Se connecter / S'enregistrer
Votre question

probleme trojan inconnu

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Juin 2008 22:38:53

Bonjour à tous,
depuis quelques jours j'ai un probleme, c'est à dire, spam, firefox et IE (qui d'ailleurs se remet par défault à chaque fois dans autoriser TOUS les cookies, malgrés reconfiguration moyenne) qui buggent impossible d'ouvrir certaines pages etc, ainsi que les mises à jour sécurité que j'arrive pas à activer (malgrés qqes bidouillages dans services msc) et j'en passe...
J'ai déjà lu qqes sujets sur ce forum pour essayer de savoir comment m'en sortir mais hélas ça déconne tjs, malgrés de nombreux scan de spybot à vundofix etc le tout en mode sans echec.

Donc voici mon log Hijackis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:39, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\Office\PHOTODRW.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Steam\Steam.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {2E178428-068C-4EA7-AEE9-7A754E444EB8} - C:\WINDOWS\system32\qoMfcYst.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {19ea5760-4089-e87a-9b94-9049d851524c} - {c425158d-9409-49b9-a78e-98040675ae91} - C:\WINDOWS\system32\jaxwfr.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] D:\winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BMf7e952e0] Rundll32.exe "C:\WINDOWS\system32\defwnrvj.dll",s
O4 - HKLM\..\Run: [f4da617c] rundll32.exe "C:\WINDOWS\system32\cfgxermo.dll",b
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10155 bytes

Si qqun décèle d'ou viens le probleme, je suis toute ouïe, merci d'avance !

PS : au cas ou ça peut servir, j'ai norton comme antivirus.

Autres pages sur : probleme trojan inconnu

29 Juin 2008 22:52:22

:hello:  Bonjour,

Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

Je te conseille de désinstaller et de supprimer tous tes logiciels de p2p : 50% de ce que tu télécharges via p2p est piégé. Le p2p est le premier vecteur d'infection de nos jours.

***

Télécharge Combofix à partir d'**ICI** ou bien **ICI** et enregistre-le sur ton bureau.

**Note 1 : Dans le cas où tu aurais déjà une version de combofix, il faudra que tu en télécharges une autre, la toute dernière. De plus il est très important de le sauvegarder directement sur ton bureau.**

  • Merci de ne jamais renommer Combofix, sauf si cela t'es expressément demandé.
  • Ferme toutes les fenêtres en cours, sans exception.
  • Désactive toutes les protections résidentes de tous tes logiciels antivirus, antispyware etc. afin que ces derniers n'interfèrent pas avec le bonfonctionnement de Combofix.
    Très important : Désactive temporairement toutes tes protections résidentes de tous tes logiciels de sécurité avant de lancer un scan avec Combofix. Ils risqueraient d'altérer le bon déroulement du scan de Combofix, ce qui pourrait avoir des conséquences imprévues et désastreuses.
  • Clique sur ce lien pour voir une liste de programmes qui devraient systématiquement être désactivés avant l'utilisation de combofix. A noter que la liste n'est pas exhaustive. Si ton logiciel de sécurité n'est pas dans cette liste et que tu ne sais pas comment le désactiver, ou que tu ne comprends pas l'anglais :p  , merci de me poser la question.
  • ATTENTION : Combofix va automatiquement te déconnecter d'internet dès que le scan débute.
  • Merci ne pas essayer de reconnecter ta machine à internet tant que combofix n'a pas fini son travail.
  • Si jamais tu n'arrives plus à te connecter à internet après l'utilisation de combofix, redémarre ton PC pour restaurer la connexion à internet.
  • Double clique sur combofix.exe et suis les instructions qui s'affichent.
  • Quand le scan sera fini, un rapport devrait normalement s'afficher à l'écran.
  • Merci de poster le rapport suivant, "C:\ComboFix.txt" , dans votre prochaine réponse, accompagné d'un nouveau rapport HiJackThis.

    **Note 2 : Ne pas cliquer dans la fenêtre de combofix pendant qu'il travaille. Tu risquerais de planter le PC et de causer d'importants dommages.**

    ;) 
    29 Juin 2008 23:15:32

    Merci pour ta réponse, pour la liste, je veux bien que tu me traduises, j'avoue éhontement que je suis une quiche en anglais. ;) 
    Merci encore.

    PS : tu veux dire quoi par cracks de mon PC ?
    Contenus similaires
    30 Juin 2008 01:39:50

    Merci, j'ai suivi toutes tes recommandation, et voici le rapport de ComboFix :

    ComboFix 08-06-20.4 - user 2008-06-29 23:28:03.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1275 [GMT 2:00]
    Endroit: C:\Documents and Settings\user\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BMf7e952e0.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\bcbLmUtv.ini
    C:\WINDOWS\system32\bcbLmUtv.ini2
    C:\WINDOWS\system32\bIlnTvut.ini
    C:\WINDOWS\system32\bIlnTvut.ini2
    C:\WINDOWS\system32\cbXNHBSi.dll
    C:\WINDOWS\system32\dvaxrhst.ini
    C:\WINDOWS\system32\eqdfcrfw.ini
    C:\WINDOWS\system32\gvgxaygd.ini
    C:\WINDOWS\system32\iSBHNXbc.ini
    C:\WINDOWS\system32\iSBHNXbc.ini2
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\omrexgfc.ini
    C:\WINDOWS\system32\qoMfcYst.dll
    C:\WINDOWS\system32\sqhyutdf.ini
    C:\WINDOWS\system32\tsYcfMoq.ini
    C:\WINDOWS\system32\tsYcfMoq.ini2
    C:\WINDOWS\system32\tuvTnlIb.dll
    C:\WINDOWS\system32\vhyuyngq.ini
    C:\WINDOWS\system32\vtUmLbcb.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-29 22:11 . 2008-06-29 22:06 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-06-29 22:11 . 2008-06-29 22:11 2,554 --a------ C:\WINDOWS\unins000.dat
    2008-06-29 18:29 . 2008-06-29 18:29 103,424 --a------ C:\WINDOWS\system32\jvkmhpgw.dll
    2008-06-29 18:29 . 2008-06-29 18:29 103,424 --a------ C:\WINDOWS\system32\jaxwfr.dll
    2008-06-29 18:29 . 2008-06-29 18:29 90,624 --a------ C:\WINDOWS\system32\defwnrvj.dll
    2008-06-29 18:29 . 2008-06-29 18:29 82,432 --a------ C:\WINDOWS\system32\cfgxermo.dll
    2008-06-29 18:15 . 2008-06-29 18:15 103,424 --a------ C:\WINDOWS\system32\pxiuep.dll
    2008-06-29 18:15 . 2008-06-29 18:15 103,424 --a------ C:\WINDOWS\system32\jchyhrbt.dll
    2008-06-29 18:15 . 2008-06-29 18:15 90,624 --a------ C:\WINDOWS\system32\drcgoxps.dll
    2008-06-29 02:54 . 2008-06-29 02:54 <REP> d-------- C:\Program Files\Lavasoft
    2008-06-29 02:54 . 2008-06-29 02:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-28 17:53 . 2008-06-28 17:53 103,424 --a------ C:\WINDOWS\system32\yfhldm.dll
    2008-06-28 17:53 . 2008-06-28 17:53 103,424 --a------ C:\WINDOWS\system32\skxwjvmu.dll
    2008-06-28 17:51 . 2008-06-28 17:51 90,624 --a------ C:\WINDOWS\system32\ewgfbivc.dll
    2008-06-28 17:34 . 2008-06-28 17:34 <REP> d-------- C:\Documents and Settings\user\Application Data\Grisoft
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-06-28 17:21 . 2007-10-19 21:40 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-06-28 17:21 . 2008-06-28 17:21 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-06-28 17:15 . 2008-06-28 18:30 <REP> d-------- C:\Program Files\RegCleaner
    2008-06-28 17:15 . 2008-06-28 17:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-06-28 17:15 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-06-28 17:14 . 2008-06-28 17:14 <REP> d-------- C:\Program Files\Windows Defender
    2008-06-28 17:08 . 2008-06-28 17:08 103,424 --a------ C:\WINDOWS\system32\farsar.dll
    2008-06-28 17:08 . 2008-06-28 17:08 103,424 --a------ C:\WINDOWS\system32\alcpheaw.dll
    2008-06-28 17:08 . 2008-06-28 17:08 90,624 --a------ C:\WINDOWS\system32\jemstaoh.dll
    2008-06-28 16:07 . 2008-06-28 17:01 <REP> d-------- C:\VundoFix Backups
    2008-06-28 16:04 . 2008-06-28 16:04 103,424 --a------ C:\WINDOWS\system32\tewnfwkt.dll
    2008-06-28 16:04 . 2008-06-28 16:04 103,424 --a------ C:\WINDOWS\system32\azzomb.dll
    2008-06-28 16:01 . 2008-06-28 16:01 90,624 --a------ C:\WINDOWS\system32\mcrameje.dll
    2008-06-28 15:28 . 2008-06-28 15:28 103,424 --a------ C:\WINDOWS\system32\nuahyqbj.dll
    2008-06-28 15:28 . 2008-06-28 15:28 103,424 --a------ C:\WINDOWS\system32\josdht.dll
    2008-06-28 15:28 . 2008-06-28 15:28 90,624 --a------ C:\WINDOWS\system32\psmxpxhv.dll
    2008-06-28 15:13 . 2008-06-28 15:13 357,768 --a------ C:\Documents and Settings\user\SymXPep2.dll
    2008-06-28 06:49 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
    2008-06-28 06:48 . 2008-06-28 06:50 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
    2008-06-28 06:15 . 2008-06-28 06:15 <REP> d-------- C:\Program Files\Ulead Systems
    2008-06-28 01:10 . 2008-06-28 18:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-28 01:10 . 2008-06-28 01:10 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-21 03:12 . 2008-06-21 03:12 127 --a------ C:\WINDOWS\system32\MRT.INI
    2008-06-17 20:16 . 2008-06-19 17:08 <REP> d-------- C:\Documents and Settings\user\Application Data\SPORE Creature Creator
    2008-06-14 02:08 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-14 02:08 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
    2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
    2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
    2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
    2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
    2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
    2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
    2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
    2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
    2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
    2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
    2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
    2008-06-03 11:02 . 2003-03-02 17:44 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
    2008-06-03 11:02 . 2003-04-19 00:32 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
    2008-06-03 02:56 . 2008-06-03 02:56 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-05-31 04:13 . 2008-05-31 04:13 <REP> d-------- C:\Program Files\CCleaner

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-29 21:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-06-29 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-29 20:02 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-06-29 14:09 --------- d-----w C:\Program Files\Steam
    2008-06-29 00:53 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-29 00:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-28 13:13 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-06-28 04:49 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-06-28 04:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-28 04:17 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2008-06-28 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-06-28 00:10 --------- d-----w C:\Program Files\DivX
    2008-06-25 00:44 --------- d-----w C:\Program Files\Xfire
    2008-06-22 19:36 --------- d-----w C:\Program Files\MediaCoder
    2008-06-19 14:50 --------- d-----w C:\Documents and Settings\user\Application Data\Dr. DivX 2.0 OSS
    2008-06-14 02:56 --------- d-----w C:\Documents and Settings\user\Application Data\FileZilla
    2008-06-14 02:34 --------- d-----w C:\Documents and Settings\user\Application Data\XnView
    2008-06-10 23:27 --------- d-----w C:\Documents and Settings\user\Application Data\Creative
    2008-06-09 22:13 --------- d-----w C:\Documents and Settings\user\Application Data\Xfire
    2008-06-05 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
    2008-06-05 14:50 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-06-05 14:50 --------- d-----w C:\Documents and Settings\user\Application Data\SystemRequirementsLab
    2008-06-02 22:05 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-06-02 22:05 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-06-02 22:05 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-06-02 22:05 --------- d-----w C:\Program Files\Symantec
    2008-06-01 00:51 --------- d-----w C:\Program Files\Java
    2008-05-26 13:28 --------- d-----w C:\Program Files\BitComet
    2008-05-24 22:04 --------- d-----w C:\Documents and Settings\user\Application Data\X-Chat 2
    2008-05-24 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
    2008-05-22 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\winamp
    2008-05-21 17:12 --------- d-----w C:\Documents and Settings\user\Application Data\Bioshock
    2008-05-12 14:09 --------- d-----w C:\Program Files\Webcam Video Capture
    2008-05-12 00:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
    2008-05-11 07:33 --------- d-----w C:\Program Files\OpenAL
    2008-05-08 15:14 --------- d-----w C:\Documents and Settings\user\Application Data\Ankh
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-04-29 17:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-29 17:53 22,328 ----a-w C:\Documents and Settings\user\Application Data\PnkBstrK.sys
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-04 13:53 1 ----a-w C:\Documents and Settings\user\SI.bin
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    2008-02-03 20:04 116088 --a------ C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c425158d-9409-49b9-a78e-98040675ae91}]
    2008-06-29 18:29 103424 --a------ C:\WINDOWS\system32\jaxwfr.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 21:09 700416]
    "Fraps"="D:\FRAPS\FRAPS.EXE" [2006-10-26 11:44 2838528]
    "Steam"="c:\program files\steam\steam.exe" [2008-03-30 18:45 1271032]
    "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2006-06-23 19:00 3394048]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27 219520]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-19 22:13 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 16126464 C:\WINDOWS\RTHDCPL.exe]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 19:07 8491008]
    "nwiz"="nwiz.exe" [2007-09-16 19:07 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 19:07 81920]
    "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43 331776]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
    "WinampAgent"="D:\winamp\winampa.exe" [2007-12-20 17:16 37376]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 22:53 714608]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-16 03:29 185896]
    "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "f4da617c"="C:\WINDOWS\system32\cfgxermo.dll" [2008-06-29 18:29 82432]
    "Kernel and Hardware Abstraction Layer"="KHALmnr" []
    "BMf7e952e0"="C:\WINDOWS\system32\defwnrvj.dll" [2008-06-29 18:29 90624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "vidc.yv12"= yv12vfw.dll
    "VIDC.XFR1"= xfcodec.dll
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
    --a------ 2007-03-03 14:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\Steam\\steamapps\\khorzeam\\team fortress 2\\hl2.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "22349:TCP"= 22349:TCP:BitComet 22349 TCP
    "22349:UDP"= 22349:UDP:BitComet 22349 UDP
    "12601:TCP"= 12601:TCP:BitComet 12601 TCP
    "12601:UDP"= 12601:UDP:BitComet 12601 UDP

    R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon []
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 08:12]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 11:03]
    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-24 08:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-06-29 21:34:47 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-06-23 20:14:44 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - user.job"

    Et voici celui d'hijackis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:39, on 2008-06-30
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\winamp\winampa.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    D:\FRAPS\FRAPS.EXE
    C:\program files\steam\steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\user\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: {19ea5760-4089-e87a-9b94-9049d851524c} - {c425158d-9409-49b9-a78e-98040675ae91} - C:\WINDOWS\system32\jaxwfr.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] D:\winamp\winampa.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [f4da617c] rundll32.exe "C:\WINDOWS\system32\cfgxermo.dll",b
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALmnr
    O4 - HKLM\..\Run: [BMf7e952e0] Rundll32.exe "C:\WINDOWS\system32\defwnrvj.dll",s
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA4.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 10161 bytes


    ;) 
    a b 9 Windows
    30 Juin 2008 02:01:25

    tu n'as pas désactivé TEATIMER de Spybot.
    30 Juin 2008 02:07:27

    Pourtant si...J'ai bien lu les recommandations, par contre ce qui peut clocher c'est que j'ai pas trouvé le teatimer dans "startup"... :/ 
    a b 9 Windows
    30 Juin 2008 02:14:55

    il est dans les réglages sybot: "mode" avancé, outil, résident.
    30 Juin 2008 02:40:22

    Oui celui ci je l'ai décoché, mais dans le premier lien donné par Merrillym ça parlait également d'un autre teatimer dans startup, enfin je vais revoir tout ça via le second lien (encore merci) et refaire au pire un autre combofix, car là mon prob n'est pas encore réglé j'ai encore ces foutus spam qui s'ouvrent... -_-
    a b 9 Windows
    30 Juin 2008 10:34:25

    je n'ai pas etudié le combofix, mais as-tu essayé avec hijackthis de fixer ces lignes?:

    O2 - BHO: (no name) - {2E178428-068C-4EA7-AEE9-7A754E444EB8} - C:\WINDOWS\system32\qoMfcYst.dll

    O2 - BHO: {19ea5760-4089-e87a-9b94-9049d851524c} - {c425158d-9409-49b9-a78e-98040675ae91} - C:\WINDOWS\system32\jaxwfr.dll

    O4 - HKLM\..\Run: [BMf7e952e0] Rundll32.exe "C:\WINDOWS\system32\defwnrvj.dll",s

    O4 - HKLM\..\Run: [f4da617c] rundll32.exe "C:\WINDOWS\system32\cfgxermo.dll",b

    Ensuite, vides tes cookies dans ton navigateur,
    et passes un coup de SPYBOT
    30 Juin 2008 12:13:39

    khobbs,

    Je te réponds d'ici peu, ne suis pas les directives de bilox2000, sinon ça va faire un vrai cafouillage :) 

    ***

    Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

    Je te conseille de désinstaller et de supprimer tous tes logiciels de p2p : 50% de ce que tu télécharges via p2p est piégé. Le p2p est le premier vecteur d'infection de nos jours.

    ***

    Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

    Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

    Citation :
    File::
    C:\WINDOWS\system32\jvkmhpgw.dll
    C:\WINDOWS\system32\jaxwfr.dll
    C:\WINDOWS\system32\defwnrvj.dll
    C:\WINDOWS\system32\cfgxermo.dll
    C:\WINDOWS\system32\pxiuep.dll
    C:\WINDOWS\system32\jchyhrbt.dll
    C:\WINDOWS\system32\drcgoxps.dll
    C:\WINDOWS\system32\yfhldm.dll
    C:\WINDOWS\system32\skxwjvmu.dll
    C:\WINDOWS\system32\ewgfbivc.dll
    C:\WINDOWS\system32\farsar.dll
    C:\WINDOWS\system32\alcpheaw.dll
    C:\WINDOWS\system32\jemstaoh.dll
    C:\WINDOWS\system32\tewnfwkt.dll
    C:\WINDOWS\system32\azzomb.dll
    C:\WINDOWS\system32\mcrameje.dll
    C:\WINDOWS\system32\nuahyqbj.dll
    C:\WINDOWS\system32\josdht.dll
    C:\WINDOWS\system32\psmxpxhv.dll

    FileLook::
    C:\WINDOWS\system32\BtCoreIf.dll
    C:\Documents and Settings\user\SymXPep2.dll

    Folder::
    C:\VundoFix Backups

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c425158d-9409-49b9-a78e-98040675ae91}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "f4da617c"=-
    "BMf7e952e0"=-


    => Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colles y le texte (CTRL + V)
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc Notes

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



    * Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    * Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
    Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
    * Poste un nouveau rapport hijackthis.

    ;) 
    30 Juin 2008 16:52:33

    Rebonjour,

    voici le log combofix :

    Citation :
    ComboFix 08-06-20.4 - user 2008-06-30 16:42:40.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1394 [GMT 2:00]
    Endroit: C:\Documents and Settings\user\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\user\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\alcpheaw.dll
    C:\WINDOWS\system32\azzomb.dll
    C:\WINDOWS\system32\cfgxermo.dll
    C:\WINDOWS\system32\defwnrvj.dll
    C:\WINDOWS\system32\drcgoxps.dll
    C:\WINDOWS\system32\ewgfbivc.dll
    C:\WINDOWS\system32\farsar.dll
    C:\WINDOWS\system32\jaxwfr.dll
    C:\WINDOWS\system32\jchyhrbt.dll
    C:\WINDOWS\system32\jemstaoh.dll
    C:\WINDOWS\system32\josdht.dll
    C:\WINDOWS\system32\jvkmhpgw.dll
    C:\WINDOWS\system32\mcrameje.dll
    C:\WINDOWS\system32\nuahyqbj.dll
    C:\WINDOWS\system32\psmxpxhv.dll
    C:\WINDOWS\system32\pxiuep.dll
    C:\WINDOWS\system32\skxwjvmu.dll
    C:\WINDOWS\system32\tewnfwkt.dll
    C:\WINDOWS\system32\yfhldm.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\VundoFix Backups
    C:\VundoFix Backups\addmorefiles.txt
    C:\VundoFix Backups\awtsQIaw.dll.bad
    C:\VundoFix Backups\geBrpoOF.dll.bad
    C:\VundoFix Backups\khfEVLEu.dll.bad
    C:\VundoFix Backups\ljJYpMca.dll.bad
    C:\VundoFix Backups\nnnoOfdB.dll.bad
    C:\VundoFix Backups\qoMfcDuu.dll.bad
    C:\VundoFix Backups\rqRJYpqO.dll.bad
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\alcpheaw.dll
    C:\WINDOWS\system32\azzomb.dll
    C:\WINDOWS\system32\cfgxermo.dll
    C:\WINDOWS\system32\defwnrvj.dll
    C:\WINDOWS\system32\drcgoxps.dll
    C:\WINDOWS\system32\ewgfbivc.dll
    C:\WINDOWS\system32\farsar.dll
    C:\WINDOWS\system32\jaxwfr.dll
    C:\WINDOWS\system32\jchyhrbt.dll
    C:\WINDOWS\system32\jemstaoh.dll
    C:\WINDOWS\system32\josdht.dll
    C:\WINDOWS\system32\jvkmhpgw.dll
    C:\WINDOWS\system32\mcrameje.dll
    C:\WINDOWS\system32\nuahyqbj.dll
    C:\WINDOWS\system32\psmxpxhv.dll
    C:\WINDOWS\system32\pxiuep.dll
    C:\WINDOWS\system32\skxwjvmu.dll
    C:\WINDOWS\system32\tewnfwkt.dll
    C:\WINDOWS\system32\yfhldm.dll
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\BMf7e952e0.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\bcbLmUtv.ini
    C:\WINDOWS\system32\bcbLmUtv.ini2
    C:\WINDOWS\system32\bIlnTvut.ini
    C:\WINDOWS\system32\bIlnTvut.ini2
    C:\WINDOWS\system32\cbXNHBSi.dll
    C:\WINDOWS\system32\dvaxrhst.ini
    C:\WINDOWS\system32\eqdfcrfw.ini
    C:\WINDOWS\system32\gvgxaygd.ini
    C:\WINDOWS\system32\iSBHNXbc.ini
    C:\WINDOWS\system32\iSBHNXbc.ini2
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\omrexgfc.ini
    C:\WINDOWS\system32\qoMfcYst.dll
    C:\WINDOWS\system32\sqhyutdf.ini
    C:\WINDOWS\system32\tsYcfMoq.ini
    C:\WINDOWS\system32\tsYcfMoq.ini2
    C:\WINDOWS\system32\tuvTnlIb.dll
    C:\WINDOWS\system32\vhyuyngq.ini
    C:\WINDOWS\system32\vtUmLbcb.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-30 04:35 . 2008-06-30 04:35 <REP> d-------- C:\Program Files\Fichiers communs\Pinnacle
    2008-06-30 04:35 . 2005-09-23 23:18 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
    2008-06-30 04:34 . 2008-06-30 04:34 <REP> dr------- C:\Documents and Settings\user\Mes documents
    2008-06-30 04:34 . 2008-06-30 04:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
    2008-06-30 04:29 . 2008-06-30 04:29 <REP> d-------- C:\Program Files\Pinnacle
    2008-06-30 04:29 . 2008-06-30 04:29 <REP> d-------- C:\Program Files\Fichiers communs\Yahoo!
    2008-06-30 04:29 . 2008-06-30 04:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Studio 12
    2008-06-30 04:29 . 2008-06-30 04:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
    2008-06-30 04:23 . 2008-06-30 04:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-06-30 04:06 . 2008-06-30 04:06 <REP> d-------- C:\divx
    2008-06-30 01:05 . 2008-06-30 16:21 414 ---hs---- C:\WINDOWS\system32\omrexgfc.ini
    2008-06-30 01:05 . 2008-06-30 01:05 0 --a------ C:\WINDOWS\BMf7e952e0.xml
    2008-06-29 22:11 . 2008-06-29 22:06 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-06-29 22:11 . 2008-06-29 22:11 2,554 --a------ C:\WINDOWS\unins000.dat
    2008-06-29 02:54 . 2008-06-29 02:54 <REP> d-------- C:\Program Files\Lavasoft
    2008-06-29 02:54 . 2008-06-29 02:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-28 17:34 . 2008-06-28 17:34 <REP> d-------- C:\Documents and Settings\user\Application Data\Grisoft
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-06-28 17:21 . 2007-10-19 21:40 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-06-28 17:21 . 2008-06-28 17:21 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-06-28 17:15 . 2008-06-28 18:30 <REP> d-------- C:\Program Files\RegCleaner
    2008-06-28 17:15 . 2008-06-28 17:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-06-28 17:15 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-06-28 17:14 . 2008-06-28 17:14 <REP> d-------- C:\Program Files\Windows Defender
    2008-06-28 15:13 . 2008-06-28 15:13 357,768 --a------ C:\Documents and Settings\user\SymXPep2.dll
    2008-06-28 06:49 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
    2008-06-28 06:48 . 2008-06-28 06:50 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
    2008-06-28 06:15 . 2008-06-28 06:15 <REP> d-------- C:\Program Files\Ulead Systems
    2008-06-28 01:10 . 2008-06-28 18:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-28 01:10 . 2008-06-28 01:10 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-21 03:12 . 2008-06-21 03:12 127 --a------ C:\WINDOWS\system32\MRT.INI
    2008-06-17 20:16 . 2008-06-19 17:08 <REP> d-------- C:\Documents and Settings\user\Application Data\SPORE Creature Creator
    2008-06-14 02:08 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-14 02:08 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
    2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
    2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
    2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
    2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
    2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
    2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
    2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
    2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
    2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
    2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
    2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
    2008-06-03 11:02 . 2003-03-02 17:44 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
    2008-06-03 11:02 . 2003-04-19 00:32 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
    2008-06-03 02:56 . 2008-06-03 02:56 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-05-31 04:13 . 2008-05-31 04:13 <REP> d-------- C:\Program Files\CCleaner
    2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-05-25 14:51 . 2008-05-25 15:14 23 --a------ C:\WINDOWS\BlendSettings.ini
    2008-05-24 23:44 . 2008-05-25 00:04 <REP> d-------- C:\Documents and Settings\user\Application Data\X-Chat 2
    2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
    2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
    2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
    2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-22 20:27 . 2008-06-21 03:54 347 --ahs---- C:\WINDOWS\system32\llUCKnnn.ini
    2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
    2008-05-13 12:35 . 2008-05-13 12:35 189,712 --a------ C:\WINDOWS\system32\RALMain.dll
    2008-05-13 12:34 . 2008-05-13 12:34 38,160 --a------ C:\WINDOWS\system32\MLPagAx.dll
    2008-05-13 12:32 . 2008-05-13 12:32 54,544 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
    2008-05-12 17:28 . 2008-05-24 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
    2008-05-11 21:51 . 2008-06-30 04:47 8,192 --ahs---- C:\WINDOWS\Thumbs.db
    2008-05-11 21:36 . 2008-05-12 16:09 <REP> d-------- C:\Program Files\Webcam Video Capture
    2008-05-11 09:35 . 2008-05-12 02:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
    2008-05-11 09:33 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
    2008-05-11 09:33 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
    2008-05-11 09:33 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp321.tmp
    2008-05-11 09:33 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp320.tmp
    2008-05-11 09:33 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
    2008-05-11 09:33 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
    2008-05-11 09:33 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
    2008-05-11 09:33 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
    2008-05-08 17:14 . 2008-05-08 17:14 <REP> d-------- C:\Documents and Settings\user\Application Data\Ankh
    2008-05-05 19:17 . 2008-05-05 19:17 40 --a------ C:\WINDOWS\NAVIGMA.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-30 14:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-30 14:37 --------- d-----w C:\Program Files\Steam
    2008-06-30 14:36 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-06-30 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-30 03:01 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-06-30 02:02 --------- d-----w C:\Program Files\DivX
    2008-06-29 23:07 --------- d-----w C:\Documents and Settings\user\Application Data\Xfire
    2008-06-29 21:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-06-29 00:53 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-28 04:49 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-06-28 04:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-28 04:17 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2008-06-28 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-06-25 00:44 --------- d-----w C:\Program Files\Xfire
    2008-06-22 19:36 --------- d-----w C:\Program Files\MediaCoder
    2008-06-19 14:50 --------- d-----w C:\Documents and Settings\user\Application Data\Dr. DivX 2.0 OSS
    2008-06-14 02:56 --------- d-----w C:\Documents and Settings\user\Application Data\FileZilla
    2008-06-14 02:34 --------- d-----w C:\Documents and Settings\user\Application Data\XnView
    2008-06-10 23:27 --------- d-----w C:\Documents and Settings\user\Application Data\Creative
    2008-06-05 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
    2008-06-05 14:50 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-06-05 14:50 --------- d-----w C:\Documents and Settings\user\Application Data\SystemRequirementsLab
    2008-06-02 22:05 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-06-02 22:05 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-06-02 22:05 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-06-02 22:05 --------- d-----w C:\Program Files\Symantec
    2008-06-01 00:51 --------- d-----w C:\Program Files\Java
    2008-05-26 13:28 --------- d-----w C:\Program Files\BitComet
    2008-05-22 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\winamp
    2008-05-21 17:12 --------- d-----w C:\Documents and Settings\user\Application Data\Bioshock
    2008-05-11 07:33 --------- d-----w C:\Program Files\OpenAL
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-04-29 17:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-29 17:53 22,328 ----a-w C:\Documents and Settings\user\Application Data\PnkBstrK.sys
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-04 13:53 1 ----a-w C:\Documents and Settings\user\SI.bin
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .


    ---- C:\Documents and Settings\user\SymXPep2.dll ----
    Company: Symantec Corporation
    File Description: SymXPep2 ActiveX Control
    File Version: 1.0.0.4
    Product Name: Symantec Shared Components
    Copyright: Copyright (c) 2007 Symantec Corporation. All rights reserved.
    Original file name: SymXPep2.dll
    MD5: 632dfd6a7c80d9be52e8f0d9b6d108fa


    ---- C:\WINDOWS\system32\BtCoreIf.dll ----
    Company: Broadcom Corporation.
    File Description: Bluetooth Connection Wizard Application
    File Version: 5.1.0.3600
    Product Name: Bluetooth Software
    Copyright: Copyright 2000-2007, Broadcom Corporation.
    Original file name: BTConnWizard.exe
    MD5: 8020b7ebd363fd903d68c1dc68390c01


    ((((((((((((((((((((((((((((( snapshot@2008-06-30_ 1.08.35.77 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-06-30 02:20:38 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2008-06-30 02:20:49 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2008-06-30 02:20:50 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2008-06-30 02:20:50 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2008-06-30 02:20:46 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2008-06-30 02:20:34 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2008-06-30 02:20:34 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2008-06-30 02:20:55 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2008-06-30 02:20:42 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2008-06-30 02:20:38 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2008-06-30 02:20:34 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2008-06-30 02:20:35 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2008-06-30 02:20:48 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2008-06-30 02:20:48 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2008-06-30 02:20:49 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2008-06-30 02:20:36 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2008-06-30 02:20:36 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2008-06-30 02:20:37 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2008-06-30 02:20:37 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2008-06-30 02:20:36 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2008-06-30 02:20:57 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2008-06-30 02:20:57 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2008-06-30 02:20:32 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2008-06-30 02:20:57 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2008-06-30 02:20:58 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2008-06-30 02:20:33 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2008-06-30 02:20:32 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2008-06-30 02:20:33 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2008-06-30 02:20:53 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2008-06-30 02:20:39 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2008-06-30 02:20:53 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2008-06-30 02:20:51 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2008-06-30 02:20:35 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2008-06-30 02:20:47 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2008-06-30 02:20:40 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2008-06-30 02:20:40 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2008-06-30 02:20:41 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2008-06-30 02:20:54 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2008-06-30 02:20:52 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2008-06-30 02:20:55 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2008-06-30 02:20:52 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2008-06-30 02:20:52 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2008-06-30 02:20:38 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2008-06-30 02:20:41 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2008-06-30 02:20:56 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2008-06-30 02:20:43 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2008-06-30 02:20:43 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2008-06-30 02:20:44 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2008-06-30 02:20:45 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2008-06-30 02:20:54 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2008-06-30 03:06:43 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c3731a8989ba9b46a106ade6943f4aaf\Accessibility.ni.dll
    + 2008-06-30 03:06:47 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\35d4dfdfa3f6b94987c0c0a4a0b8d284\AspNetMMCExt.ni.dll
    + 2008-06-30 03:06:47 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\cfe2bf6d1cb96544a4d68688670efaef\CustomMarshalers.ni.dll
    + 2008-06-30 03:06:47 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\b87a5c50ce97b441a071e43398587711\dfsvc.ni.exe
    + 2008-06-30 03:06:49 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5b6a0fdf4870ad41999ef180a12d4fb1\Microsoft.Build.Engine.ni.dll
    + 2008-06-30 03:06:49 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9138db78071f2b49b364b6a1cd2943d5\Microsoft.Build.Framework.ni.dll
    + 2008-06-30 03:06:52 1,691,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\17ec32923bb1db4ca69afdb5216a7a58\Microsoft.Build.Tasks.ni.dll
    + 2008-06-30 03:06:52 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f21661ec4755bd4fbfc13bc12084a7de\Microsoft.Build.Utilities.ni.dll
    + 2008-06-30 03:06:54 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ededc45f3be1274cb5b7fa6d57640fd2\Microsoft.VisualBasic.ni.dll
    + 2008-06-30 02:21:17 11,411,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\80eac6f4b0b15044b0a229599c679737\mscorlib.ni.dll
    + 2008-06-30 03:06:55 962,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b0f4c9a45ea6bd4499c035f5d0af5be2\System.Configuration.ni.dll
    + 2008-06-30 02:21:58 6,688,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\4226378f3f275e4fb590bb1c885a0d9f\System.Data.ni.dll
    + 2008-06-30 03:06:56 1,716,224 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\9f245706e06e864682fe53dd947046d0\System.Deployment.ni.dll
    + 2008-06-30 02:22:11 10,723,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\4ac61d556dc091409c7de3e20881d484\System.Design.ni.dll
    + 2008-06-30 03:06:57 1,220,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\09fbead7838600429532701d99a96903\System.DirectoryServices.ni.dll
    + 2008-06-30 03:06:58 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b43f3d6f58c767419aaadb1f1b3f1cfa\System.DirectoryServices.Protocols.ni.dll
    + 2008-06-30 02:21:33 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ba8450bbd41a1e488cacabd0ee9168a0\System.Drawing.Design.ni.dll
    + 2008-06-30 02:21:37 1,626,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9294249399aa9b43912c8c27deccd3af\System.Drawing.ni.dll
    + 2008-06-30 03:06:59 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\10338c1be5b6c3489ebeae0487866de2\System.EnterpriseServices.ni.dll
    + 2008-06-30 03:06:58 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\10338c1be5b6c3489ebeae0487866de2\System.EnterpriseServices.Wrapper.dll
    + 2008-06-30 03:06:59 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\bb10149c80747a41a74b217e8c1e5148\System.Security.ni.dll
    + 2008-06-30 03:07:00 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\253a8d53d2e0ea49bb25516ffeed780f\System.Transactions.ni.dll
    + 2008-06-30 03:07:14 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\1127ea42d1a94f4fbe6e1d76ca37bf08\System.Web.Mobile.ni.dll
    + 2008-06-30 03:07:14 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\c006629610fb9849abc6940a93c854ce\System.Web.RegularExpressions.ni.dll
    + 2008-06-30 03:07:16 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1c121b7448f7ba40af6788c38ac32a20\System.Web.Services.ni.dll
    + 2008-06-30 03:07:10 11,808,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\c957cdabf221e84ebf147b7e6bb97286\System.Web.ni.dll
    + 2008-06-30 02:21:46 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f6c54a7e2cec9440a89d5a2d387fb0ed\System.Windows.Forms.ni.dll
    + 2008-06-30 02:21:52 5,640,192 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fbc7069cf99c7d4780d261281b19b488\System.Xml.ni.dll
    + 2008-06-30 02:21:32 8,093,696 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\7ab23b1b6c6e0e41873d9712149210cf\System.ni.dll
    - 2008-06-29 21:31:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-30 14:45:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-30 02:33:31 40,960 ----a-r C:\WINDOWS\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_AMCap.exe
    + 2008-06-30 02:33:31 49,152 ----a-r C:\WINDOWS\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Check3D.exe
    + 2008-06-30 02:33:32 69,632 ----a-r C:\WINDOWS\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ContentTransfer.exe
    + 2008-06-30 02:33:31 434,176 ----a-r C:\WINDOWS\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_GuidedTour.exe
    + 2008-06-30 02:33:32 45,056 ----a-r C:\WINDOWS\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Help_HH.exe
    + 2008-06-30 02:33:32 65,536 ----a-r C:\WINDOWS\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ReadMe.exe
    + 2008-06-30 02:33:31 69,632 ----a-r C:\WINDOWS\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\Studio.exe
    + 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
    + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
    + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
    + 2005-09-23 05:29:04 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
    + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
    + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
    + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
    + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
    + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
    + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
    + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
    + 2005-09-23 05:29:04 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
    + 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
    + 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
    + 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2005-09-23 05:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    + 2005-09-23 05:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    + 2005-09-23 05:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    + 2005-09-23 05:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    + 2005-09-23 05:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    + 2005-09-23 05:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    + 2005-09-23 05:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    + 2005-09-23 05:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
    + 2005-09-23 05:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2005-09-23 05:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    + 2005-09-23 05:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    + 2005-09-23 05:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2005-09-23 05:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2005-09-23 05:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2005-09-23 05:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    + 2005-09-23 05:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2005-09-23 05:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    + 2005-09-23 05:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2005-09-23 05:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2005-09-23 05:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2005-09-23 05:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    + 2005-09-23 05:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2005-09-23 05:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
    + 2005-09-23 05:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    + 2005-09-23 05:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    + 2005-09-23 05:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    + 2005-09-23 05:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    + 2005-09-23 05:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    + 2005-09-23 05:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    + 2005-09-23 05:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2005-09-23 05:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    + 2005-09-23 05:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    + 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    + 2005-09-23 05:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    + 2005-09-23 05:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    + 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    + 2005-09-23 05:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    + 2005-09-23 05:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    + 2005-09-23 05:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    + 2005-09-23 05:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    + 2005-09-23 05:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    + 2005-09-23 05:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
    + 2005-09-23 05:01:16 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    + 2005-09-23 04:29:48 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
    + 2005-09-23 04:32:24 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
    + 2005-09-23 04:34:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
    + 2005-09-23 04:34:12 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
    + 2005-09-23 04:34:44 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
    + 2005-09-23 04:36:24 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
    + 2005-09-23 01:46:14 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
    + 2005-09-23 04:38:26 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
    + 2005-09-23 04:38:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
    + 2005-09-23 04:40:30 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
    + 2005-09-23 04:40:32 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
    + 2005-09-23 04:40:56 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
    + 2005-09-23 04:42:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
    + 2005-09-23 04:44:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
    + 2005-09-23 04:46:38 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
    + 2005-09-23 04:46:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
    + 2005-09-23 04:46:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
    + 2005-09-23 04:47:04 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
    + 2005-09-23 04:47:30 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
    + 2005-09-23 04:47:32 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
    + 2005-09-23 04:47:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
    + 2005-09-23 04:30:18 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
    + 2005-09-23 04:47:06 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
    + 2005-09-23 04:29:50 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
    + 2005-09-23 04:36:48 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
    + 2005-09-23 05:57:06 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
    + 2005-09-23 05:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    + 2005-09-23 05:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    + 2005-09-23 05:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    + 2005-09-23 05:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    + 2005-09-23 05:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    + 2005-09-23 05:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2005-09-23 05:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    + 2005-09-23 05:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
    + 2005-09-23 05:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    + 2005-09-23 05:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    + 2005-09-23 05:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    + 2005-09-23 05:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2005-09-23 05:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    + 2005-09-23 05:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    + 2005-09-23 05:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
    + 2005-09-23 05:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2005-09-23 05:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    + 2005-09-23 05:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    + 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    + 2005-09-23 05:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2005-09-23 05:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    + 2005-09-23 05:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2005-09-23 05:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    + 2005-09-23 05:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    + 2005-09-23 05:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    + 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    + 2005-09-23 05:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    + 2005-09-23 05:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    + 2005-09-23 05:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    + 2005-09-23 05:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2005-09-23 05:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    + 2005-09-23 05:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    + 2005-09-23 05:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    + 2005-09-23 05:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    + 2005-09-23 05:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2005-09-23 05:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    + 2005-09-23 05:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    + 2005-09-23 05:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    + 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2005-09-23 05:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
    + 2005-09-23 05:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    + 2005-09-23 05:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2005-09-23 05:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2005-09-23 05:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    + 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    + 2005-09-23 05:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    + 2005-09-23 05:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2005-09-23 05:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    + 2005-09-23 05:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    + 2005-09-23 05:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2005-09-23 05:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    + 2005-09-23 05:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    + 2005-09-23 05:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    + 2005-09-23 05:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    + 2005-09-23 05:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    + 2005-09-23 05:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2005-09-23 05:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    + 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    + 2005-09-23 05:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    + 2005-09-23 05:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    + 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2005-09-23 05:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    + 2005-09-23 05:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    + 2005-09-23 05:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2005-09-23 05:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
    + 2005-09-23 05:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
    + 2005-09-23 05:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    + 2005-09-23 05:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2005-09-23 05:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2005-09-23 05:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    + 2005-09-23 05:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    + 2005-09-23 05:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2005-09-23 05:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2005-09-23 05:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    + 2002-01-05 00:18:20 84,992 ----a-w C:\WINDOWS\system32\atl70.dll
    + 2005-09-23 05:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
    - 2007-12-11 22:33:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    + 2008-05-30 23:22:46 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    - 2007-12-11 22:33:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    + 2008-05-30 23:22:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    + 2008-05-30 23:22:46 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    - 2007-12-11 22:33:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    + 2008-05-30 23:22:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    - 2007-12-11 22:33:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    + 2008-05-30 23:22:48 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    - 2007-12-11 22:33:06 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    + 2008-05-30 23:22:54 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    - 2007-12-11 22:33:06 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    + 2008-05-30 23:22:54 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    - 2007-12-11 22:33:08 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    + 2008-05-30 23:22:58 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    - 2007-12-11 22:33:06 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    + 2008-05-30 23:22:54 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    - 2007-12-11 22:33:06 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    + 2008-05-30 23:22:54 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    - 2007-12-11 22:33:06 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    + 2008-05-30 23:22:54 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    + 2005-09-23 21:18:32 171,520 -c--a-w C:\WINDOWS\system32\DRVSTORE\MarvinBus_D2243026170F338889EB365780A159A73F977997\MarvinBus.sys
    + 2006-12-04 08:36:10 203,264 -c--a-w C:\WINDOWS\system32\DRVSTORE\PCLEBend_751CCE8DB684339E3B7C1F674E51E7966E991B50\bender.sys
    - 2008-06-19 13:18:10 300,440 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-06-30 14:20:33 375,264 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2007-01-26 00:04:12 27,648 ----a-w C:\WINDOWS\system32\ma32.dll
    + 2007-01-26 00:04:12 138,752 ----a-w C:\WINDOWS\system32\mase32.dll
    + 2002-01-05 02:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
    + 2002-01-05 02:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
    + 2003-03-18 19:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
    + 2005-09-23 05:28:52 270,848 ----a-w C:\WINDOWS\system32\mscoree.dll
    + 2005-09-23 05:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
    + 2005-09-23 05:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
    + 2002-01-05 01:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
    + 2002-01-05 01:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
    + 2002-01-05 01:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
    - 2007-08-24 16:17:38 96,256 ----a-w C:\WINDOWS\system32\msxml4r.dll
    + 2003-04-18 14:29:26 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
    + 2005-09-23 05:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
    + 2005-09-23 05:28:56 32,768 ----a-w C:\WINDOWS\system32\netfxperf.dll
    - 2008-06-29 02:04:02 40,972 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-06-30 14:26:31 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-06-29 02:04:02 49,734 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-06-30 14:26:31 72,366 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-06-29 02:04:02 314,644 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-06-30 14:26:31 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-06-29 02:04:02 370,832 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-06-30 14:26:31 461,404 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2007-06-21 20:55:02 401,408 ----a-w C:\WINDOWS\system32\pvmjpg30.dll
    + 2008-06-30 02:30:13 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
    + 2008-06-30 02:20:34 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2008-06-30 02:20:34 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    2008-02-03 20:04 116088 --a------ C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 21:09 700416]
    "Fraps"="D:\FRAPS\FRAPS.EXE" [2006-10-26 11:44 2838528]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27 219520]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-19 22:13 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 16126464 C:\WINDOWS\RTHDCPL.exe]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 19:07 8491008]
    "nwiz"="nwiz.exe" [2007-09-16 19:07 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 19:07 81920]
    "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43 331776]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
    "WinampAgent"="D:\winamp\winampa.exe" [2007-12-20 17:16 37376]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 22:53 714608]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-16 03:29 185896]
    "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "Kernel and Hardware Abstraction Layer"="KHALmnr" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.XFR1"= xfcodec.dll
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
    "vidc.mjpg"= pvmjpg30.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
    --a------ 2007-03-03 14:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\Steam\\steamapps\\khorzeam\\team fortress 2\\hl2.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
    "D:\\pinnacle\\Programs\\RM.exe"=
    "D:\\pinnacle\\Programs\\Studio.exe"=
    "D:\\pinnacle\\Programs\\umi.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "22349:TCP"= 22349:TCP:BitComet 22349 TCP
    "22349:UDP"= 22349:UDP:BitComet 22349 UDP
    "12601:TCP"= 12601:TCP:BitComet 12601 TCP
    "12601:UDP"= 12601:UDP:BitComet 12601 UDP

    R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon []
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 08:12]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 11:03]
    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-24 08:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-06-30 14:48:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-06-23 20:14:44 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - user.job"


    Et celui d'Hijackis :

    Citation :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:52, on 2008-06-30
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\winamp\winampa.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    D:\FRAPS\FRAPS.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Xfire\xfire.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\user\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] D:\winamp\winampa.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALmnr
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA4.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9770 bytes
    30 Juin 2008 17:29:58

    Re,

    Tu as bien viré tous tes cracks comme demandé ? :) 

    ***

    Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

    Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

    Citation :
    File::
    C:\WINDOWS\system32\omrexgfc.ini
    C:\WINDOWS\BMf7e952e0.xml
    C:\WINDOWS\system32\tmp321.tmp
    C:\WINDOWS\system32\tmp320.tmp
    C:\WINDOWS\system32\llUCKnnn.ini


    => Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colles y le texte (CTRL + V)
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc Notes

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



    * Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    * Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
    Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
    * Poste un nouveau rapport hijackthis.

    ;) 
    30 Juin 2008 17:31:51

    Désolé de passer pour un noob, mais j'ai pas compris de quels cracks tu parlais ?
    30 Juin 2008 17:33:09

    Re,

    As-tu des programmes téléchargés via le p2p, tu sais tout ces trucs qu'on télécharge gratuitement illégalement pour éviter de payer ?

    Si tu en as supprime-les, car ils sont responsables de l'infection et dès que tu en relanceras un, l'infection reviendra.

    ;) 
    30 Juin 2008 17:54:25

    Ah en effet, je vais supprimer ça, par contre ce qui est bizarre, c'est qu'avant ça marchait niquel ça plantait jamais malgrés mes telechargements.
    Mais bon ça m'apprendra à être un vulgaire pirate, je supprime ça et refait un log. ;) 
    30 Juin 2008 18:04:21

    Citation :
    Mais bon ça m'apprendra à être un vulgaire pirate, je supprime ça et refait un log.


    Ben cette fois-ci t'as choppé une sacrée merde :D 
    30 Juin 2008 19:47:42

    Voici les logs :

    Citation :
    ComboFix 08-06-20.4 - user 2008-06-30 18:11:31.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1432 [GMT 2:00]
    Endroit: C:\Documents and Settings\user\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\user\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\BMf7e952e0.xml
    C:\WINDOWS\system32\llUCKnnn.ini
    C:\WINDOWS\system32\omrexgfc.ini
    C:\WINDOWS\system32\tmp320.tmp
    C:\WINDOWS\system32\tmp321.tmp
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-30 18:06 . 2008-06-30 18:06 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
    2008-06-30 04:35 . 2008-06-30 04:35 <REP> d-------- C:\Program Files\Fichiers communs\Pinnacle
    2008-06-30 04:35 . 2005-09-23 23:18 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
    2008-06-30 04:34 . 2008-06-30 04:34 <REP> dr------- C:\Documents and Settings\user\Mes documents
    2008-06-30 04:34 . 2008-06-30 04:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
    2008-06-30 04:29 . 2008-06-30 04:29 <REP> d-------- C:\Program Files\Pinnacle
    2008-06-30 04:29 . 2008-06-30 04:29 <REP> d-------- C:\Program Files\Fichiers communs\Yahoo!
    2008-06-30 04:29 . 2008-06-30 04:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Studio 12
    2008-06-30 04:29 . 2008-06-30 04:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
    2008-06-30 04:23 . 2008-06-30 04:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-06-30 04:06 . 2008-06-30 04:06 <REP> d-------- C:\divx
    2008-06-29 22:11 . 2008-06-29 22:06 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-06-29 22:11 . 2008-06-29 22:11 2,554 --a------ C:\WINDOWS\unins000.dat
    2008-06-29 02:54 . 2008-06-29 02:54 <REP> d-------- C:\Program Files\Lavasoft
    2008-06-29 02:54 . 2008-06-29 02:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-28 17:34 . 2008-06-28 17:34 <REP> d-------- C:\Documents and Settings\user\Application Data\Grisoft
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-06-28 17:21 . 2007-10-19 21:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-06-28 17:21 . 2007-10-19 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-06-28 17:21 . 2008-06-28 17:21 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-06-28 17:15 . 2008-06-28 18:30 <REP> d-------- C:\Program Files\RegCleaner
    2008-06-28 17:15 . 2008-06-28 17:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-06-28 17:15 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-06-28 17:14 . 2008-06-28 17:14 <REP> d-------- C:\Program Files\Windows Defender
    2008-06-28 15:13 . 2008-06-28 15:13 357,768 --a------ C:\Documents and Settings\user\SymXPep2.dll
    2008-06-28 06:49 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
    2008-06-28 06:48 . 2008-06-28 06:50 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
    2008-06-28 06:15 . 2008-06-28 06:15 <REP> d-------- C:\Program Files\Ulead Systems
    2008-06-28 01:10 . 2008-06-30 18:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-28 01:10 . 2008-06-28 01:10 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-21 03:12 . 2008-06-21 03:12 127 --a------ C:\WINDOWS\system32\MRT.INI
    2008-06-17 20:16 . 2008-06-19 17:08 <REP> d-------- C:\Documents and Settings\user\Application Data\SPORE Creature Creator
    2008-06-14 02:08 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-14 02:08 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
    2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
    2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
    2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
    2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
    2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
    2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
    2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
    2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
    2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
    2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
    2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
    2008-06-03 11:02 . 2003-03-02 17:44 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
    2008-06-03 11:02 . 2003-04-19 00:32 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
    2008-06-03 02:56 . 2008-06-03 02:56 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-05-31 04:13 . 2008-05-31 04:13 <REP> d-------- C:\Program Files\CCleaner
    2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-05-25 14:51 . 2008-05-25 15:14 23 --a------ C:\WINDOWS\BlendSettings.ini
    2008-05-24 23:44 . 2008-05-25 00:04 <REP> d-------- C:\Documents and Settings\user\Application Data\X-Chat 2
    2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-05-23 00:19 . 2008-05-23 00:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
    2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
    2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
    2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
    2008-05-13 12:35 . 2008-05-13 12:35 189,712 --a------ C:\WINDOWS\system32\RALMain.dll
    2008-05-13 12:34 . 2008-05-13 12:34 38,160 --a------ C:\WINDOWS\system32\MLPagAx.dll
    2008-05-13 12:32 . 2008-05-13 12:32 54,544 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
    2008-05-12 17:28 . 2008-05-24 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
    2008-05-11 21:51 . 2008-06-30 04:47 8,192 --ahs---- C:\WINDOWS\Thumbs.db
    2008-05-11 21:36 . 2008-05-12 16:09 <REP> d-------- C:\Program Files\Webcam Video Capture
    2008-05-11 09:35 . 2008-05-12 02:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
    2008-05-11 09:33 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
    2008-05-11 09:33 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
    2008-05-11 09:33 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
    2008-05-11 09:33 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
    2008-05-11 09:33 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
    2008-05-11 09:33 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
    2008-05-08 17:14 . 2008-05-08 17:14 <REP> d-------- C:\Documents and Settings\user\Application Data\Ankh
    2008-05-05 19:17 . 2008-05-05 19:17 40 --a------ C:\WINDOWS\NAVIGMA.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-30 16:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-30 16:02 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-06-30 14:37 --------- d-----w C:\Program Files\Steam
    2008-06-30 14:36 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-06-30 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-30 02:02 --------- d-----w C:\Program Files\DivX
    2008-06-29 23:07 --------- d-----w C:\Documents and Settings\user\Application Data\Xfire
    2008-06-29 21:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-06-29 00:53 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-28 04:49 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-06-28 04:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-28 04:17 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2008-06-28 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-06-25 00:44 --------- d-----w C:\Program Files\Xfire
    2008-06-22 19:36 --------- d-----w C:\Program Files\MediaCoder
    2008-06-19 14:50 --------- d-----w C:\Documents and Settings\user\Application Data\Dr. DivX 2.0 OSS
    2008-06-14 02:56 --------- d-----w C:\Documents and Settings\user\Application Data\FileZilla
    2008-06-14 02:34 --------- d-----w C:\Documents and Settings\user\Application Data\XnView
    2008-06-10 23:27 --------- d-----w C:\Documents and Settings\user\Application Data\Creative
    2008-06-05 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
    2008-06-05 14:50 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-06-05 14:50 --------- d-----w C:\Documents and Settings\user\Application Data\SystemRequirementsLab
    2008-06-02 22:05 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-06-02 22:05 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2008-06-02 22:05 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-06-02 22:05 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-06-02 22:05 --------- d-----w C:\Program Files\Symantec
    2008-06-01 00:51 --------- d-----w C:\Program Files\Java
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-05-26 13:28 --------- d-----w C:\Program Files\BitComet
    2008-05-22 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\winamp
    2008-05-21 17:12 --------- d-----w C:\Documents and Settings\user\Application Data\Bioshock
    2008-05-11 07:33 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-05-11 07:33 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-05-11 07:33 --------- d-----w C:\Program Files\OpenAL
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-02 00:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll
    2008-05-02 00:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
    2008-05-02 00:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
    2008-05-02 00:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll
    2008-04-29 17:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-29 17:53 22,328 ----a-w C:\Documents and Settings\user\Application Data\PnkBstrK.sys
    2008-04-29 17:53 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-04-29 17:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2008-04-29 17:52 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-04 13:53 1 ----a-w C:\Documents and Settings\user\SI.bin
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot_2008-06-30_16.49.20.89 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-30 14:26:31 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-06-30 15:55:15 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-06-30 14:26:31 72,366 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-06-30 15:55:15 72,366 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-06-30 14:26:31 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-06-30 15:55:15 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-06-30 14:26:31 461,404 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-06-30 15:55:15 461,404 ----a-w C:\WINDOWS\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    2008-02-03 20:04 116088 --a------ C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 21:09 700416]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27 219520]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-19 22:13 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 16126464 C:\WINDOWS\RTHDCPL.exe]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 19:07 8491008]
    "nwiz"="nwiz.exe" [2007-09-16 19:07 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 19:07 81920]
    "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43 331776]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
    "WinampAgent"="D:\winamp\winampa.exe" [2007-12-20 17:16 37376]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 22:53 714608]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-16 03:29 185896]
    "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "Kernel and Hardware Abstraction Layer"="KHALmnr" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-03 02:56:46 3017040]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-28 06:49:48 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.XFR1"= xfcodec.dll
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
    "vidc.mjpg"= pvmjpg30.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
    --a------ 2007-03-03 14:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\Steam\\steamapps\\khorzeam\\team fortress 2\\hl2.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
    "D:\\pinnacle\\Programs\\RM.exe"=
    "D:\\pinnacle\\Programs\\Studio.exe"=
    "D:\\pinnacle\\Programs\\umi.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "22349:TCP"= 22349:TCP:BitComet 22349 TCP
    "22349:UDP"= 22349:UDP:BitComet 22349 UDP
    "12601:TCP"= 12601:TCP:BitComet 12601 TCP
    "12601:UDP"= 12601:UDP:BitComet 12601 UDP

    R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon []
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 08:12]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 11:03]
    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-24 08:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-06-30 14:48:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-06-23 20:14:44 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - user.job"
    - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-30 18:12:05
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-30 18:12:33
    ComboFix-quarantined-files.txt 2008-06-30 16:12:21
    ComboFix2.txt 2008-06-30 16:09:01

    Pre-Run: 111,248,113,664 octets libres
    Post-Run: 111,237,300,224 octets libres

    285 --- E O F --- 2008-06-29 00:40:56


    Hijackis :

    Citation :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:46:11, on 30/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\winamp\winampa.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\user\Bureau\HiJackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] D:\winamp\winampa.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALmnr
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA4.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9560 bytes
    30 Juin 2008 19:52:39

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    30 Juin 2008 21:57:53

    Voici mon rapport Malware ;)  :

    Citation :
    Malwarebytes' Anti-Malware 1.19
    Version de la base de données: 909
    Windows 5.1.2600 Service Pack 2

    21:52:29 30/06/2008
    mbam-log-6-30-2008 (21-52-29).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 140078
    Temps écoulé: 1 hour(s), 40 minute(s), 30 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 26

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\VundoFix Backups\awtsQIaw.dll.bad.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\VundoFix Backups\geBrpoOF.dll.bad.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\VundoFix Backups\khfEVLEu.dll.bad.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\VundoFix Backups\ljJYpMca.dll.bad.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\VundoFix Backups\nnnoOfdB.dll.bad.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\VundoFix Backups\qoMfcDuu.dll.bad.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\VundoFix Backups\rqRJYpqO.dll.bad.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\cfgxermo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\qoMfcYst.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP367\A0046115.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP379\A0049583.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP379\A0049584.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP379\A0049585.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP379\A0049586.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP379\A0049587.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP379\A0049588.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP379\A0049590.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP379\A0049591.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP381\A0049833.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP381\A0049839.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP384\A0049878.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP385\A0050126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP385\A0050150.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP387\A0050305.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C6A3BDDC-9852-4B60-B46B-E5D23EE56C09}\RP388\A0051220.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    30 Juin 2008 22:00:46

    Re,

    Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
    NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    Comment va le PC ? Toujours des problèmes ?

    ;) 
    30 Juin 2008 22:10:34

    Whow...déjà merci et bravo pour la rapidité !

    Voici le main.txt :

    Citation :
    Deckard's System Scanner v20071014.68
    Run by user on 2008-06-30 22:06:12
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    166: 2008-06-30 20:06:20 UTC - RP391 - Deckard's System Scanner Restore Point
    165: 2008-06-30 16:11:26 UTC - RP390 - ComboFix created restore point
    164: 2008-06-30 16:06:36 UTC - RP389 - ComboFix created restore point
    163: 2008-06-30 14:42:22 UTC - RP388 - ComboFix created restore point
    162: 2008-06-30 02:35:05 UTC - RP387 - Installed Pilote vidéo Pinnacle.


    -- First Restore Point --
    1: 2008-06-28 15:07:58 UTC - RP226 - Supprimé Call of Duty(R) 4 - Modern Warfare(TM)


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as user.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:06:44, on 30/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\winamp\winampa.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\user\Bureau\dss.exe
    C:\DOCUME~1\user\Bureau\user.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] D:\winamp\winampa.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALmnr
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA4.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9585 bytes

    -- File Associations -----------------------------------------------------------

    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
    R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
    R2 enodpl - c:\windows\system32\drivers\enodpl.sys
    R2 tandpl - c:\windows\system32\drivers\tandpl.sys
    R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
    R3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>

    S3 catchme - c:\combofix\catchme.sys (file missing)
    S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
    S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&1400782C&0
    Manufacturer: Logitech
    Name: PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&1400782C&0
    Service: i8042prt


    -- Scheduled Tasks -------------------------------------------------------------

    2008-06-30 21:57:10 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    2008-06-30 20:01:06 590 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - user.job
    2008-06-24 10:55:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-05-30 and 2008-06-30 -----------------------------

    2008-06-30 20:00:07 0 d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
    2008-06-30 20:00:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-30 20:00:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-30 18:06:53 6736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS <Not Verified; Sysinternals - www.sysinternals.com; Process Explorer>
    2008-06-30 04:35:16 171520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
    2008-06-30 04:35:07 0 d-------- C:\Program Files\Fichiers communs\Pinnacle
    2008-06-30 04:34:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
    2008-06-30 04:34:03 0 dr------- C:\Documents and Settings\user\Mes documents
    2008-06-30 04:29:57 0 d-------- C:\Program Files\Pinnacle
    2008-06-30 04:29:57 0 d-------- C:\Program Files\Fichiers communs\Yahoo!
    2008-06-30 04:29:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Studio 12
    2008-06-30 04:29:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
    2008-06-30 04:23:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-06-30 04:06:23 0 d-------- C:\divx
    2008-06-29 23:27:06 68096 --a------ C:\WINDOWS\zip.exe
    2008-06-29 23:27:06 49152 --a------ C:\WINDOWS\VFind.exe
    2008-06-29 23:27:06 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-06-29 23:27:06 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-06-29 23:27:06 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-06-29 23:27:06 98816 --a------ C:\WINDOWS\sed.exe
    2008-06-29 23:27:06 80412 --a------ C:\WINDOWS\grep.exe
    2008-06-29 23:27:06 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-06-29 22:11:21 691545 --a------ C:\WINDOWS\unins000.exe
    2008-06-29 22:11:20 2554 --a------ C:\WINDOWS\unins000.dat
    2008-06-29 02:54:56 0 d-------- C:\Program Files\Lavasoft
    2008-06-29 02:54:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-28 18:31:27 0 dr-h----- C:\Documents and Settings\user\Recent
    2008-06-28 17:34:03 0 d-------- C:\Documents and Settings\user\Application Data\Grisoft
    2008-06-28 17:21:10 0 d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-06-28 17:21:10 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies
    2008-06-28 17:21:10 0 d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-06-28 17:21:10 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
    2008-06-28 17:21:10 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
    2008-06-28 17:21:09 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
    2008-06-28 17:21:08 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-06-28 17:21:08 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-06-28 17:21:08 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
    2008-06-28 17:21:08 0 d--h----- C:\Documents and Settings\Administrateur\Recent
    2008-06-28 17:21:08 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-06-28 17:21:08 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-06-28 17:21:08 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-06-28 17:21:07 786432 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
    2008-06-28 17:15:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-06-28 17:15:07 0 d-------- C:\Program Files\RegCleaner
    2008-06-28 17:14:39 0 d-------- C:\Program Files\Windows Defender
    2008-06-28 06:48:53 0 d-------- C:\Program Files\Fichiers communs\Logishrd
    2008-06-28 06:15:59 0 d-------- C:\Program Files\Ulead Systems
    2008-06-17 20:16:36 0 d-------- C:\Documents and Settings\user\Application Data\SPORE Creature Creator
    2008-06-03 11:02:47 4736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
    2008-06-03 11:02:47 7552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
    2008-05-31 04:13:49 0 d-------- C:\Program Files\CCleaner
    2008-05-31 01:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-05-31 01:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
    2008-05-31 01:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


    -- Find3M Report ---------------------------------------------------------------

    2008-06-30 22:06:05 0 d-------- C:\Documents and Settings\user\Application Data\Xfire
    2008-06-30 21:58:23 461404 --a------ C:\WINDOWS\system32\perfh00C.dat
    2008-06-30 21:58:23 72366 --a------ C:\WINDOWS\system32\perfc00C.dat
    2008-06-30 16:37:14 0 d-------- C:\Program Files\Steam
    2008-06-30 16:36:25 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
    2008-06-30 04:35:07 0 d-------- C:\Program Files\Fichiers communs
    2008-06-30 04:02:54 0 d-------- C:\Program Files\DivX
    2008-06-29 04:03:38 0 d-------- C:\Program Files\Windows NT
    2008-06-29 02:53:56 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-28 06:49:58 0 d-------- C:\Program Files\Fichiers communs\Logitech
    2008-06-28 06:48:56 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-28 06:17:07 0 d-------- C:\Program Files\Fichiers communs\Ulead Systems
    2008-06-25 02:44:58 0 d-------- C:\Program Files\Xfire
    2008-06-22 21:36:08 0 d-------- C:\Program Files\MediaCoder
    2008-06-19 16:50:59 0 d-------- C:\Documents and Settings\user\Application Data\Dr. DivX 2.0 OSS
    2008-06-14 04:56:11 0 d-------- C:\Documents and Settings\user\Application Data\FileZilla
    2008-06-14 04:34:20 0 d-------- C:\Documents and Settings\user\Application Data\XnView
    2008-06-11 01:27:44 0 d-------- C:\Documents and Settings\user\Application Data\Creative
    2008-06-05 16:50:31 0 d-------- C:\Program Files\SystemRequirementsLab
    2008-06-05 16:50:31 0 d-------- C:\Documents and Settings\user\Application Data\SystemRequirementsLab
    2008-06-03 00:05:19 0 d-------- C:\Program Files\Symantec
    2008-06-01 02:51:01 0 d-------- C:\Program Files\Java
    2008-05-26 15:28:45 0 d-------- C:\Program Files\BitComet
    2008-05-25 00:04:13 0 d-------- C:\Documents and Settings\user\Application Data\X-Chat 2
    2008-05-23 00:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-05-23 00:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-05-23 00:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-22 19:41:14 0 d-------- C:\Documents and Settings\user\Application Data\winamp
    2008-05-21 19:12:06 0 d-------- C:\Documents and Settings\user\Application Data\Bioshock
    2008-05-20 00:06:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-05-19 02:34:11 0 d-------- C:\Documents and Settings\user\Application Data\Mozilla
    2008-05-13 15:39:49 0 d-------- C:\Program Files\Messenger
    2008-05-12 16:09:32 0 d-------- C:\Program Files\Webcam Video Capture
    2008-05-11 09:33:37 0 d-------- C:\Program Files\OpenAL
    2008-05-08 17:14:54 0 d-------- C:\Documents and Settings\user\Application Data\Ankh
    2008-04-29 19:52:51 2337865 --a------ C:\WINDOWS\system32\pbsvc.exe
    2008-04-08 00:33:05 552 --a------ C:\WINDOWS\system32\d3d8caps.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    03/02/2008 20:04 116088 --a------ C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [21/03/2007 08:49 C:\WINDOWS\RTHDCPL.exe]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [08/12/2003 17:35]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [16/09/2007 19:07]
    "nwiz"="nwiz.exe" [16/09/2007 19:07 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [16/09/2007 19:07]
    "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [20/03/2006 21:43]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/12/2007 11:56]
    "WinampAgent"="D:\winamp\winampa.exe" [20/12/2007 17:16]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [07/08/2007 02:05]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [31/01/2008 14:15]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [24/08/2007 22:53]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [07/09/2006 19:19]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [16/02/2008 03:29]
    "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [03/03/2007 14:12]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 11:25]
    "Kernel and Hardware Abstraction Layer"="KHALmnr" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [01/03/2007 08:01]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [28/09/2006 21:09]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 14:00]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [02/07/2007 12:27]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [19/12/2007 22:13]

    C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe [03/06/2008 02:56:46]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [28/06/2008 06:49:48]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=0 (0x0)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=0 (0x0)
    "HideStartupScripts"=0 (0x0)
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 02/05/2008 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
    C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe




    -- End of Deckard's System Scanner: finished at 2008-06-30 22:07:28 ------------



    Et le extra.txt :

    Citation :
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Édition familiale (build 2600) SP 2.0
    Architecture: X86; Language: French

    CPU 0: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
    CPU 1: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
    Percentage of Memory in Use: 27%
    Physical Memory (total/avail): 2047.04 MiB / 1486.97 MiB
    Pagefile Memory (total/avail): 3939.68 MiB / 3409.59 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1931.73 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 172.78 GiB total, 103.59 GiB free.
    D: is Fixed (NTFS) - 292.98 GiB total, 261.44 GiB free.
    E: is CDROM (No Media)
    F: is CDROM (No Media)
    G: is CDROM (No Media)
    H: is CDROM (No Media)
    I: is Removable (No Media)

    \\.\PHYSICALDRIVE0 - ST3500830AS - 465.76 GiB - 2 partitions
    \PARTITION0 (bootable) - Système de fichiers installable - 172.78 GiB - C:
    \PARTITION1 - Système de fichiers installable - 292.98 GiB - D:

    \\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.

    FW: Norton AntiVirus v15.0.0.58 (Symantec Corporation)
    AV: Norton AntiVirus v15.0.0.58 (Symantec Corporation) Disabled

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
    "C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
    "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
    "C:\\Program Files\\Steam\\steamapps\\khorzeam\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\khorzeam\\team fortress 2\\hl2.exe:*:Enabled:hl2"
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:p nkBstrA"
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:p nkBstrB"
    "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"="C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe:*:Enabled:Gears of War"
    "D:\\pinnacle\\Programs\\RM.exe"="D:\\pinnacle\\Programs\\RM.exe:*:Enabled:Render Manager"
    "D:\\pinnacle\\Programs\\Studio.exe"="D:\\pinnacle\\Programs\\Studio.exe:*:Enabled:Studio"
    "D:\\pinnacle\\Programs\\umi.exe"="D:\\pinnacle\\Programs\\umi.exe:*:Enabled:umi"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\user\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Fichiers communs
    COMPUTERNAME=PRIV-C1222E864B
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\user
    LOGONSERVER=\\PRIV-C1222E864B
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Satsuki Decoder Pack\filtres
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f0b
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
    TMP=C:\DOCUME~1\user\LOCALS~1\Temp
    USERDOMAIN=PRIV-C1222E864B
    USERNAME=user
    USERPROFILE=C:\Documents and Settings\user
    windir=C:\WINDOWS
    __COMPAT_LAYER=EnableNXShowUI


    -- User Profiles ---------------------------------------------------------------

    user (admin)
    Administrateur (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x040c
    --> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x040c
    --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x040c
    --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x040c
    --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x040c
    --> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x040c
    --> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
    --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> MsiExec /X{7032E73F-68A0-48F9-8100-E70E79169BAE}
    --> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x40c /remove
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x40c
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    3DMark06 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AE27FE6-05DB-40CB-A29E-2945980ACE27}\setup.exe" -l0x9 -removeonly
    7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
    Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.0 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
    Advanced ZIP Password Recovery (remove only) --> C:\Program Files\ElcomSoft\AZPR\uninstall.exe
    AGEIA PhysX v6.12.02 --> MsiExec.exe /X{7032E73F-68A0-48F9-8100-E70E79169BAE}
    Ankh --> "D:\Jeux\Jeux-complets\Ankh\uninstall.exe"
    AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
    ASUS Gamer OSD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly
    Attansic Ethernet Utility --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
    Attansic L1 Gigabit Ethernet Driver --> rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
    AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
    AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    AVI GIF Converter 1.08 --> "C:\Program Files\AVI GIF Converter\unins000.exe"
    AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
    Barre d'outils MSN --> C:\Program Files\MSN Toolbar\01.01.2607.0\fr\mtbs.exe c
    BioShock --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe" -l0x40c -removeonly
    BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
    Camera RAW Plug-In for EPSON Creativity Suite --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x40c UNINST
    CamStudio --> C:\Program Files\CamStudio\uninstall.exe
    ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
    Codeur Windows Media Série 9 --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Codeur Windows Media Série 9 --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
    Correctif Lecteur Windows Media 10 - KB895316 --> "C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
    Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x40c /remove
    Creative System Information --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
    Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x40c /remove
    CX4300_5500_DX4400 Manuel --> C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\FRA\USE_G\DOCUNINS.EXE
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Dr. DivX 2.0 OSS --> C:\Program Files\DivX\Dr. DivX 2.0 OSS\Remove.exe
    EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
    EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
    EPSON Attach To Email --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
    EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x40c UNINST
    EPSON File Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
    EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
    EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
    FileZilla Client 3.0.6 --> C:\Program Files\FileZilla FTP Client\uninstall.exe
    Fraps (remove only) --> "D:\FRAPS\uninstall.exe"
    Gears of War --> C:\Program Files\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\Setup.exe -runfromtemp -l0x040c
    Gestionnaire de disques amovible Creative --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove
    Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
    Half-Life 2: Deathmatch --> "C:\Program Files\Steam\steam.exe" steam://uninstall/320
    Half-Life 2: Episode One --> "C:\Program Files\Steam\steam.exe" steam://uninstall/380
    Half-Life 2: Episode Two --> "C:\Program Files\Steam\steam.exe" steam://uninstall/420
    High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2 --> "C:\Documents and Settings\user\Bureau\HijackThis.exe" /uninstall
    InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
    LEGO® Indiana Jones™ --> C:\Program Files\InstallShield Installation Information\{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}\Setup.exe -runfromtemp -l0x040c
    LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
    LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
    Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
    Ma-Config.com plugin --> MsiExec.exe /I{D2D7529F-6B55-4C1C-BC9C-D6F1BCC066B6}
    Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    MediaCoder 0.6.0 --> C:\Program Files\MediaCoder\uninst.exe
    Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9111040C-6000-11D3-8CFE-0150048383C9}
    Microsoft PhotoDraw 2000 V2 --> MsiExec.exe /I{3C5EA394-1033-11D2-A2CB-00C04F72F31D}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
    Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    NoNameScript --> C:\Documents and Settings\user\Application Data\NoNameScript\nnuninstall.exe
    Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
    Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_0_0_58\Setup.exe" /X
    Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
    Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
    NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    Nvu 1.0 --> "C:\Program Files\Nvu\unins000.exe"
    OpenAL --> "C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
    Peggle Extreme --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3483
    Pilote vidéo Pinnacle --> MsiExec.exe /X{5EB90C06-964F-4195-B83E-BD7E55C88415}
    Pinnacle Studio 12 --> MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
    Portal --> "C:\Program Files\Steam\steam.exe" steam://uninstall/400
    PowerDVD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
    PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
    PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
    Quick Menu Builder 1.2 --> "C:\Program Files\Mattgo27 Apps\Quick Menu Builder\uninstall.exe"
    QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
    RAR Password Cracker 4.12 --> C:\Program Files\RAR Password Cracker\uninstall.exe
    RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
    Ri4m v5.0.1d --> C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
    SAGEM Wi-Fi 11g USB adapter (Driver) --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7421E270-0140-4F62-AE39-ECB9F1C81B35}\setup.exe" -l0x40c
    SAGEM Wi-Fi 11g USB adapter (Driver) --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2AA331E-E10E-438C-B1C0-24B2FFD3D9C4}\setup.exe" -l0x40c
    ScummVM 0.11.0 --> "D:\Jeux\Oldies\scumm\unins000.exe"
    SmartSound Quicktracks Plugin --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
    Source SDK Base --> "C:\Program Files\Steam\steam.exe" steam://uninstall/215
    SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
    SPORE™ L’atelier des Créatures – version d’essai --> "C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x040c -removeonly
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
    Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
    Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
    Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
    The Witcher --> "C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x040c -removeonly
    TmNationsForever --> "D:\Jeux\Jeux-complets\TmNationsForever\unins000.exe"
    Ulead VideoStudio 11 --> C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
    Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
    Winamp --> "D:\winamp\UninstWA.exe"
    Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
    XnView 1.92 --> "C:\Program Files\XnView\unins000.exe"
    ZENcast Organizer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x40c /remove


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type8469 / Error
    Event Submitted/Written: 06/30/2008 04:42:17 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Application bloquée nircmd.com, version 2.1.0.182, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Event Record #/Type8468 / Error
    Event Submitted/Written: 06/30/2008 04:42:16 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Application bloquée fraps.exe, version 2.8.1.6403, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Event Record #/Type8423 / Success
    Event Submitted/Written: 06/30/2008 05:07:16 AM
    Event ID/Source: 1102 / .NET Runtime Optimization Service
    Event Description:
    .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

    Event Record #/Type8421 / Success
    Event Submitted/Written: 06/30/2008 05:07:14 AM
    Event ID/Source: 1102 / .NET Runtime Optimization Service
    Event Description:
    .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

    Event Record #/Type8419 / Success
    Event Submitted/Written: 06/30/2008 05:07:14 AM
    Event ID/Source: 1102 / .NET Runtime Optimization Service
    Event Description:
    .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.Mobile, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type16233 / Error
    Event Submitted/Written: 06/30/2008 09:53:05 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""
    pour démarrer le serveur :
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Event Record #/Type16232 / Error
    Event Submitted/Written: 06/30/2008 08:07:13 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""
    pour démarrer le serveur :
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Event Record #/Type16231 / Error
    Event Submitted/Written: 06/30/2008 08:07:11 PM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
    AFD
    asuskbnt
    AVG Anti-Spyware Driver
    eeCtrl
    Fips
    i8042prt
    intelppm
    IPSec
    MRxSmb
    NetBIOS
    NetBT
    RasAcd
    Rdbss
    SCDEmu
    SPBBCDrv
    SRTSP
    SRTSPX
    SYMTDI
    Tcpip

    Event Record #/Type16230 / Error
    Event Submitted/Written: 06/30/2008 08:07:11 PM
    Event ID/Source: 7001 / Service Control Manager
    Event Description:
    Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas pu démarrer en raison de l'erreur :
    %%31

    Event Record #/Type16229 / Error
    Event Su
    30 Juin 2008 22:12:16

    Mince le post a été coupé, je disais par contre, je me demandais dans Malware > dans l'onglet quarantaine, y'a les "Trojan.vundo" dois-je cliquer sur "tout supprimer" ?
    1 Juillet 2008 18:21:52

    :hello:  Bonsoir,

    On va faire une dernière vérification, ça me semble bon :super:

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

    ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS