "NeroFilterCheck"="I:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "QuickTime Task"="I:\Program Files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
    "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 I:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="I:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
    "nltide_3"="advpack.dll" [2008-06-23 I:\WINDOWS\system32\advpack.dll]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=vxlqhu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7glxx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
    --a------ 2007-08-01 04:26 675840 I:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "I:\\WINDOWS\\system32\\sessmgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "I:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
    "I:\\WINDOWS\\system32\\winver.exe"=
    "I:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "I:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "I:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "I:\\Program Files\\uTorrent\\uTorrent.exe"=
    "I:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "I:\\Program Files\\iTunes\\iTunes.exe"=
    "I:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "I:\\Documents and Settings\\Administrateur\\Bureau\\PimpStreamerDLNA12.exe"=
    "I:\\Documents and Settings\\Administrateur\\Bureau\\microtorrent_torrent_1.8_build_11813_anglais_18245.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;I:\WINDOWS\system32\drivers\hcw88aud.sys [2007-01-23 11904]
    R2 EPGService;EPGService;I:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2007-09-05 374272]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;I:\WINDOWS\system32\drivers\hcw88bda.sys [2007-01-23 207872]
    R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;I:\WINDOWS\system32\Drivers\hcw88rc5.sys [2007-01-23 11776]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;I:\WINDOWS\system32\drivers\hcw88tse.sys [2007-01-23 299776]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;I:\WINDOWS\system32\drivers\hcw88tun.sys [2007-01-23 149504]
    R3 hcw88vid;Hauppauge WinTV 88x Video;I:\WINDOWS\system32\drivers\hcw88vid.sys [2007-01-23 498176]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;I:\WINDOWS\system32\drivers\HCW88BAR.sys [2007-01-23 23552]
    R3 usbstor;Pilote de stockage de masse USB;I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
    S2 iujqwriyouc;iujqwriyouc;I:\WINDOWS\system32\drivers\xrjbpnrcxxgs.sys [ ]
    S4 Dnscache;Client DNS;I:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
    \Shell\AutoRun\command - P:\SETUP.EXE
    \Shell\configure\command - P:\SETUP.EXE
    \Shell\install\command - P:\SETUP.EXE

    *Newly Created Service* - HELPSVC

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "I:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Tâches planifiées'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    Toolbar-SaveLinksOrder - (no file)
    Toolbar-Locked - (no file)
    Toolbar-ITBarLayout - (no file)
    Toolbar-ITBarLayout - (no file)
    MSConfigStartUp-00170de9 - I:\WINDOWS\system32\iqloknyh.dll
    MSConfigStartUp-runner1 - I:\WINDOWS\faceback.exe


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - I:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ovbtsvvd.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-01 00:09:02
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    I:\WINDOWS\system32\ati2evxx.exe
    I:\WINDOWS\system32\ati2evxx.exe
    I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    I:\Program Files\Bonjour\mDNSResponder.exe
    I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    I:\Program Files\WinTV\Ir.exe
    I:\WINDOWS\system32\wscntfy.exe
    I:\Program Files\Winamp Remote\bin\Orb.exe
    I:\Program Files\iPod\bin\iPodService.exe
    I:\ComboFix\pv.cfexe
    I:\Program Files\Mozilla Firefox\firefox.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-01 0:10:53 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-09-30 22:10:50

    Avant-CF: 426 418 176 000 octets libres
    Après-CF: 426,360,066,048 octets libres

    292


    et voila pour Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:17, on 01/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\Ati2evxx.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\Ati2evxx.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    I:\Program Files\Bonjour\mDNSResponder.exe
    I:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    I:\WINDOWS\RTHDCPL.EXE
    I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    I:\Program Files\iTunes\iTunesHelper.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Program Files\Windows Sidebar\sidebar.exe
    I:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    I:\Program Files\Winamp Remote\bin\OrbTray.exe
    I:\Program Files\HDD Health\HDDHealth.exe
    I:\Program Files\Windows Sidebar\sidebar.exe
    I:\Program Files\WinTV\Ir.exe
    I:\WINDOWS\system32\wscntfy.exe
    I:\Program Files\Winamp Remote\bin\Orb.exe
    I:\Program Files\iPod\bin\iPodService.exe
    I:\Program Files\Mozilla Firefox\firefox.exe
    I:\WINDOWS\explorer.exe
    I:\WINDOWS\system32\NOTEPAD.EXE
    I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - I:\Program Files\Styler\TB\StylerTB.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [StartCCC] I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sidebar] I:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [UberIcon] "I:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] I:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Orb] "I:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [HDDHealth] I:\Program Files\HDD Health\HDDHealth.exe -wl
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: AutoStart IR.lnk = I:\Program Files\WinTV\Ir.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O20 - AppInit_DLLs: vxlqhu.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - I:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: EPGService - Hauppauge Computer Works - I:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 7145 bytes

    A tres bientot! :hello: 
    1 Octobre 2008 23:56:25

    :hello: 

    Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

    Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

    KillAll::

    Driver::
    iujqwriyouc

    File::
    I:\WINDOWS\system32\iljlgjwk.ini
    I:\WINDOWS\system32\AHRBKnnn.ini
    I:\WINDOWS\system32\drivers\xrjbpnrcxxgs.sys

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7glxx.sys]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]



    => Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colles y le texte (CTRL + V)
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc Notes

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



    * Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    * Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
    Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
    * Poste un nouveau rapport hijackthis.

    ;) 
    2 Octobre 2008 23:15:22

    bon...

    Alors, voila le rapport CF:

    ComboFix 08-09-30.02 - Administrateur 2008-10-02 23:06:16.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2900 [GMT 2:00]
    Lancé depuis: I:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: I:\Documents and Settings\Administrateur\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    I:\WINDOWS\system32\AHRBKnnn.ini
    I:\WINDOWS\system32\drivers\xrjbpnrcxxgs.sys
    I:\WINDOWS\system32\iljlgjwk.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    I:\WINDOWS\system32\AHRBKnnn.ini
    I:\WINDOWS\system32\iljlgjwk.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IUJQWRIYOUC
    -------\Service_iujqwriyouc


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-02 22:41 . 2008-10-02 22:42 <REP> d-------- I:\Program Files\Corel
    2008-10-02 22:25 . 2008-10-02 22:43 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Corel
    2008-10-02 22:20 . 2008-10-02 22:20 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Corel
    2008-10-02 22:15 . 2008-10-02 22:59 3,140 --ahs---- I:\WINDOWS\system32\KGyGaAvL.sys
    2008-10-02 22:15 . 2008-10-02 22:43 88 -r-hs---- I:\WINDOWS\system32\D979F7A37F.sys
    2008-10-02 14:52 . 2008-10-02 14:52 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\SPORE
    2008-10-02 14:43 . 2008-10-02 14:43 <REP> d-------- I:\Program Files\Electronic Arts
    2008-10-01 13:03 . 2008-10-02 14:47 <REP> d-------- I:\WINDOWS\LastGood.Tmp
    2008-10-01 00:22 . 2008-10-01 00:22 <REP> d-------- I:\Program Files\TopDesk
    2008-10-01 00:22 . 2008-10-01 00:22 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\OtakuSoftware
    2008-09-30 22:09 . 2008-09-30 22:10 <REP> d-------- I:\Program Files\CD-LabelPrint
    2008-09-30 22:09 . 2008-09-30 22:09 <REP> d-------- I:\Program Files\Canon
    2008-09-30 22:08 . 2004-08-03 23:01 25,856 --a------ I:\WINDOWS\system32\drivers\usbprint.sys
    2008-09-30 22:07 . 2008-09-30 22:07 <REP> d--h----- I:\BJPrinter
    2008-09-30 22:07 . 2004-06-15 07:00 116,736 --a------ I:\WINDOWS\system32\CNMLM61.DLL
    2008-09-30 22:07 . 2004-06-04 17:34 86,016 --a------ I:\WINDOWS\system32\CNMCP61.exe
    2008-09-30 22:07 . 2004-06-15 07:00 7,680 --a------ I:\WINDOWS\system32\CNMVS61.DLL
    2008-09-30 20:17 . 2008-09-30 20:17 <REP> d-------- I:\rsit
    2008-09-30 18:00 . 2008-09-30 18:00 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-30 17:59 . 2008-09-30 18:00 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
    2008-09-30 17:59 . 2008-09-30 17:59 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-30 17:59 . 2008-09-10 00:08 38,528 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-30 17:59 . 2008-09-10 00:08 17,200 --a------ I:\WINDOWS\system32\drivers\mbam.sys
    2008-09-30 14:41 . 2008-09-30 14:41 <REP> d-------- I:\Program Files\HDD Health
    2008-09-30 14:19 . 2008-09-30 14:19 <REP> d-------- I:\_OTMoveIt
    2008-09-30 03:43 . 2008-09-30 03:46 <REP> d-------- I:\Program Files\Lopxp
    2008-09-29 22:10 . 2008-09-29 22:10 <REP> d-------- I:\Program Files\Trend Micro
    2008-09-29 20:06 . 2008-09-29 20:06 <REP> d-------- I:\Program Files\MSBuild
    2008-09-29 20:06 . 2008-09-29 20:06 <REP> d-------- I:\Program Files\Microsoft.NET
    2008-09-29 20:06 . 2008-09-29 20:06 <REP> d-------- I:\Program Files\Microsoft Works
    2008-09-29 20:03 . 2008-09-29 20:03 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2008-09-29 20:02 . 2008-09-29 20:02 <REP> d-------- I:\Program Files\iTunes
    2008-09-29 20:02 . 2008-09-29 20:02 <REP> d-------- I:\Program Files\iPod
    2008-09-29 20:02 . 2008-10-01 02:26 <REP> d-------- I:\Program Files\Bonjour
    2008-09-29 20:02 . 2008-09-29 20:02 <REP> d-------- I:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-09-29 20:01 . 2008-09-29 20:01 <REP> d-------- I:\Program Files\Fichiers communs\Apple
    2008-09-29 20:01 . 2008-09-29 20:01 <REP> d-------- I:\Program Files\Apple Software Update
    2008-09-29 20:01 . 2008-09-29 20:01 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Apple
    2008-09-29 19:44 . 2008-09-29 19:54 <REP> d-------- I:\Program Files\uTorrent
    2008-09-29 19:44 . 2008-10-02 23:05 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\uTorrent
    2008-09-29 19:39 . 2008-09-29 23:01 <REP> d-------- I:\Program Files\Winamp Remote
    2008-09-29 19:39 . 2008-09-29 23:01 <REP> d-------- I:\Documents and Settings\All Users\Application Data\OrbNetworks
    2008-09-29 19:19 . 2008-09-29 19:52 <REP> d-------- I:\Program Files\Winamp
    2008-09-29 19:19 . 2008-09-29 19:52 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Winamp
    2008-09-29 19:12 . 2008-09-29 19:12 <REP> d-------- I:\Program Files\Microsoft Visual Studio 8
    2008-09-29 19:12 . 2008-10-01 17:07 69 --a------ I:\WINDOWS\NeroDigital.ini
    2008-09-29 19:11 . 2008-09-29 20:06 <REP> d-------- I:\WINDOWS\SHELLNEW
    2008-09-29 19:11 . 2008-09-29 19:11 <REP> dr-h----- I:\MSOCache
    2008-09-29 19:11 . 2008-09-29 20:08 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-29 18:09 . 2007-03-26 21:04 87,608 --a------ I:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
    2008-09-29 18:09 . 2006-12-30 01:00 24,192 --a------ I:\Documents and Settings\Administrateur\usbsermptxp.sys
    2008-09-29 18:09 . 2006-12-30 01:00 22,768 --a------ I:\Documents and Settings\Administrateur\usbsermpt.sys
    2008-09-29 18:04 . 2008-09-29 18:04 <REP> d-------- I:\Program Files\Fichiers communs\Adobe
    2008-09-29 18:02 . 2008-09-29 18:02 47,184 --a------ I:\WINDOWS\system32\drivers\MiniIcpt.sys
    2008-09-29 18:01 . 2008-09-30 14:29 <REP> d-------- I:\Lop SD
    2008-09-29 17:57 . 2006-11-14 05:05 2,960,384 --a------ I:\WINDOWS\system32\msi.dll
    2008-09-29 17:57 . 2006-11-10 01:48 476,160 --a------ I:\WINDOWS\system32\msihnd.dll
    2008-09-29 17:57 . 2006-11-14 05:06 116,224 --a------ I:\WINDOWS\system32\msiexec.exe
    2008-09-29 17:56 . 2008-09-29 17:56 <REP> d-------- I:\Program Files\PiMPWare
    2008-09-29 17:56 . 2008-09-29 17:56 <REP> d-------- I:\Program Files\AC3Filter
    2008-09-29 17:56 . 2008-09-29 17:56 36,734 --a------ I:\WINDOWS\system32\OggDSuninst.exe
    2008-09-29 17:56 . 2008-09-29 17:56 21,764 --a------ I:\WINDOWS\system32\CoreAAC-uninstall.exe
    2008-09-29 17:55 . 2008-09-29 17:55 <REP> d-------- I:\Program Files\On2 Technologies
    2008-09-29 17:55 . 2008-09-29 17:55 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Media Player Classic
    2008-09-29 17:55 . 2008-09-29 17:55 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\DivX
    2008-09-29 17:55 . 2006-03-24 17:01 630,784 --a------ I:\WINDOWS\system32\vp7vfw.dll
    2008-09-29 17:55 . 2006-03-24 17:09 237,568 --a------ I:\WINDOWS\system32\vp7dec.ax
    2008-09-29 17:55 . 2005-10-25 13:10 53,248 --a------ I:\WINDOWS\system32\vp7dec_settings.cpl
    2008-09-29 17:54 . 2008-09-29 17:54 <REP> d-------- I:\Program Files\Xvid
    2008-09-29 17:54 . 2008-09-29 17:54 <REP> d-------- I:\Program Files\Real Alternative
    2008-09-29 17:54 . 2008-09-29 20:02 <REP> d-------- I:\Program Files\QuickTime Alternative
    2008-09-29 17:54 . 2008-09-29 17:54 <REP> d-------- I:\Program Files\Haali
    2008-09-29 17:54 . 2008-09-29 20:02 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-09-29 17:54 . 2006-11-01 14:52 765,952 --a------ I:\WINDOWS\system32\xvidcore.dll
    2008-09-29 17:54 . 2003-03-19 05:14 499,712 --a------ I:\WINDOWS\system32\msvcp71.dll
    2008-09-29 17:54 . 2004-01-12 00:00 348,160 --a------ I:\WINDOWS\system32\msvcr71.dll
    2008-09-29 17:54 . 2006-11-01 14:54 180,224 --a------ I:\WINDOWS\system32\xvidvfw.dll
    2008-09-29 17:54 . 2006-11-01 15:26 77,824 --a------ I:\WINDOWS\system32\xvid.ax
    2008-09-29 17:52 . 2008-09-29 17:52 <REP> d-------- I:\Program Files\Ripp-It Codec Pack
    2008-09-29 17:52 . 2008-09-29 17:52 <REP> d-------- I:\Program Files\DivX
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\Ripp-it_AM
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\Producer
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\Pack PSP - Ri4m
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\MKVtoolnix
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\AviSynth 2.5
    2008-09-29 17:41 . 2008-09-29 17:41 <REP> d-------- I:\Program Files\Alcohol Soft
    2008-09-29 17:41 . 2004-08-23 13:20 158,720 --a------ I:\WINDOWS\system32\drivers\a347bus.sys
    2008-09-29 17:41 . 2004-04-30 09:33 5,248 --a------ I:\WINDOWS\system32\drivers\a347scsi.sys
    2008-09-29 17:18 . 2008-09-30 00:46 <REP> d-------- I:\Program Files\Navilog1
    2008-09-29 17:17 . 2004-08-04 00:54 21,504 --a------ I:\WINDOWS\system32\hidserv.dll
    2008-09-29 17:16 . 2004-08-04 00:45 14,848 --a------ I:\WINDOWS\system32\drivers\kbdhid.sys
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d--h----- I:\Documents and Settings\Parents\Voisinage r‚seau
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d--h----- I:\Documents and Settings\Parents\Voisinage d'impression
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d--h----- I:\Documents and Settings\Parents\ModŠles
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d---s---- I:\Documents and Settings\Parents\Mes documents
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> dr------- I:\Documents and Settings\Parents\Menu D‚marrer
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d---s---- I:\Documents and Settings\Parents\Favoris
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d-------- I:\Documents and Settings\Parents\Bureau
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d-------- I:\Documents and Settings\Parents
    2008-09-29 17:02 . 2004-08-03 23:07 59,264 --a------ I:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-09-29 17:01 . 2005-06-17 01:18 31,744 --a------ I:\WINDOWS\system32\drivers\usbccgp.sys
    2008-09-29 15:48 . 2008-09-29 15:48 <REP> d-------- I:\WINDOWS\system32\bfubackups
    2008-09-29 14:40 . 2008-09-29 14:40 <REP> d-------- I:\Program Files\Nero
    2008-09-29 14:40 . 2008-09-29 14:42 <REP> d-------- I:\Program Files\Fichiers communs\Ahead
    2008-09-29 14:40 . 2008-09-29 14:40 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Nero
    2008-09-29 13:53 . 2008-09-29 22:42 <REP> d-------- I:\WINDOWS\BDOSCAN8
    2008-09-29 13:28 . 2008-09-29 13:28 <REP> d-------- I:\Documents and Settings\All Users\Application Data\LightScribe
    2008-09-29 13:20 . 2008-09-29 13:20 <REP> d-------- I:\Program Files\Fichiers communs\LightScribe
    2008-09-29 13:18 . 2008-09-29 14:44 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Ahead
    2008-09-29 13:18 . 2008-09-29 14:45 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Ahead
    2008-09-28 23:26 . 2008-09-28 23:26 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-09-28 23:19 . 2008-09-28 23:19 <REP> d-------- I:\Program Files\Fichiers communs\IviSDK
    2008-09-28 23:19 . 2007-07-19 15:44 2,179,072 --a------ I:\WINDOWS\system32\mfc71d.dll
    2008-09-28 23:19 . 2007-07-19 15:44 765,952 --a------ I:\WINDOWS\system32\msvcp71d.dll
    2008-09-28 23:19 . 2007-07-19 15:44 544,768 --a------ I:\WINDOWS\system32\msvcr71d.dll
    2008-09-28 23:19 . 1999-06-24 22:55 149,504 --a------ I:\WINDOWS\system32\UNWISE.EXE
    2008-09-28 23:19 . 2008-09-28 23:19 30 --a------ I:\WINDOWS\system32\UNWISE.INI
    2008-09-28 23:18 . 2008-10-01 13:01 <REP> d-------- I:\Program Files\WinTV
    2008-09-28 23:17 . 2004-08-03 23:10 85,376 --a------ I:\WINDOWS\system32\drivers\NABTSFEC.sys
    2008-09-28 23:17 . 2004-08-03 23:10 19,328 --a------ I:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2008-09-28 23:17 . 2004-08-03 23:10 17,024 --a------ I:\WINDOWS\system32\drivers\CCDECODE.sys
    2008-09-28 23:17 . 2004-08-04 00:55 16,384 --a------ I:\WINDOWS\system32\ipsink.ax
    2008-09-28 23:17 . 2004-08-03 23:10 15,360 --a------ I:\WINDOWS\system32\drivers\StreamIP.sys
    2008-09-28 23:17 . 2004-08-03 23:10 15,360 --a------ I:\WINDOWS\system32\drivers\MPE.sys
    2008-09-28 23:17 . 2004-08-03 23:10 11,136 --a------ I:\WINDOWS\system32\drivers\SLIP.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-27 22:36 --------- d-----w I:\Program Files\Styler
    .

    ------- Sigcheck -------

    2004-08-04 02:55 14336 1bd6c2f707a275cb7c16fd99fe0f31ca I:\WINDOWS\system32\svchost.exe

    2006-12-15 00:21 578048 4a048552ca537ef146a8c21a0881b1ba I:\WINDOWS\system32\user32.dll

    2004-08-04 02:54 82944 bc41f51a39d3b255805fdb759b7814ae I:\WINDOWS\system32\ws2_32.dll

    2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 I:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP2GDR\tcpip.sys
    2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 I:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP2QFE\tcpip.sys
    2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d I:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP3GDR\tcpip.sys
    2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e I:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP3QFE\tcpip.sys
    2004-08-04 14:57 360576 c7be59b07c6eb74bea6fd67c1b164015 I:\WINDOWS\system32\drivers\tcpip.sys

    2006-12-15 00:30 507904 fb66744d525ea5df9a719f1db9b2dff4 I:\WINDOWS\system32\winlogon.exe

    2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e I:\WINDOWS\system32\drivers\ndis.sys

    2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 I:\WINDOWS\system32\drivers\ip6fw.sys

    2004-08-28 14:00 2175488 ef82e2aba188743cb88c220e22953966 I:\WINDOWS\system32\ntkrnlpa.exe

    2001-08-28 14:00 2295808 2f8ac58c3a7f73bc5ae132f2b452f6ce I:\WINDOWS\system32\ntoskrnl.exe

    2001-08-28 14:00 1934848 1630d57b8370b7a20a41bb4c1e459edf I:\WINDOWS\explorer.exe

    2004-08-04 02:55 108544 732e0b1abaace15d80ec19056b0a2af9 I:\WINDOWS\system32\services.exe

    2004-08-04 02:54 13312 9f3744a5c6f49291a7a685040a013399 I:\WINDOWS\system32\lsass.exe

    2006-12-06 18:56 25088 43836cffabac8d6779e8ee55e308df2c I:\WINDOWS\system32\ctfmon.exe

    2006-12-24 03:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 I:\WINDOWS\system32\spoolsv.exe

    2004-08-04 02:55 25088 d6d65ea32b190401b57edb6706f29669 I:\WINDOWS\system32\userinit.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-10-01_ 0.10.36.93 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-02 12:47:52 53,248 ----a-w I:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2008-10-02 12:47:52 12,800 ----a-w I:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2008-10-02 12:47:52 473,600 ----a-w I:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2008-10-02 12:47:52 577,024 ----a-w I:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-10-02 12:47:52 145,920 ----a-w I:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2008-10-02 12:47:52 159,232 ----a-w I:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2008-10-02 12:47:52 364,544 ----a-w I:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2008-10-02 12:47:52 178,176 ----a-w I:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2008-10-02 12:47:52 223,232 ----a-w I:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2008-10-01 00:34:40 11,502 ----a-r I:\WINDOWS\Installer\{C30D91ED-226D-474F-8F46-9F12BE5CB547}\_12db153c.exe
    + 2008-10-01 00:34:40 11,502 ----a-r I:\WINDOWS\Installer\{C30D91ED-226D-474F-8F46-9F12BE5CB547}\_7e87390c.exe
    + 2008-10-01 00:34:40 11,502 ----a-r I:\WINDOWS\Installer\{C30D91ED-226D-474F-8F46-9F12BE5CB547}\_bb32ea6.exe
    + 2008-10-01 00:34:40 11,502 ----a-r I:\WINDOWS\Installer\{C30D91ED-226D-474F-8F46-9F12BE5CB547}\_f3e99.exe
    + 2004-08-03 21:08:00 60,288 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\drmk.sys
    + 2006-10-31 09:26:12 36,864 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\hidclass.sys
    + 2004-08-03 21:08:18 24,960 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\hidparse.sys
    + 2001-08-17 20:02:20 9,600 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\hidusb.sys
    + 2004-08-03 22:45:12 25,216 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\kbdclass.sys
    + 2004-08-03 22:45:14 14,848 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\kbdhid.sys
    + 2005-12-28 23:29:30 141,056 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\ks.sys
    + 2004-08-03 22:37:26 23,680 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\mouclass.sys
    + 2001-08-23 15:04:42 12,288 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\mouhid.sys
    + 2004-03-16 08:58:20 136,960 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\portcls.sys
    + 2005-11-04 23:55:10 48,768 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\stream.sys
    + 2004-08-03 21:07:56 59,264 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\USBAUDIO.sys
    + 2005-06-16 23:18:04 31,744 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\usbccgp.sys
    + 2006-10-23 11:14:42 59,264 ----a-w I:\WINDOWS\LastGood.Tmp\system32\drivers\usbhub.sys
    + 2004-08-03 22:54:28 20,992 ----a-w I:\WINDOWS\LastGood.Tmp\system32\hid.dll
    + 2004-08-03 22:54:28 21,504 ----a-w I:\WINDOWS\LastGood.Tmp\system32\hidserv.dll
    + 2004-08-03 22:54:30 4,096 ----a-w I:\WINDOWS\LastGood.Tmp\system32\ksuser.dll
    + 2004-08-03 22:55:04 23,552 ----a-w I:\WINDOWS\LastGood.Tmp\system32\wdmaud.drv
    + 2005-03-18 15:23:10 53,248 ----a-w I:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2005-03-18 15:23:10 12,800 ----a-w I:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
    + 2005-03-18 15:23:14 473,600 ----a-w I:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
    + 2005-03-18 15:23:10 145,920 ----a-w I:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
    + 2005-03-18 15:23:10 159,232 ----a-w I:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
    + 2005-03-18 15:23:14 364,544 ----a-w I:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
    + 2005-03-18 15:23:12 178,176 ----a-w I:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
    + 2005-03-18 15:23:14 223,232 ----a-w I:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
    + 2005-07-22 15:21:34 577,024 ----a-w I:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-07-22 17:59:04 2,319,568 ----a-w I:\WINDOWS\system32\d3dx9_27.dll
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2006-12-06 25088]
    "Sidebar"="I:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
    "UberIcon"="I:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224]
    "LightScribe Control Panel"="I:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
    "Orb"="I:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
    "HDDHealth"="I:\Program Files\HDD Health\HDDHealth.exe" [2008-02-01 1607168]
    "TopDesk"="I:\Program Files\TopDesk\topdesk.exe" [2007-06-20 1912832]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-10-10 180224]
    "StartCCC"="I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "NeroFilterCheck"="I:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "QuickTime Task"="I:\Program Files\QuickTime Alternative\qttask.exe" [2008-09-06 413696]
    "iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
    "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 I:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="I:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
    "nltide_3"="advpack.dll" [2008-06-23 I:\WINDOWS\system32\advpack.dll]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
    --a------ 2007-08-01 04:26 675840 I:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "I:\\WINDOWS\\system32\\sessmgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "I:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
    "I:\\WINDOWS\\system32\\winver.exe"=
    "I:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "I:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "I:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "I:\\Program Files\\uTorrent\\uTorrent.exe"=
    "I:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "I:\\Program Files\\iTunes\\iTunes.exe"=
    "I:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "I:\\Documents and Settings\\Administrateur\\Bureau\\microtorrent_torrent_1.8_build_11813_anglais_18245.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "I:\\Program Files\\PiMPWare\\PiMPStreamer\\PimpStreamer.exe"=

    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;I:\WINDOWS\system32\drivers\hcw88aud.sys [2007-01-23 11904]
    R2 EPGService;EPGService;I:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2007-09-05 374272]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;I:\WINDOWS\system32\drivers\hcw88bda.sys [2007-01-23 207872]
    R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;I:\WINDOWS\system32\Drivers\hcw88rc5.sys [2007-01-23 11776]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;I:\WINDOWS\system32\drivers\hcw88tse.sys [2007-01-23 299776]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;I:\WINDOWS\system32\drivers\hcw88tun.sys [2007-01-23 149504]
    R3 hcw88vid;Hauppauge WinTV 88x Video;I:\WINDOWS\system32\drivers\hcw88vid.sys [2007-01-23 498176]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;I:\WINDOWS\system32\drivers\HCW88BAR.sys [2007-01-23 23552]
    R3 usbstor;Pilote de stockage de masse USB;I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
    S4 Dnscache;Client DNS;I:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "I:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Tâches planifiées'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    Toolbar-ITBarLayout - (no file)
    Toolbar-ITBarLayout - (no file)



    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-02 23:08:39
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: I:\WINDOWS\explorer.exe
    -> C:\Program Files\UberIcon\UberIcon.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    I:\WINDOWS\system32\ati2evxx.exe
    I:\WINDOWS\system32\ati2evxx.exe
    I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    I:\Program Files\Bonjour\mDNSResponder.exe
    I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    I:\WINDOWS\system32\wscntfy.exe
    I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    I:\Program Files\WinTV\Ir.exe
    I:\Program Files\Winamp Remote\bin\Orb.exe
    I:\Program Files\iPod\bin\iPodService.exe
    I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    I:\Program Files\Mozilla Firefox\firefox.exe
    I:\ComboFix\pv.cfexe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-02 23:10:37 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-02 21:10:32
    ComboFix2.txt 2008-09-30 22:10:54

    Avant-CF: 411 636 162 560 octets libres
    Après-CF: 411,678,973,952 octets libres

    332

    et le rapport HJT:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:13, on 02/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\Ati2evxx.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\Ati2evxx.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    I:\Program Files\Bonjour\mDNSResponder.exe
    I:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    I:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    I:\WINDOWS\RTHDCPL.EXE
    I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    I:\Program Files\iTunes\iTunesHelper.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Program Files\Windows Sidebar\sidebar.exe
    I:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    I:\Program Files\Winamp Remote\bin\OrbTray.exe
    I:\Program Files\HDD Health\HDDHealth.exe
    I:\Program Files\TopDesk\topdesk.exe
    I:\Program Files\WinTV\Ir.exe
    I:\Program Files\Windows Sidebar\sidebar.exe
    I:\Program Files\Winamp Remote\bin\Orb.exe
    I:\Program Files\iPod\bin\iPodService.exe
    I:\WINDOWS\system32\wuauclt.exe
    I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    I:\Program Files\Mozilla Firefox\firefox.exe
    I:\WINDOWS\explorer.exe
    I:\WINDOWS\system32\notepad.exe
    I:\Program Files\uTorrent\uTorrent.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - I:\Program Files\Styler\TB\StylerTB.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [StartCCC] I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sidebar] I:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [UberIcon] "I:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] I:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Orb] "I:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [HDDHealth] I:\Program Files\HDD Health\HDDHealth.exe -wl
    O4 - HKCU\..\Run: [TopDesk] I:\Program Files\TopDesk\topdesk.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: AutoStart IR.lnk = I:\Program Files\WinTV\Ir.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - I:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: EPGService - Hauppauge Computer Works - I:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 7346 bytes

    Et voila, j'espere en avoir fini avec tout ca... cela dit ce we je ne suis pas la, donc je verrai ta reponse des lundi!
    Au fait, il n'y a plus de fenetres de pub intempestives sur firefox!
    c'est deja bon signe non?!!!
    Merci en tout cas!
    3 Octobre 2008 14:02:19

    Re,

    Je te le ferai savoir quand ce sera fini :) 

    Tu as ton CD de windows ou pas ?

    Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

    Télécharge SDFix (d’Andy Manchesta)

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<

    Note : Si SDFix ne se lance pas (ça arrive!)

    * Démarrer->Exécuter
    * Copie/colle ceci:
    Citation :
    %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

    * Clique sur ok, et valide.
    * Redémarre et essaye de nouveau de lancer SDFix.

    Aide : Comment faire démarrer son ordinateur en mode sans échec.

    ;) 
    6 Octobre 2008 00:35:35

    re!

    Bon alors, en fait c'est un ami qui m'a reinstallé windows et je n'ai pas le cd (en fait j'en ai un, mais il ne me l'a pas installé depuis ce cd... c'est une version pro, et moi j'ai le cd de la version Home...)
    Voila, donc non je n'ai pas le CD.

    Sinon voila pour mon rapport!


    SDFix: Version 1.231
    Run by Administrateur on 06/10/2008 at 00:22

    Microsoft Windows XP [version 5.1.2600]
    Running From: I:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-06 00:28:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
    "ujdew"=hex:20,02,00,00,b0,98,70,a5,9b,bd,ee,cd,18,52,76,b0,a4,1c,77,f4,02,..
    "ljej40"=hex:e0,66,88,bc,b7,0f,60,c4,9f,51,60,80,9c,61,04,e8,54,c1,2f,07,4d,..
    "ljej41"=hex:58,66,88,bc,cf,0f,60,c4,9e,51,61,80,9d,61,04,e8,54,c1,2f,07,1b,..
    "ljej42"=hex:58,66,88,bc,cf,0f,60,c4,9e,51,61,80,9d,61,04,e8,54,c1,2f,07,1b,..
    "ljej43"=hex:58,66,88,bc,cf,0f,60,c4,9e,51,61,80,9d,61,04,e8,54,c1,2f,07,1b,..
    "ljej44"=hex:58,66,88,bc,cf,0f,60,c4,9e,51,61,80,9d,61,04,e8,54,c1,2f,07,1b,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120%"

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "I:\\WINDOWS\\system32\\sessmgr.exe"="I:\\WINDOWS\\system32\\sessmgr.exe:*:D isabled:@xpsp2res.dll,-22019"
    "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="I:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "I:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"="I:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
    "I:\\WINDOWS\\system32\\winver.exe"="I:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"
    "I:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="I:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:o rb"
    "I:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="I:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:o rbTray"
    "I:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="I:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:o rb Stream Client"
    "I:\\Program Files\\uTorrent\\uTorrent.exe"="I:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "I:\\Program Files\\Bonjour\\mDNSResponder.exe"="I:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "I:\\Program Files\\iTunes\\iTunes.exe"="I:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "I:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="I:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "I:\\Documents and Settings\\Administrateur\\Bureau\\microtorrent_torrent_1.8_build_11813_anglais_18245.exe"="I:\\Documents and Settings\\Administrateur\\Bureau\\microtorrent_torrent_1.8_build_11813_anglais_18245.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
    "I:\\Program Files\\PiMPWare\\PiMPStreamer\\PimpStreamer.exe"="I:\\Program Files\\PiMPWare\\PiMPStreamer\\PimpStreamer.exe:*:Enabled:p impStreamer, Streams video from PC to PSP Realtime!"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="I:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :



    Files with Hidden Attributes :

    Thu 2 Oct 2008 88 ..SHR --- "I:\WINDOWS\system32\D979F7A37F.sys"
    Thu 2 Oct 2008 3,140 A.SH. --- "I:\WINDOWS\system32\KGyGaAvL.sys"

    Finished!


    voila voila... j'espere qu'on en viendra a bout, parce que ca en fait des rapports la!!! lol
    Merci en tt cas!
    6 Octobre 2008 15:35:41

    Re,

    Poste un nouveau rapport Combofix et dis-moi comment va le PC.

    ;) 
    6 Octobre 2008 15:48:47

    :)  Re!
    C'est bien les vacances^^ Bon je ne pense pas etre la dans les 2-3 jours a venir, je repars un peu hi hi!
    Donc voila le rapport Combofix

    ComboFix 08-09-30.02 - Administrateur 2008-10-06 15:41:33.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2814 [GMT 2:00]
    Lancé depuis: I:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-06 au 2008-10-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-06 00:21 . 2008-10-06 00:21 578,048 --a--c--- I:\WINDOWS\system32\dllcache\user32.dll
    2008-10-06 00:19 . 2008-10-06 00:19 <REP> d-------- I:\WINDOWS\ERUNT
    2008-10-06 00:17 . 2008-10-06 00:29 <REP> d-------- I:\SDFix
    2008-10-05 23:49 . 2008-10-05 23:49 <REP> d-------- I:\WINDOWS\Sun
    2008-10-05 23:48 . 2008-10-05 23:48 <REP> d-------- I:\Program Files\Sun
    2008-10-05 23:47 . 2008-10-05 23:47 <REP> d-------- I:\Program Files\Java
    2008-10-05 23:47 . 2008-06-10 02:32 73,728 --a------ I:\WINDOWS\system32\javacpl.cpl
    2008-10-05 23:46 . 2008-10-05 23:46 <REP> d-------- I:\Program Files\Fichiers communs\Java
    2008-10-02 23:21 . 2008-10-02 23:21 <REP> d-------- I:\Program Files\Fichiers communs\Corel
    2008-10-02 22:41 . 2008-10-02 22:42 <REP> d-------- I:\Program Files\Corel
    2008-10-02 22:25 . 2008-10-03 00:41 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Corel
    2008-10-02 22:20 . 2008-10-02 22:20 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Corel
    2008-10-02 22:15 . 2008-10-02 23:32 3,140 --ahs---- I:\WINDOWS\system32\KGyGaAvL.sys
    2008-10-02 22:15 . 2008-10-02 23:23 88 -r-hs---- I:\WINDOWS\system32\D979F7A37F.sys
    2008-10-02 14:52 . 2008-10-02 14:52 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\SPORE
    2008-10-02 14:43 . 2008-10-02 14:43 <REP> d-------- I:\Program Files\Electronic Arts
    2008-10-01 00:22 . 2008-10-01 00:22 <REP> d-------- I:\Program Files\TopDesk
    2008-10-01 00:22 . 2008-10-01 00:22 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\OtakuSoftware
    2008-09-30 22:09 . 2008-09-30 22:10 <REP> d-------- I:\Program Files\CD-LabelPrint
    2008-09-30 22:09 . 2008-09-30 22:09 <REP> d-------- I:\Program Files\Canon
    2008-09-30 22:08 . 2004-08-03 23:01 25,856 --a------ I:\WINDOWS\system32\drivers\usbprint.sys
    2008-09-30 22:07 . 2008-09-30 22:07 <REP> d--h----- I:\BJPrinter
    2008-09-30 22:07 . 2004-06-15 07:00 116,736 --a------ I:\WINDOWS\system32\CNMLM61.DLL
    2008-09-30 22:07 . 2004-06-04 17:34 86,016 --a------ I:\WINDOWS\system32\CNMCP61.exe
    2008-09-30 22:07 . 2004-06-15 07:00 7,680 --a------ I:\WINDOWS\system32\CNMVS61.DLL
    2008-09-30 20:17 . 2008-09-30 20:17 <REP> d-------- I:\rsit
    2008-09-30 18:00 . 2008-09-30 18:00 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-30 17:59 . 2008-09-30 18:00 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
    2008-09-30 17:59 . 2008-09-30 17:59 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-30 17:59 . 2008-09-10 00:08 38,528 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-30 17:59 . 2008-09-10 00:08 17,200 --a------ I:\WINDOWS\system32\drivers\mbam.sys
    2008-09-30 14:41 . 2008-09-30 14:41 <REP> d-------- I:\Program Files\HDD Health
    2008-09-30 14:19 . 2008-09-30 14:19 <REP> d-------- I:\_OTMoveIt
    2008-09-30 03:43 . 2008-09-30 03:46 <REP> d-------- I:\Program Files\Lopxp
    2008-09-29 22:10 . 2008-09-29 22:10 <REP> d-------- I:\Program Files\Trend Micro
    2008-09-29 20:06 . 2008-09-29 20:06 <REP> d-------- I:\Program Files\MSBuild
    2008-09-29 20:06 . 2008-09-29 20:06 <REP> d-------- I:\Program Files\Microsoft.NET
    2008-09-29 20:06 . 2008-09-29 20:06 <REP> d-------- I:\Program Files\Microsoft Works
    2008-09-29 20:03 . 2008-09-29 20:03 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2008-09-29 20:02 . 2008-09-29 20:02 <REP> d-------- I:\Program Files\iTunes
    2008-09-29 20:02 . 2008-09-29 20:02 <REP> d-------- I:\Program Files\iPod
    2008-09-29 20:02 . 2008-10-01 02:26 <REP> d-------- I:\Program Files\Bonjour
    2008-09-29 20:02 . 2008-09-29 20:02 <REP> d-------- I:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-09-29 20:01 . 2008-09-29 20:01 <REP> d-------- I:\Program Files\Fichiers communs\Apple
    2008-09-29 20:01 . 2008-09-29 20:01 <REP> d-------- I:\Program Files\Apple Software Update
    2008-09-29 20:01 . 2008-09-29 20:01 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Apple
    2008-09-29 19:44 . 2008-09-29 19:54 <REP> d-------- I:\Program Files\uTorrent
    2008-09-29 19:44 . 2008-10-06 15:33 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\uTorrent
    2008-09-29 19:39 . 2008-09-29 23:01 <REP> d-------- I:\Program Files\Winamp Remote
    2008-09-29 19:39 . 2008-09-29 23:01 <REP> d-------- I:\Documents and Settings\All Users\Application Data\OrbNetworks
    2008-09-29 19:19 . 2008-09-29 19:52 <REP> d-------- I:\Program Files\Winamp
    2008-09-29 19:19 . 2008-09-29 19:52 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Winamp
    2008-09-29 19:12 . 2008-09-29 19:12 <REP> d-------- I:\Program Files\Microsoft Visual Studio 8
    2008-09-29 19:12 . 2008-10-01 17:07 69 --a------ I:\WINDOWS\NeroDigital.ini
    2008-09-29 19:11 . 2008-09-29 20:06 <REP> d-------- I:\WINDOWS\SHELLNEW
    2008-09-29 19:11 . 2008-09-29 19:11 <REP> dr-h----- I:\MSOCache
    2008-09-29 19:11 . 2008-09-29 20:08 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-29 18:09 . 2007-03-26 21:04 87,608 --a------ I:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
    2008-09-29 18:09 . 2006-12-30 01:00 24,192 --a------ I:\Documents and Settings\Administrateur\usbsermptxp.sys
    2008-09-29 18:09 . 2006-12-30 01:00 22,768 --a------ I:\Documents and Settings\Administrateur\usbsermpt.sys
    2008-09-29 18:04 . 2008-09-29 18:04 <REP> d-------- I:\Program Files\Fichiers communs\Adobe
    2008-09-29 18:02 . 2008-09-29 18:02 47,184 --a------ I:\WINDOWS\system32\drivers\MiniIcpt.sys
    2008-09-29 18:01 . 2008-09-30 14:29 <REP> d-------- I:\Lop SD
    2008-09-29 17:57 . 2006-11-14 05:05 2,960,384 --a------ I:\WINDOWS\system32\msi.dll
    2008-09-29 17:57 . 2006-11-10 01:48 476,160 --a------ I:\WINDOWS\system32\msihnd.dll
    2008-09-29 17:57 . 2006-11-14 05:06 116,224 --a------ I:\WINDOWS\system32\msiexec.exe
    2008-09-29 17:56 . 2008-09-29 17:56 <REP> d-------- I:\Program Files\PiMPWare
    2008-09-29 17:56 . 2008-09-29 17:56 <REP> d-------- I:\Program Files\AC3Filter
    2008-09-29 17:56 . 2008-09-29 17:56 36,734 --a------ I:\WINDOWS\system32\OggDSuninst.exe
    2008-09-29 17:56 . 2008-09-29 17:56 21,764 --a------ I:\WINDOWS\system32\CoreAAC-uninstall.exe
    2008-09-29 17:55 . 2008-09-29 17:55 <REP> d-------- I:\Program Files\On2 Technologies
    2008-09-29 17:55 . 2008-09-29 17:55 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Media Player Classic
    2008-09-29 17:55 . 2008-09-29 17:55 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\DivX
    2008-09-29 17:55 . 2006-03-24 17:01 630,784 --a------ I:\WINDOWS\system32\vp7vfw.dll
    2008-09-29 17:55 . 2006-03-24 17:09 237,568 --a------ I:\WINDOWS\system32\vp7dec.ax
    2008-09-29 17:55 . 2005-10-25 13:10 53,248 --a------ I:\WINDOWS\system32\vp7dec_settings.cpl
    2008-09-29 17:54 . 2008-09-29 17:54 <REP> d-------- I:\Program Files\Xvid
    2008-09-29 17:54 . 2008-09-29 17:54 <REP> d-------- I:\Program Files\Real Alternative
    2008-09-29 17:54 . 2008-09-29 20:02 <REP> d-------- I:\Program Files\QuickTime Alternative
    2008-09-29 17:54 . 2008-09-29 17:54 <REP> d-------- I:\Program Files\Haali
    2008-09-29 17:54 . 2008-09-29 20:02 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-09-29 17:54 . 2006-11-01 14:52 765,952 --a------ I:\WINDOWS\system32\xvidcore.dll
    2008-09-29 17:54 . 2003-03-19 05:14 499,712 --a------ I:\WINDOWS\system32\msvcp71.dll
    2008-09-29 17:54 . 2004-01-12 00:00 348,160 --a------ I:\WINDOWS\system32\msvcr71.dll
    2008-09-29 17:54 . 2006-11-01 14:54 180,224 --a------ I:\WINDOWS\system32\xvidvfw.dll
    2008-09-29 17:54 . 2006-11-01 15:26 77,824 --a------ I:\WINDOWS\system32\xvid.ax
    2008-09-29 17:52 . 2008-09-29 17:52 <REP> d-------- I:\Program Files\Ripp-It Codec Pack
    2008-09-29 17:52 . 2008-09-29 17:52 <REP> d-------- I:\Program Files\DivX
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\Ripp-it_AM
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\Producer
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\Pack PSP - Ri4m
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\MKVtoolnix
    2008-09-29 17:51 . 2008-09-29 17:51 <REP> d-------- I:\Program Files\AviSynth 2.5
    2008-09-29 17:41 . 2008-09-29 17:41 <REP> d-------- I:\Program Files\Alcohol Soft
    2008-09-29 17:41 . 2004-08-23 13:20 158,720 --a------ I:\WINDOWS\system32\drivers\a347bus.sys
    2008-09-29 17:41 . 2004-04-30 09:33 5,248 --a------ I:\WINDOWS\system32\drivers\a347scsi.sys
    2008-09-29 17:18 . 2008-09-30 00:46 <REP> d-------- I:\Program Files\Navilog1
    2008-09-29 17:17 . 2004-08-04 00:54 21,504 --a------ I:\WINDOWS\system32\hidserv.dll
    2008-09-29 17:16 . 2004-08-04 00:45 14,848 --a------ I:\WINDOWS\system32\drivers\kbdhid.sys
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d--h----- I:\Documents and Settings\Parents\Voisinage r‚seau
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d--h----- I:\Documents and Settings\Parents\Voisinage d'impression
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d--h----- I:\Documents and Settings\Parents\ModŠles
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d---s---- I:\Documents and Settings\Parents\Mes documents
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> dr------- I:\Documents and Settings\Parents\Menu D‚marrer
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d---s---- I:\Documents and Settings\Parents\Favoris
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d-------- I:\Documents and Settings\Parents\Bureau
    2008-09-29 17:11 . 2008-09-29 17:11 <REP> d-------- I:\Documents and Settings\Parents
    2008-09-29 17:02 . 2004-08-03 23:07 59,264 --a------ I:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-09-29 17:01 . 2005-06-17 01:18 31,744 --a------ I:\WINDOWS\system32\drivers\usbccgp.sys
    2008-09-29 15:48 . 2008-09-29 15:48 <REP> d-------- I:\WINDOWS\system32\bfubackups
    2008-09-29 14:40 . 2008-09-29 14:40 <REP> d-------- I:\Program Files\Nero
    2008-09-29 14:40 . 2008-09-29 14:42 <REP> d-------- I:\Program Files\Fichiers communs\Ahead
    2008-09-29 14:40 . 2008-09-29 14:40 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Nero
    2008-09-29 13:53 . 2008-09-29 22:42 <REP> d-------- I:\WINDOWS\BDOSCAN8
    2008-09-29 13:28 . 2008-09-29 13:28 <REP> d-------- I:\Documents and Settings\All Users\Application Data\LightScribe
    2008-09-29 13:20 . 2008-09-29 13:20 <REP> d-------- I:\Program Files\Fichiers communs\LightScribe
    2008-09-29 13:18 . 2008-09-29 14:44 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Ahead
    2008-09-29 13:18 . 2008-09-29 14:45 <REP> d-------- I:\Documents and Settings\Administrateur\Application Data\Ahead
    2008-09-28 23:26 . 2008-09-28 23:26 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-09-28 23:19 . 2008-09-28 23:19 <REP> d-------- I:\Program Files\Fichiers communs\IviSDK
    2008-09-28 23:19 . 2007-07-19 15:44 2,179,072 --a------ I:\WINDOWS\system32\mfc71d.dll
    2008-09-28 23:19 . 2007-07-19 15:44 765,952 --a------ I:\WINDOWS\system32\msvcp71d.dll
    2008-09-28 23:19 . 2007-07-19 15:44 544,768 --a------ I:\WINDOWS\system32\msvcr71d.dll
    2008-09-28 23:19 . 1999-06-24 22:55 149,504 --a------ I:\WINDOWS\system32\UNWISE.EXE
    2008-09-28 23:19 . 2008-09-28 23:19 30 --a------ I:\WINDOWS\system32\UNWISE.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-27 22:36 --------- d-----w I:\Program Files\Styler
    2008-09-27 21:18 155,995 ----a-w I:\WINDOWS\java\Packages\S3J7R9R3.ZIP
    2008-08-29 08:18 87,336 ----a-w I:\WINDOWS\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w I:\WINDOWS\system32\dnssd.dll
    2008-07-18 20:10 94,920 ----a-w I:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w I:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w I:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w I:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w I:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w I:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w I:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w I:\WINDOWS\system32\wuaueng.dll
    .

    ------- Sigcheck -------

    2004-08-04 02:55 14336 1bd6c2f707a275cb7c16fd99fe0f31ca I:\WINDOWS\system32\svchost.exe

    2006-12-15 00:21 578048 4a048552ca537ef146a8c21a0881b1ba I:\WINDOWS\system32\user32.dll
    2008-10-06 00:21 578048 4a048552ca537ef146a8c21a0881b1ba I:\WINDOWS\system32\dllcache\user32.dll

    2004-08-04 02:54 82944 bc41f51a39d3b255805fdb759b7814ae I:\WINDOWS\system32\ws2_32.dll

    2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 I:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP2GDR\tcpip.sys
    2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 I:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP2QFE\tcpip.sys
    2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d I:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP3GDR\tcpip.sys
    2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e I:\WINDOWS\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP3QFE\tcpip.sys
    2004-08-04 14:57 360576 c7be59b07c6eb74bea6fd67c1b164015 I:\WINDOWS\system32\drivers\tcpip.sys

    2006-12-15 00:30 507904 fb66744d525ea5df9a719f1db9b2dff4 I:\WINDOWS\system32\winlogon.exe

    2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e I:\WINDOWS\system32\drivers\ndis.sys

    2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 I:\WINDOWS\system32\drivers\ip6fw.sys

    2004-08-28 14:00 2175488 ef82e2aba188743cb88c220e22953966 I:\WINDOWS\system32\ntkrnlpa.exe

    2001-08-28 14:00 2295808 2f8ac58c3a7f73bc5ae132f2b452f6ce I:\WINDOWS\system32\ntoskrnl.exe

    2001-08-28 14:00 1934848 1630d57b8370b7a20a41bb4c1e459edf I:\WINDOWS\explorer.exe

    2004-08-04 02:55 108544 732e0b1abaace15d80ec19056b0a2af9 I:\WINDOWS\system32\services.exe

    2004-08-04 02:54 13312 9f3744a5c6f49291a7a685040a013399 I:\WINDOWS\system32\lsass.exe

    2006-12-06 18:56 25088 43836cffabac8d6779e8ee55e308df2c I:\WINDOWS\system32\ctfmon.exe

    2006-12-24 03:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 I:\WINDOWS\system32\spoolsv.exe

    2004-08-04 02:55 25088 d6d65ea32b190401b57edb6706f29669 I:\WINDOWS\system32\userinit.exe
    .
    ((((((((((((((((((((((((((((( snapshot_2008-10-02_23.10.22.87 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-07 14:27:04 163,328 ----a-w I:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-10-05 22:19:51 3,067,904 ----a-w I:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    + 2008-10-05 22:19:52 172,032 ----a-w I:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-08-07 14:27:04 163,328 ----a-w I:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-10-05 22:19:30 3,067,904 ----a-w I:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
    + 2008-10-05 22:19:31 172,032 ----a-w I:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    + 2008-10-02 21:22:08 19,278 ----a-r I:\WINDOWS\Installer\{93A1B09E-BAFA-4628-A5B6-921CB026955A}\ARPPRODUCTICON.exe
    - 2008-09-29 20:45:01 271,784 ----a-w I:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-10-05 21:06:09 499,920 ----a-w I:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-06-09 23:21:01 135,168 ----a-w I:\WINDOWS\system32\java.exe
    + 2008-06-09 23:21:04 135,168 ----a-w I:\WINDOWS\system32\javaw.exe
    + 2008-06-10 00:32:34 139,264 ----a-w I:\WINDOWS\system32\javaws.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2006-12-06 25088]
    "Sidebar"="I:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
    "UberIcon"="I:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224]
    "LightScribe Control Panel"="I:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
    "Orb"="I:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
    "TopDesk"="I:\Program Files\TopDesk\topdesk.exe" [2007-06-20 1912832]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-10-10 180224]
    "StartCCC"="I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "NeroFilterCheck"="I:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "QuickTime Task"="I:\Program Files\QuickTime Alternative\qttask.exe" [2008-09-06 413696]
    "iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
    "SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 I:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="I:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
    "nltide_3"="advpack.dll" [2008-06-23 I:\WINDOWS\system32\advpack.dll]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
    --a------ 2007-08-01 04:26 675840 I:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "I:\\WINDOWS\\system32\\sessmgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "I:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
    "I:\\WINDOWS\\system32\\winver.exe"=
    "I:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "I:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "I:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "I:\\Program Files\\uTorrent\\uTorrent.exe"=
    "I:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "I:\\Program Files\\iTunes\\iTunes.exe"=
    "I:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "I:\\Documents and Settings\\Administrateur\\Bureau\\microtorrent_torrent_1.8_build_11813_anglais_18245.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "I:\\Program Files\\PiMPWare\\PiMPStreamer\\PimpStreamer.exe"=

    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;I:\WINDOWS\system32\drivers\hcw88aud.sys [2007-01-23 11904]
    R2 EPGService;EPGService;I:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2007-09-05 374272]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;I:\WINDOWS\system32\drivers\hcw88bda.sys [2007-01-23 207872]
    R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;I:\WINDOWS\system32\Drivers\hcw88rc5.sys [2007-01-23 11776]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;I:\WINDOWS\system32\drivers\hcw88tse.sys [2007-01-23 299776]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;I:\WINDOWS\system32\drivers\hcw88tun.sys [2007-01-23 149504]
    R3 hcw88vid;Hauppauge WinTV 88x Video;I:\WINDOWS\system32\drivers\hcw88vid.sys [2007-01-23 498176]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;I:\WINDOWS\system32\drivers\HCW88BAR.sys [2007-01-23 23552]
    R3 usbstor;Pilote de stockage de masse USB;I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
    S4 Dnscache;Client DNS;I:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bcc5db2-9322-11dd-8154-001d92f6da0f}]
    \Shell\AutoRun\command - Q:\PMB_P.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "I:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Tâches planifiées'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    Toolbar-ITBarLayout - (no file)
    Toolbar-ITBarLayout - (no file)


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - I:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ovbtsvvd.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-06 15:43:03
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-10-06 15:43:25
    ComboFix-quarantined-files.txt 2008-10-06 13:43:23
    ComboFix2.txt 2008-10-02 21:10:38
    ComboFix3.txt 2008-09-30 22:10:54

    Avant-CF: 412 065 177 600 octets libres
    Après-CF: 412,114,264,064 octets libres

    280

    Par contre, bizarrement, les pubs avaient COMPLETEMENT disparues, et la elles sont un peu revenues, mais a une dose bien moindre de la derneire fois, c'est supportable je dirai, contrairement a avant!

    Dis moi ce que tu penses du derneir rapport!

    A bientot! ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS