Se connecter / S'enregistrer
Votre question

Avast message de flood boite mail

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Mars 2008 21:19:10

Bonjour,
voila j'ai Avast qui me dit toute les 2 seconde que j'ai trode mail identiques envoyés dans un faible intervalle de temps
rapport hyjackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:32, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 13546 bytes

Rapport smitfraudfix:

SmitFraudFix v2.305

Rapport fait à 21:14:21,92, 17/03/2008
Executé à partir de C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propriétaire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propriétaire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\NetProject\ PRESENT !
C:\Program Files\Sotfone\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Hamachi Network Interface
DNS Server Search Order: 15.243.128.51
DNS Server Search Order: 15.243.160.51

Description: Bluetooth PAN Network Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

Description: Stick USB 802.11g OLITEC #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3CDA0133-B9D4-47D5-98C6-956C9BC3790E}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4A88FBE6-8BE0-4549-B885-40C9B3BA8B7D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3CDA0133-B9D4-47D5-98C6-956C9BC3790E}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4A88FBE6-8BE0-4549-B885-40C9B3BA8B7D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3CDA0133-B9D4-47D5-98C6-956C9BC3790E}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4A88FBE6-8BE0-4549-B885-40C9B3BA8B7D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Autres pages sur : avast message flood boite mail

17 Mars 2008 22:10:17

:hello: 

1) Redémarre en mode sans échec

Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.

Redémarre normalement.

Poste le rapport généré par SmitfraudFix ainsi qu’un nouveau hijackthis.

;) 

2) Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.
    18 Mars 2008 07:28:08

    voici les rapport :

    hyjackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:23:36, on 18/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 13457 bytes

    smitfraudfix :

    SmitFraudFix v2.305

    Rapport fait à 7:23:54,28, 18/03/2008
    Executé à partir de C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propriétaire


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propriétaire\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris


    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Hamachi Network Interface
    DNS Server Search Order: 15.243.128.51
    DNS Server Search Order: 15.243.160.51

    Description: Bluetooth PAN Network Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.30.1
    DNS Server Search Order: 0.0.0.0

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4A88FBE6-8BE0-4549-B885-40C9B3BA8B7D}: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{4A88FBE6-8BE0-4549-B885-40C9B3BA8B7D}: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{3CDA0133-B9D4-47D5-98C6-956C9BC3790E}: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{4A88FBE6-8BE0-4549-B885-40C9B3BA8B7D}: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin



    extra.txt :

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Édition familiale (build 2600) SP 2.0
    Architecture: X86; Language: French

    CPU 0: AMD Athlon(tm) 64 Processor 3500+
    Percentage of Memory in Use: 45%
    Physical Memory (total/avail): 959.36 MiB / 523.34 MiB
    Pagefile Memory (total/avail): 2313.75 MiB / 1834.89 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1934.75 MiB

    C: is Fixed (NTFS) - 143.44 GiB total, 95.97 GiB free.
    D: is Fixed (FAT32) - 5.6 GiB total, 0.69 GiB free.
    E: is CDROM (No Media)
    G: is Removable (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)
    J: is Removable (No Media)
    L: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD1600JS-60NCB1 - 149.05 GiB - 2 partitions
    \PARTITION0 (bootable) - Système de fichiers installable - 143.44 GiB - C:
    \PARTITION1 - Unknown - 5.61 GiB - D:

    \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

    \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

    \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

    \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.

    AV: avast! antivirus 4.7.1098 [VPS 080318-0] v4.7.1098 (ALWIL Software) Disabled

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"="C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe:*:Enabled:CmCenter Module"
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Metin2_France\\metin2.bin"="C:\\Program Files\\Metin2_France\\metin2.bin:*:D isabled:metin2"
    "C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
    "C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:D ownload Accelerator Plus (DAP)"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\StreamMyGame\\streamer_server.exe"="C:\\Program Files\\StreamMyGame\\streamer_server.exe:*:Enabled:Streamer Server"
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe:*:Enabled:Render Manager"
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe:*:Enabled:p MSRegisterFile"
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe:*:Enabled:umi"
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe:*:Enabled:p innacle VideoSpin"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
    "C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW Application"
    "C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"="C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe:*:Enabled:hl2"
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"="C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
    "C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "c:\\d.exe"="c:\\d.exe:*:Enabled:enable"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Compaq_Propriétaire\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Fichiers communs
    COMPUTERNAME=NOM-EB85C523610
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Compaq_Propriétaire
    LANG=fr
    LOGONSERVER=\\NOM-EB85C523610
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\Pinnacle\Shared Files
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=4f02
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SonicCentral=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
    USERDOMAIN=NOM-EB85C523610
    USERNAME=Compaq_Propriétaire
    USERPROFILE=C:\Documents and Settings\Compaq_Propriétaire
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Compaq_Propriétaire (admin)
    Administrateur (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    --> MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
    --> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2 --> C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
    Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
    Adobe Flash CS3 Professional --> C:\Program Files\Fichiers communs\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
    Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
    Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
    Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Reader 7.0.5 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70500000002}
    Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
    Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    AGEIA PhysX v7.03.21 --> MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
    Amélioration de nos services --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1036
    Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    µTorrent 1.6.1 (Build 490) --> C:\Program Files\utorrent\Uninstal.exe
    Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
    Audiosurf Demo --> "C:\Program Files\Steam\steam.exe" steam://uninstall/12910
    avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
    BlueSoleil --> MsiExec.exe /X{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}
    BS Hacker Unlimited (remove only) --> "C:\Program Files\BS Hacker Unlimited\Uninstall.exe"
    Cariboost 2.0 --> "C:\Program Files\Intuisphere\Cariboost 2.0\unins000.exe"
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    Condition Zero --> "C:\Program Files\Steam\steam.exe" steam://uninstall/80
    Condition Zero Deleted Scenes --> "C:\Program Files\Steam\steam.exe" steam://uninstall/100
    ConnectionServices --> "C:\Program Files\ConnectionServices\Uninstall.exe"
    Connexion Facile à Internet --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036
    Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB893357) --> "C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB906569) --> "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
    Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB883667 --> C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
    Correctif Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
    Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
    Correctif Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
    Correctif Windows XP - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Correctif Windows XP - KB892050 --> "C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
    Correctif Windows XP - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
    Dedicated Server --> "C:\Program Files\Steam\steam.exe" steam://uninstall/5
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
    E-Anim 8.01 --> C:\Program Files\E-Anim801\Uninstal.exe
    FileZilla Client 3.0.7 --> C:\Program Files\FileZilla Client\uninstall.exe
    Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    GetTubeVideo 2.0 --> C:\Program Files\GetTubeVideo 2.0\uninst.exe
    GIMP 2.4.1 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
    GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
    Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    GTK+ 2.10.13 runtime environment --> "C:\Program Files\Fichiers communs\GTK\2.0\setup\unins000.exe"
    Half-Life Model Viewer 1.25 --> C:\Program Files\Half-Life Model Viewer\Uninstal.exe
    Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
    High Definition Audio - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HLSW v1.2.1 --> "C:\Program Files\HLSW\unins000.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
    HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
    ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
    J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    K-Lite Mega Codec Pack 1.32 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
    Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
    LG GSM PC Components --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09A2D5BB-8184-4F56-9667-6692CC513792}\setup.exe" -l0x40c
    LG USB Modem Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c -removeonly
    LibUSB-Win32-0.1.10.1 --> "C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
    LimeWire PRO 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
    LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Macromedia Flash MX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x40c UNINSTALL
    Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works --> MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB912945) --> "C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
    Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSNTweaker 1.0 --> "C:\Program Files\MSNTweaker\unins000.exe"
    No-IP.com DUC (remove only) --> "C:\Program Files\No-IP\DUC20.exe" -uninstall
    Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
    NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
    OLITEC - Moniteur réseau 802.11g --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D526683-0E00-4EF9-9179-54B18C41C2AE}\setup.exe" -l0x40c -removeonly
    OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U
    OpenOffice.org 2.3 --> MsiExec.exe /I{FADB55D0-403F-4413-A268-CF0A6F1185C2}
    PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
    PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
    Pinnacle VideoSpin --> MsiExec.exe /X{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}
    PowerCinema --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
    PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
    PremiumSoft Navicat MySQL 7.2 --> "C:\Program Files\PremiumSoft\Navicat MySQL\unins000.exe"
    PS3.ProxyServer --> MsiExec.exe /I{FE4086E1-FA7F-4A7A-8FC5-061337B5787E}
    PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
    Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
    Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
    Quest3D Viewers 3.0e --> "C:\Program Files\Act-3D\Quest3D Viewers 3.0e\unins000.exe"
    Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
    Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
    Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    SteamKeyFr --> MsiExec.exe /I{AFBF6A33-DA20-4739-91D9-24EE1B2485C2}
    StreamMyGame software --> "c:\Program Files\StreamMyGame\uninstall.exe"
    SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
    System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
    TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
    Trust WB-3100P Portable Webcam --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}\Setup.exe" -l0x9
    TVersity Media Server 0.9.10.7 (beta) --> C:\Program Files\TVersity\Media Server\uninst.exe
    Valve Hammer Editor --> C:\WORLDC~1\UNWISE.EXE C:\WORLDC~1\INSTALL.LOG
    VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Visionneuse Journal Windows Microsoft --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
    VMN Toolbar --> C:\Program Files\vmntoolbar\uninstall.exe
    WampServer 2.0 --> "c:\wamp\unins000.exe"
    Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
    Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Live Writer --> MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    World of Warcraft --> C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
    Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Toolbar avec bloqueur de fenêtres pop-up --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
    ZHLT Compile GUI v8 --> C:\Program Files\eddi's Tools\ZHLT Compile GUI\Uninstall.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type13791 / Error
    Event Submitted/Written: 03/18/2008 07:22:36 AM
    Event ID/Source: 8 / crypt32
    Event Description:
    Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update...; avec l'erreur : Cette connexion réseau n'existe pas.

    Event Record #/Type13790 / Error
    Event Submitted/Written: 03/18/2008 07:22:33 AM
    Event ID/Source: 8 / crypt32
    Event Description:
    Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update...; avec l'erreur : The server name or address could not be resolved

    Event Record #/Type13742 / Success
    Event Submitted/Written: 03/17/2008 07:14:39 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type13708 / Success
    Event Submitted/Written: 03/17/2008 05:17:03 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type13679 / Success
    Event Submitted/Written: 03/16/2008 10:33:44 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type38185 / Warning
    Event Submitted/Written: 03/18/2008 07:20:58 AM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

    Event Record #/Type38180 / Error
    Event Submitted/Written: 03/18/2008 07:20:13 AM
    Event ID/Source: 31008 / ipnathlp
    Event Description:
    L'agent proxy DNS n'a pas pu lire la liste locale des serveurs de résolution
    de noms à partir du registre.
    La donnée est le code de l'erreur.

    Event Record #/Type38179 / Error
    Event Submitted/Written: 03/18/2008 07:20:13 AM
    Event ID/Source: 4311 / NetBT
    Event Description:
    L'initialisation a échoué car le pilote de périphérique n'a pas pu être créé.

    Event Record #/Type38178 / Error
    Event Submitted/Written: 03/18/2008 07:20:13 AM
    Event ID/Source: 4311 / NetBT
    Event Description:
    L'initialisation a échoué car le pilote de périphérique n'a pas pu être créé.

    Event Record #/Type38154 / Error
    Event Submitted/Written: 03/18/2008 07:15:50 AM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
    IntelIde
    ViaIde



    -- End of Deckard's System Scanner: finished at 2008-03-18 07:23:04 ------------



    main.txt :

    Deckard's System Scanner v20071014.68
    Run by Compaq_Propriétaire on 2008-03-18 07:21:08
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 4 Restore Point(s) --
    4: 2008-03-18 06:21:13 UTC - RP264 - Deckard's System Scanner Restore Point
    3: 2008-03-17 19:36:17 UTC - RP263 - Spyware Terminator - restore point
    2: 2008-03-17 16:54:37 UTC - RP262 - ccm
    1: 2008-03-17 16:47:58 UTC - RP261 - Point de vérification système


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Compaq_Propriétaire.exe) ---------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:22:25, on 18/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
    c:\windows\system\hpsysdrv.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Compaq_Propriétaire.exe
    C:\WINDOWS\system32\wscntfy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\opnnolj.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {83D6FE82-1BCC-475E-B01C-D0B61F228C42} - C:\WINDOWS\system32\gebcy.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [S
    Contenus similaires
    18 Mars 2008 13:51:33

    :hello: 

    Rapport dss incomplet :) 
    18 Mars 2008 16:54:22

    voici le nouveau rapport :

    Deckard's System Scanner v20071014.68
    Run by Compaq_Propriétaire on 2008-03-18 16:48:38
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Compaq_Propriétaire.exe) ---------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:48:43, on 18/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\opnnolj.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {D7E83927-B7F3-46B1-8BD8-8433ED0C03DA} - C:\WINDOWS\system32\gebcy.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: opnnolj - C:\WINDOWS\SYSTEM32\opnnolj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 14677 bytes

    -- Files created between 2008-02-18 and 2008-03-18 -----------------------------

    2008-03-17 21:13:30 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-03-17 21:12:09 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-17 21:12:09 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2008-03-17 21:12:09 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2008-03-17 21:12:09 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2008-03-17 21:12:09 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2008-03-17 21:12:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-17 20:47:57 0 d--hs---- C:\Documents and Settings\Compaq_Propriétaire\Recent
    2008-03-17 20:15:15 87616 --a------ C:\WINDOWS\system32\mksxykmq.dll
    2008-03-17 20:12:31 93760 --a------ C:\WINDOWS\system32\icfpgkck.dll
    2008-03-17 19:27:17 0 d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-17 19:24:52 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Grisoft
    2008-03-16 22:22:40 0 d-------- C:\Program Files\CCleaner
    2008-03-16 22:17:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-16 22:17:01 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-16 20:11:52 92224 --a------ C:\WINDOWS\system32\qjxstnvn.dll
    2008-03-16 20:10:35 204915 --ahs---- C:\WINDOWS\system32\ycbeg.ini2
    2008-03-16 20:10:34 63 --a------ C:\WINDOWS\system32\fc17b104
    2008-03-16 20:10:33 290816 --a------ C:\WINDOWS\system32\gebcy.dll
    2008-03-16 19:49:12 0 d-------- C:\Program Files\a-squared Free
    2008-03-16 19:45:33 36864 --a------ C:\WINDOWS\system32\service.exe
    2008-03-16 19:44:48 54882 --a------ C:\WINDOWS\kjo23bk.dll
    2008-03-16 19:44:19 36864 --a------ C:\WINDOWS\system32\opnnolj.dll
    2008-03-16 05:02:47 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
    2008-03-16 05:02:47 394240 --a------ C:\WINDOWS\system32\Smab.dll
    2008-03-16 05:02:47 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
    2008-03-16 05:02:47 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
    2008-03-16 05:02:47 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
    2008-03-16 05:02:47 66560 --a------ C:\WINDOWS\MOTA113.exe
    2008-03-16 05:02:46 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
    2008-03-16 05:02:46 217073 --a------ C:\WINDOWS\meta4.exe
    2008-03-16 05:02:36 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
    2008-03-16 05:02:35 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
    2008-03-16 05:02:27 0 d-------- C:\Program Files\eRightSoft
    2008-03-16 05:00:06 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
    2008-03-16 04:59:26 60416 --a------ C:\WINDOWS\system32\dsetup.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
    2008-03-16 04:59:26 0 d-------- C:\Program Files\Fichiers communs\GeoVid
    2008-03-16 04:56:04 0 d-------- C:\3gptemp
    2008-03-16 04:54:05 0 d-------- C:\Program Files\MIKSOFT
    2008-03-16 04:52:07 0 d-------- C:\Program Files\Magicbit
    2008-03-16 04:11:33 0 d-------- C:\Temp
    2008-03-16 03:56:04 0 d-------- C:\Program Files\GetTubeVideo 2.0
    2008-03-16 03:18:04 0 d-------- C:\Program Files\IntelliTamper
    2008-03-15 17:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-15 17:55:27 0 d-------- C:\Program Files\QuickTime
    2008-03-15 17:53:05 0 d-------- C:\Program Files\Bonjour
    2008-03-15 17:44:08 0 d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-03-12 07:30:53 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
    2008-03-08 09:53:55 0 d-------- C:\Program Files\Act-3D
    2008-03-07 07:10:26 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-07 07:10:19 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-07 07:10:04 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
    2008-03-07 07:09:42 0 d-------- C:\WINDOWS\system32\ZoneLabs
    2008-03-07 07:09:04 0 d-------- C:\WINDOWS\Internet Logs
    2008-03-06 20:51:18 138752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-06 20:51:17 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
    2008-03-06 20:51:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-06 20:51:14 0 d-------- C:\Program Files\Spyware Terminator
    2008-03-06 20:36:03 0 d-------- C:\Program Files\Fichiers communs\Panda Software
    2008-03-05 21:50:51 30615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:49:05 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:48:52 0 d-------- C:\Program Files\VisualRoute Lite Edition
    2008-03-04 17:51:50 68096 --a------ C:\WINDOWS\system32\zip.exe
    2008-03-04 17:51:50 98816 --a------ C:\WINDOWS\system32\sed.exe
    2008-03-04 17:51:50 80412 --a------ C:\WINDOWS\system32\grep.exe
    2008-03-04 17:51:50 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-03-04 17:44:37 0 d-------- C:\Program Files\Trend Micro
    2008-03-02 21:32:26 0 d-------- C:\Program Files\E-Anim801
    2008-03-02 01:53:11 0 d-------- C:\Program Files\Microsoft Games
    2008-03-02 00:37:25 0 d-------- C:\Program Files\NeoTrace Express
    2008-03-01 19:40:16 0 d-------- C:\Program Files\Steam
    2008-02-28 23:23:41 0 d-------- C:\Documents and Settings\All Users\Application Data\eGames
    2008-02-28 23:23:25 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
    2008-02-28 13:33:51 0 d-------- C:\Program Files\BS Hacker Unlimited
    2008-02-28 13:18:55 2904 --a------ C:\WINDOWS\system32\dsoudd.dll
    2008-02-25 21:30:35 0 d-------- C:\Program Files\Half-Life Model Viewer
    2008-02-24 23:20:21 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
    2008-02-24 23:20:07 0 d-------- C:\Program Files\Hamachi
    2008-02-24 00:15:36 0 d-------- C:\Program Files\css no-steam
    2008-02-23 13:38:31 0 d-------- C:\pacsteam
    2008-02-23 02:49:26 0 d---s---- C:\Program Files\HLSW
    2008-02-23 02:49:26 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
    2008-02-22 20:26:49 21344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys <Not Verified; FreeBox SA; Carte réseau virtuelle FreeBox USB pour Windows 2000/XP>
    2008-02-22 20:15:52 0 d-------- C:\Program Files\Free
    2008-02-21 19:52:24 0 d-------- C:\Program Files\Fichiers communs\logishrd
    2008-02-21 10:53:46 0 d-------- C:\Program Files\SteamKeyFr
    2008-02-20 19:23:00 57344 --a------ C:\WINDOWS\system32\rsnpstd2.dll <Not Verified; ; ResourceDLL>
    2008-02-20 19:22:58 0 d-------- C:\Program Files\Trust
    2008-02-19 11:02:26 18944 --a------ C:\WINDOWS\system32\libusbd-nt.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
    2008-02-19 11:02:26 19456 --a------ C:\WINDOWS\system32\libusbd-9x.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
    2008-02-19 10:39:29 0 d-------- C:\Program Files\Sega


    -- Find3M Report ---------------------------------------------------------------

    2008-03-18 16:47:27 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
    2008-03-18 16:43:22 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
    2008-03-18 07:23:57 4140 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-18 03:42:44 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
    2008-03-17 20:14:06 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
    2008-03-17 19:10:47 12 --a------ C:\WINDOWS\bthservsdp.dat
    2008-03-16 20:03:00 0 d-------- C:\Program Files\Fichiers communs
    2008-03-16 01:10:36 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Adobe
    2008-03-15 17:53:02 0 d-------- C:\Program Files\Fichiers communs\Adobe
    2008-03-15 13:03:15 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
    2008-03-13 17:03:36 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
    2008-03-12 20:55:03 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
    2008-03-08 20:42:59 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
    2008-03-07 18:38:40 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
    2008-03-06 20:33:16 0 d-------- C:\Program Files\ConnectionServices
    2008-03-05 13:10:48 0 d-------- C:\Program Files\Java
    2008-03-02 01:53:15 13312 --a-s---- C:\WINDOWS\system32\xskmoqx.dll
    2008-03-01 21:42:20 0 d-------- C:\Program Files\StreamMyGame
    2008-03-01 20:11:35 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-03-01 19:39:09 0 d-------- C:\Program Files\BoontyGames
    2008-03-01 00:14:09 0 d-------- C:\Program Files\LimeWire
    2008-02-29 17:10:19 0 d-------- C:\Program Files\Windows Live Safety Center
    2008-02-28 01:17:43 0 d-------- C:\Program Files\Windows Live
    2008-02-27 17:10:22 0 d-------- C:\Program Files\World of Warcraft
    2008-02-24 22:45:49 506368 --a------ C:\WINDOWS\system32\winlogon.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
    2008-02-22 22:15:35 0 d-------- C:\Program Files\eddi's Tools
    2008-02-21 16:10:14 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
    2008-02-20 18:05:17 0 d-------- C:\Program Files\Movie Maker
    2008-02-19 17:07:11 0 d-------- C:\Program Files\FileZilla Client
    2008-02-19 11:02:26 0 d-------- C:\Program Files\LibUSB-Win32-0.1.10.1
    2008-02-19 07:23:31 0 d-------- C:\Program Files\Vista Drive Icon
    2008-02-03 17:54:16 0 d-------- C:\Program Files\Pinnacle
    2008-02-03 17:54:16 0 d-------- C:\Program Files\Fichiers communs\Yahoo!
    2008-02-03 14:06:24 0 d-------- C:\Program Files\Riva
    2008-02-03 13:01:08 0 d-------- C:\Program Files\Ripp-it_AM
    2008-02-02 15:15:52 0 d-------- C:\Program Files\Audacity
    2008-02-02 11:48:08 0 d-------- C:\Program Files\No-IP
    2008-02-01 11:17:40 587264 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Galerie de photos Windows Live>
    2008-01-28 21:55:08 0 d-------- C:\Program Files\AviSynth 2.5
    2008-01-28 16:44:25 0 d-------- C:\Program Files\PowerISO
    2008-01-18 18:40:45 470040 --a------ C:\WINDOWS\system32\perfh00C.dat
    2008-01-18 18:40:45 76376 --a------ C:\WINDOWS\system32\perfc00C.dat
    2007-12-21 18:25:03 1290 --a------ C:\WINDOWS\mozver.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03B902B1-9B25-4173-9468-56775C85A8D4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70AB0A8B-8A8A-496F-A339-4CD2F3352991}]
    16/03/2008 19:44 36864 --a------ C:\WINDOWS\system32\opnnolj.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7E83927-B7F3-46B1-8BD8-8433ED0C03DA}]
    16/03/2008 20:10 290816 --a------ C:\WINDOWS\system32\gebcy.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [08/03/2006 12:54 C:\WINDOWS\RTHDCPL.EXE]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [25/02/2006 02:46]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [22/07/2005 22:14]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [15/02/2006 22:34]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [17/02/2005 06:11]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 09:48]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [05/08/2004 12:00 C:\WINDOWS\system32\bthprops.cpl]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
    "VisualTooltip"="C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe" [25/04/2007 09:45]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/10/2007 17:14]
    "nwiz"="nwiz.exe" [25/01/2006 03:15 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/10/2007 17:14]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 10:22]
    "SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [30/08/2004 16:37]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [06/03/2008 20:51]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
    "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 12:00]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/02/2008 17:22]
    "Steam"="C:\Program Files\Steam\Steam.exe" [01/03/2008 19:40]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"=0 (0x0)
    "NoFind"=0 (0x0)
    "NoRun"=0 (0x0)
    "NoDesktop"=0 (0x0)
    "NoClose"=0 (0x0)
    "StartMenuLogOff"=0 (0x0)
    "HideClock"=0 (0x0)
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{70AB0A8B-8A8A-496F-A339-4CD2F3352991}"= C:\WINDOWS\system32\opnnolj.dll [16/03/2008 19:44 36864]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
    opnnolj.dll 16/03/2008 19:44 36864 C:\WINDOWS\system32\opnnolj.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
    AutoRun\command- K:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
    AutoRun\command- K:\Autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
    C:\WINDOWS\system32\msbifx.com



    -- End of Deckard's System Scanner: finished at 2008-03-18 16:49:02 ------------

    18 Mars 2008 17:01:55

    Re,

    Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

    http://www.atribune.org/ccount/click.php?id=4

  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note:
    Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".
    18 Mars 2008 17:57:10

    voila le rapoort hijackthis (le virus est toujours présent) :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:53:23, on 18/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\opnnolj.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9BD3E296-38E3-4D33-9B84-C81397AD6962} - C:\WINDOWS\system32\gebcy.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: opnnolj - C:\WINDOWS\SYSTEM32\opnnolj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 14225 bytes
    18 Mars 2008 18:10:15

    Re,

    1) Affiche les fichiers et dossiers cachés …
    Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
    Ensuite, clique sur > Outils > Options des dossiers ...
    clique sur l' onglet « Affichage » et ...
    coche ---> Afficher les fichiers et dossiers cachés
    décoche > Masquer les extensions des fichiers dont le type est connu
    décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
    « Appliquer » et « OK ».

    2) Désactive toute protection résidente ( antivirus…) !

    Télécharge Combofix de sUBs :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !


    Redémarre en mode sans échecs : aide ici >>>

    http://forum.telecharger.01net.com/telecharger/virus_et...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    3) Copie/colle un nouveau rapport HiJackThis avec.
    18 Mars 2008 19:01:09

    voila fini et le virus est toujours la :'(  :

    log.txt :

    ComboFix 08-03-17.1 - Compaq_Propriétaire 2008-03-18 18:32:54.2 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.764 [GMT 1:00]
    Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    .
    TimeOut - progfile.dat

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\icfpgkck.dll
    C:\WINDOWS\system32\nvntsxjq.ini
    C:\WINDOWS\system32\opnnolj.dll
    C:\WINDOWS\system32\qjxstnvn.dll
    C:\WINDOWS\system32\service.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_{FBE1D620-5418-4AAE-A0F0-316D590663A1}
    -------\Service_{FBE1D620-5418-4aae-A0F0-316D590663A1}


    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-18 17:24 . 2008-03-18 17:43 <REP> d-------- C:\VundoFix Backups
    2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
    2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-17 21:12 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-17 21:12 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-17 21:12 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-17 21:12 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-17 21:12 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-17 21:12 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
    2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
    2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
    2008-03-16 19:44 . 2008-03-16 19:44 54,882 --a------ C:\WINDOWS\kjo23bk.dll
    2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
    2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
    2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
    2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
    2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
    2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
    2008-03-16 04:11 . 2008-03-16 04:43 <REP> d-------- C:\Temp
    2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
    2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
    2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
    2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
    2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
    2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-03-06 20:51 . 2008-03-18 16:47 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-03-06 20:51 . 2008-03-18 16:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
    2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
    2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
    2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
    2008-03-01 19:40 . 2008-03-18 18:40 <REP> d-------- C:\Program Files\Steam
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
    2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
    2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
    2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
    2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
    2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
    2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
    2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
    2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
    2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
    2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free
    2008-02-21 19:52 . 2008-02-21 19:52 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
    2008-02-21 10:53 . 2008-02-21 10:53 <REP> d-------- C:\Program Files\SteamKeyFr
    2008-02-20 19:23 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
    2008-02-20 19:23 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
    2008-02-20 19:23 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
    2008-02-20 19:23 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
    2008-02-20 19:23 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
    2008-02-20 19:23 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
    2008-02-20 19:23 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
    2008-02-20 19:23 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
    2008-02-20 19:22 . 2008-02-20 19:22 <REP> d-------- C:\Program Files\Trust
    2008-02-20 19:22 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe
    2008-02-19 11:02 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe
    2008-02-19 11:02 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe
    2008-02-19 10:39 . 2008-02-19 22:47 <REP> d-------- C:\Program Files\Sega

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-18 17:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
    2008-03-17 15:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
    2008-03-05 12:10 --------- d-----w C:\Program Files\Java
    2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
    2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-01 18:39 --------- d-----w C:\Program Files\BoontyGames
    2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
    2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
    2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
    2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
    2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
    2008-02-19 06:23 --------- d-----w C:\Program Files\Vista Drive Icon
    2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
    2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
    2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
    2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
    2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
    2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
    2008-02-02 14:15 --------- d-----w C:\Program Files\Audacity
    2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
    2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
    2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
    2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
    2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
    2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .
    Files Infected - Win32.Agent.zb
    .

    ------- Sigcheck -------

    2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-01 19:40 1266936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 02:46 147456]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 09:48 57344]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "VisualTooltip"="C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe" [2007-04-25 09:45 956928]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "nwiz"="nwiz.exe" [2006-01-25 03:15 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
    "SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 16:37 286720]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
    opnnolj.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Metin2_France\\metin2.bin"=
    "C:\\Program Files\\ICQ6\\ICQ.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\HLSW\\hlsw.exe"=
    "C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "41952:TCP"= 41952:TCP:MediaServer.exe
    "80:TCP"= 80:TCP:Serveur WOW
    "80:UDP"= 80:UDP:Serveur W0W
    "3427:TCP"= 3427:TCP:Serveur WOW
    "3427:UDP"= 3427:UDP:Serveur WOW
    "8085:TCP"= 8085:TCP:Serveur wow
    "8085:UDP"= 8085:UDP:Serveur wow
    "3724:UDP"= 3724:UDP:Serveur wow
    "2443:TCP"= 2443:TCP:Serveur wow
    "2443:UDP"= 2443:UDP:Serveur wow
    "8080:TCP"= 8080:TCP:Serveur wow
    "8080:UDP"= 8080:UDP:Serveur wow
    "3306:TCP"= 3306:TCP:Serveur wow
    "3306:UDP"= 3306:UDP:Serveur wow
    "3724:TCP"= 3724:TCP:serveur wow
    "8129:TCP"= 8129:TCP:serveur wow
    "8129:UDP"= 8129:UDP:serveur wow
    "8093:TCP"= 8093:TCP:serveur wow
    "8093:UDP"= 8093:UDP:serveur wow
    "27015:UDP"= 27015:UDP:test

    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
    R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
    S3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
    S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
    S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
    C:\WINDOWS\system32\msbifx.com
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-18 18:40:34
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
    C:\WINDOWS\system32\drivers\Wkdu43.sys 167936 bytes executable

    Scan terminé avec succès
    Les fichiers cachés: 2

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wkdu43]

    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-18 18:50:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-18 17:50:56
    .
    2008-03-12 06:30:54 --- E O F ---



    rapport hyjackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:51:24, on 18/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: opnnolj - opnnolj.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 13690 bytes

    18 Mars 2008 19:57:28

    Re,

    Oui c'est normal, ne t'inquiète ;) 

    Je me renseigne sur quelque chose et je te poste une procédure dès que possible ;) 

    :super:
    18 Mars 2008 22:27:10

    Re,

    Désactive toute protection résidente ( antivirus…) !

    Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    Driver::
    Wkdu43

    File::
    C:\WINDOWS\system32\eudtodug.tmp
    C:\WINDOWS\kjo23bk.dll
    C:\WINDOWS\system32\dsoudd.dll
    C:\WINDOWS\system32\drivers\Wkdu43.sys
    C:\WINDOWS\system32\drivers\riode32.sys



    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.

    Bonne nuit, à demain :hello: 
    19 Mars 2008 07:28:10

    voila le virus est toujours la :(  et voici les rapport

    Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:26:48, on 19/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: opnnolj - opnnolj.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 11365 bytes


    Log.txt :

    ComboFix 08-03-17.1 - Compaq_Propriétaire 2008-03-19 7:17:00.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.545 [GMT 1:00]
    Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Compaq_PropriÚtaire\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    .
    TimeOut - progfile.dat

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-18 17:24 . 2008-03-18 17:43 <REP> d-------- C:\VundoFix Backups
    2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
    2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-17 21:12 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-17 21:12 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-17 21:12 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-17 21:12 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-17 21:12 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-17 21:12 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
    2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
    2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
    2008-03-16 19:44 . 2008-03-16 19:44 54,882 --a------ C:\WINDOWS\kjo23bk.dll
    2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
    2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
    2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
    2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
    2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
    2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
    2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
    2008-03-16 04:11 . 2008-03-16 04:43 <REP> d-------- C:\Temp
    2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
    2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
    2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
    2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
    2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
    2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-03-06 20:51 . 2008-03-18 16:47 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-03-06 20:51 . 2008-03-18 16:43 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-18 16:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
    2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
    2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
    2008-03-01 19:40 . 2008-03-19 07:12 <REP> d-------- C:\Program Files\Steam
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
    2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
    2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
    2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
    2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
    2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
    2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
    2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
    2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
    2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
    2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
    2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
    2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free
    2008-02-21 19:52 . 2008-02-21 19:52 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
    2008-02-21 10:53 . 2008-02-21 10:53 <REP> d-------- C:\Program Files\SteamKeyFr
    2008-02-20 19:23 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
    2008-02-20 19:23 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
    2008-02-20 19:23 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
    2008-02-20 19:23 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
    2008-02-20 19:23 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
    2008-02-20 19:23 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
    2008-02-20 19:23 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
    2008-02-20 19:23 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
    2008-02-20 19:22 . 2008-02-20 19:22 <REP> d-------- C:\Program Files\Trust
    2008-02-20 19:22 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe
    2008-02-19 11:02 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe
    2008-02-19 11:02 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe
    2008-02-19 10:39 . 2008-02-19 22:47 <REP> d-------- C:\Program Files\Sega

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-19 06:13 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
    2008-03-19 06:12 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
    2008-03-18 17:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
    2008-03-18 06:23 4,140 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
    2008-03-17 19:14 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
    2008-03-17 15:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-15 12:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
    2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
    2008-03-12 19:55 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
    2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
    2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
    2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
    2008-03-05 12:10 --------- d-----w C:\Program Files\Java
    2008-03-02 00:53 13,312 --s-a-w C:\WINDOWS\system32\xskmoqx.dll
    2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
    2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-01 18:39 --------- d-----w C:\Program Files\BoontyGames
    2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
    2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
    2008-02-24 21:45 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
    2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
    2008-02-21 15:10 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
    2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
    2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
    2008-02-19 06:23 --------- d-----w C:\Program Files\Vista Drive Icon
    2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
    2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
    2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
    2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
    2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
    2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
    2008-02-02 14:15 --------- d-----w C:\Program Files\Audacity
    2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
    2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-01 16:13 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
    2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
    2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
    2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
    2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .
    Files Infected - Win32.Agent.zb
    .

    ------- Sigcheck -------

    2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-03-18_18.50.45.78 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-20 15:52:00 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    - 2007-02-20 15:04:04 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2007-11-20 15:52:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2008-03-19 06:11:26 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_30c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-01 19:40 1266936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 17:33:36 626176]
    Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
    opnnolj.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Metin2_France\\metin2.bin"=
    "C:\\Program Files\\ICQ6\\ICQ.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\HLSW\\hlsw.exe"=
    "C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "41952:TCP"= 41952:TCP:MediaServer.exe
    "80:TCP"= 80:TCP:Serveur WOW
    "80:UDP"= 80:UDP:Serveur W0W
    "3427:TCP"= 3427:TCP:Serveur WOW
    "3427:UDP"= 3427:UDP:Serveur WOW
    "8085:TCP"= 8085:TCP:Serveur wow
    "8085:UDP"= 8085:UDP:Serveur wow
    "3724:UDP"= 3724:UDP:Serveur wow
    "2443:TCP"= 2443:TCP:Serveur wow
    "2443:UDP"= 2443:UDP:Serveur wow
    "8080:TCP"= 8080:TCP:Serveur wow
    "8080:UDP"= 8080:UDP:Serveur wow
    "3306:TCP"= 3306:TCP:Serveur wow
    "3306:UDP"= 3306:UDP:Serveur wow
    "3724:TCP"= 3724:TCP:serveur wow
    "8129:TCP"= 8129:TCP:serveur wow
    "8129:UDP"= 8129:UDP:serveur wow
    "8093:TCP"= 8093:TCP:serveur wow
    "8093:UDP"= 8093:UDP:serveur wow
    "27015:UDP"= 27015:UDP:test

    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
    R3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
    R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
    S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
    C:\WINDOWS\system32\msbifx.com
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-19 07:22:29
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
    C:\WINDOWS\system32\drivers\Wkdu43.sys 167936 bytes executable

    Scan terminé avec succès
    Les fichiers cachés: 2

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wkdu43]

    .
    Temps d'accomplissement: 2008-03-19 7:24:05
    ComboFix-quarantined-files.txt 2008-03-19 06:23:50
    ComboFix2.txt 2008-03-18 17:51:00
    .
    2008-03-12 06:30:54 --- E O F ---
    19 Mars 2008 18:29:01

    :hello: 

    La manip' avec combofix n'a pas marché.

    Peux-tu la refaire ?

    ;) 
    19 Mars 2008 18:30:40

    j'ai reussi a bloquer ce virus avec un parfeux ashampoo mais j'ai toujours pas réussi a le supprimer je voudrai bien que tu me conseil un parfeux sinon :p 
    19 Mars 2008 18:31:57

    pour ce qui est de la manip j'ai rééseiller 8 fois a chaque fois je crois qu'il me dit que les fichier sont introuvable
    19 Mars 2008 18:51:18

    nouveau rapport :


    ComboFix 08-03-18.1 - Compaq_Propriétaire 2008-03-19 18:43:21.7 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.552 [GMT 1:00]
    Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Compaq_PropriÚtaire\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-19 16:48 . 2008-03-19 16:48 <REP> d-------- C:\Program Files\Ashampoo
    2008-03-19 16:05 . 2008-03-19 16:05 <REP> d-------- C:\Program Files\Sunbelt Software
    2008-03-19 14:47 . 2008-03-19 14:51 <REP> d-------- C:\Lop SD
    2008-03-19 14:13 . 2008-03-19 14:14 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-19 13:28 . 2008-03-19 13:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
    2008-03-19 12:57 . 2008-03-19 12:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-19 12:57 . 2008-03-19 12:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
    2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-17 21:12 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-17 21:12 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-17 21:12 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-17 21:12 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-17 21:12 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-17 21:12 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
    2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
    2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
    2008-03-16 19:44 . 2008-03-16 19:44 54,882 --a------ C:\WINDOWS\kjo23bk.dll
    2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
    2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
    2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
    2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
    2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
    2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
    2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
    2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
    2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
    2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
    2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
    2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
    2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-03-06 20:51 . 2008-03-19 12:54 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-03-06 20:51 . 2008-03-19 15:56 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-18 16:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
    2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
    2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
    2008-03-01 19:40 . 2008-03-19 17:03 <REP> d-------- C:\Program Files\Steam
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
    2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
    2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
    2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
    2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
    2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
    2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
    2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
    2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
    2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
    2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
    2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
    2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free
    2008-02-21 19:52 . 2008-02-21 19:52 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
    2008-02-21 10:53 . 2008-02-21 10:53 <REP> d-------- C:\Program Files\SteamKeyFr
    2008-02-20 19:23 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
    2008-02-20 19:23 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
    2008-02-20 19:23 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
    2008-02-20 19:23 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
    2008-02-20 19:23 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
    2008-02-20 19:23 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
    2008-02-20 19:23 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
    2008-02-20 19:23 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
    2008-02-20 19:22 . 2008-02-20 19:22 <REP> d-------- C:\Program Files\Trust
    2008-02-20 19:22 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe
    2008-02-19 11:02 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe
    2008-02-19 11:02 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe
    2008-02-19 10:39 . 2008-02-19 22:47 <REP> d-------- C:\Program Files\Sega

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-19 11:50 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
    2008-03-19 06:12 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
    2008-03-18 17:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
    2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
    2008-03-17 19:14 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
    2008-03-17 15:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-15 12:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
    2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
    2008-03-12 19:55 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
    2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
    2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
    2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
    2008-03-05 12:10 --------- d-----w C:\Program Files\Java
    2008-03-02 00:53 13,312 --s-a-w C:\WINDOWS\system32\xskmoqx.dll
    2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
    2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
    2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
    2008-02-24 21:45 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
    2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
    2008-02-21 15:10 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
    2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
    2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
    2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
    2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
    2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
    2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
    2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
    2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
    2008-02-02 14:15 --------- d-----w C:\Program Files\Audacity
    2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
    2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-01 16:13 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
    2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
    2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
    2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
    2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-03-19_13.22.22,04 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-19 01:48:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-03-19 13:29:50 10,629,120 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
    + 2008-03-19 13:29:50 225,280 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-03-19 01:48:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-03-19 13:14:01 10,629,120 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
    + 2008-03-19 13:14:01 225,280 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    - 2007-11-20 15:52:00 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    + 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    - 2007-11-20 15:52:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    - 2008-02-05 19:42:03 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    + 2008-03-19 14:02:05 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    + 2008-03-19 13:38:37 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_2d4.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\AshDisp.exe" [2007-12-04 14:00 79224]
    "Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
    opnnolj.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
    backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2008-03-01 19:40 1266936 C:\Program Files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\ICQ6\\ICQ.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\HLSW\\hlsw.exe"=
    "C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "41952:TCP"= 41952:TCP:MediaServer.exe

    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
    R3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
    R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
    S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
    S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe

    *Newly Created Service* - ASFWHIDE

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
    C:\WINDOWS\system32\msbifx.com
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-19 18:49:17
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
    C:\WINDOWS\system32\drivers\Wkdu43.sys 167936 bytes executable

    Scan terminé avec succès
    Les fichiers cachés: 2

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wkdu43]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
    "ImagePath"="\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide"
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
    .
    Temps d'accomplissement: 2008-03-19 18:50:04
    ComboFix2.txt 2008-03-19 12:54:08
    ComboFix3.txt 2008-03-19 12:42:37
    ComboFix4.txt 2008-03-19 12:22:35
    ComboFix5.txt 2008-03-19 06:24:06
    .
    2008-03-12 06:30:54 --- E O F ---
    19 Mars 2008 19:04:46

    :hello: 

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? Avast vs Antivir
    Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.
    19 Mars 2008 20:49:13

    voila tout est fait je peut pas te dire si le virus est encor la vu qu'il est bloquer par mon parefeux mais tout les fichier que tu voulais me faire détruire avec combofix sont détruit

    resultat de l'analyse (tout les fichier on été supprimer) :



    AntiVir PersonalEdition Classic
    Report file date: mercredi 19 mars 2008 19:36

    Scanning for 1159073 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Compaq_Propriétaire
    Computer name: NOM-EB85C523610

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:30:21
    ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 18:30:21
    ANTIVIR3.VDF : 7.0.3.55 314368 Bytes 19/03/2008 18:30:21
    AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 19/03/2008 18:30:21
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/03/2008 18:30:21
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: L:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 19 mars 2008 19:36

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    11 processes with 11 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'G:\'
    [NOTE] In the drive 'G:\' no data medium is inserted!
    Boot sector 'H:\'
    [NOTE] In the drive 'H:\' no data medium is inserted!
    Boot sector 'I:\'
    [NOTE] In the drive 'I:\' no data medium is inserted!
    Boot sector 'J:\'
    [NOTE] In the drive 'J:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '25' files ).


    Starting the file scan:

    Begin scan in 'C:\' <PRESARIO>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Deckard\System Scanner\20080318164837\backup\WINDOWS\temp\_avast4_\unp126091881.tmp
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sinowal.AO Backdoor server programs
    [INFO] The file was moved to '48515dae.qua'!
    C:\Deckard\System Scanner\20080318164837\backup\WINDOWS\temp\_avast4_\unp134445978.tmp
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sinowal.AO Backdoor server programs
    [INFO] The file was moved to '49d0211f.qua'!
    C:\Deckard\System Scanner\20080318164837\backup\WINDOWS\temp\_avast4_\unp252932795.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '48515daf.qua'!
    C:\Deckard\System Scanner\20080318164837\backup\WINDOWS\temp\_avast4_\unp256714222.tmp
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sinowal.AO Backdoor server programs
    [INFO] The file was moved to '49d02100.qua'!
    C:\Deckard\System Scanner\20080318164837\backup\WINDOWS\temp\_avast4_\unp265519302.tmp
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sinowal.AO Backdoor server programs
    [INFO] The file was moved to '48515db1.qua'!
    C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\opejvqs.exe.ren
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [INFO] The file was moved to '48465e8f.qua'!
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\My Completed Downloads\tro\UKSplitterv1.2.zip
    [0] Archive type: ZIP
    --> UKSplitterv12.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Teqila.1.2 Backdoor server programs
    [INFO] The file was moved to '48345f81.qua'!
    C:\Program Files\css no-steam\css_no-steam_by33.1\crack.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
    [INFO] The file was moved to '4842618c.qua'!
    C:\Program Files\PremiumSoft\Navicat MySQL\navicat.exe
    [DETECTION] Is the Trojan horse TR/Drop.Delf.any
    [INFO] The file was moved to '48576699.qua'!
    C:\Program Files\PremiumSoft\Navicat MySQL\navicat.exe.BAK
    [DETECTION] Is the Trojan horse TR/Drop.Delf.any
    [INFO] The file was moved to '4857669b.qua'!
    C:\WINDOWS\kjo23bk.dll
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '48506791.qua'!
    C:\WINDOWS\system32\xskmoqx.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.kdp.1
    [INFO] The file was moved to '484c69b3.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <PRESARIO_RP>
    Begin scan in 'G:\'
    Search path G:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'H:\'
    Search path H:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'I:\'
    Search path I:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'J:\'
    Search path J:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'L:\'
    Search path L:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: mercredi 19 mars 2008 20:38
    Used time: 1:02:37 min

    The scan has been done completely.

    12766 Scanning directories
    650672 Files were scanned
    12 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    12 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    650660 Files not concerned
    16904 Archives were scanned
    2 Warnings
    6 Notes

    19 Mars 2008 22:32:55

    Re,

    Tu peux me refaire un combofix en mode normal ? Sans script, juste un combofix normal ;) 

    20 Mars 2008 17:07:56

    voila ^^ :

    ComboFix 08-03-18.1 - Compaq_Propriétaire 2008-03-20 16:45:07.8 - NTFSx86 MINIMAL
    Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    .
    TimedOut: progfile.dat

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-19 21:32 . 2008-03-19 21:32 <REP> d-------- C:\Program Files\Guitar Pro 4
    2008-03-19 21:18 . 2008-03-19 21:18 <REP> d-------- C:\Program Files\QuickTime
    2008-03-19 21:16 . 2008-03-19 21:16 <REP> d-------- C:\Program Files\Bonjour
    2008-03-19 21:09 . 2008-03-19 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Program Files\Avira
    2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-19 16:48 . 2008-03-19 16:48 <REP> d-------- C:\Program Files\Ashampoo
    2008-03-19 16:05 . 2008-03-19 16:05 <REP> d-------- C:\Program Files\Sunbelt Software
    2008-03-19 14:13 . 2008-03-19 14:14 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-19 13:28 . 2008-03-19 13:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
    2008-03-19 12:57 . 2008-03-19 12:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-19 12:57 . 2008-03-19 12:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
    2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-17 21:12 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-17 21:12 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-17 21:12 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-17 21:12 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-17 21:12 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-17 21:12 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
    2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
    2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
    2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
    2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
    2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
    2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
    2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
    2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
    2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
    2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
    2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
    2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
    2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
    2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
    2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
    2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
    2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
    2008-03-01 19:40 . 2008-03-19 17:03 <REP> d-------- C:\Program Files\Steam
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
    2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
    2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
    2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
    2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
    2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
    2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
    2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
    2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
    2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
    2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
    2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
    2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free
    2008-02-21 19:52 . 2008-02-21 19:52 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
    2008-02-21 10:53 . 2008-02-21 10:53 <REP> d-------- C:\Program Files\SteamKeyFr
    2008-02-20 19:23 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
    2008-02-20 19:23 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
    2008-02-20 19:23 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
    2008-02-20 19:23 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
    2008-02-20 19:23 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
    2008-02-20 19:23 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
    2008-02-20 19:23 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
    2008-02-20 19:23 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
    2008-02-20 19:22 . 2008-02-20 19:22 <REP> d-------- C:\Program Files\Trust
    2008-02-20 19:22 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-19 20:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-19 11:50 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
    2008-03-19 06:12 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
    2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
    2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
    2008-03-17 19:14 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
    2008-03-17 15:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-15 12:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
    2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
    2008-03-12 19:55 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
    2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
    2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
    2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
    2008-03-05 12:10 --------- d-----w C:\Program Files\Java
    2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
    2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
    2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
    2008-02-24 21:45 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
    2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
    2008-02-21 15:10 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
    2008-02-19 21:47 --------- d-----w C:\Program Files\Sega
    2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
    2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
    2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
    2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
    2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
    2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
    2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
    2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
    2008-02-02 14:15 --------- d-----w C:\Program Files\Audacity
    2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
    2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-01 16:13 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
    2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
    2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
    2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
    2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]
    "Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 19:30 249896]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
    opnnolj.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
    backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2008-03-01 19:40 1266936 C:\Program Files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\ICQ6\\ICQ.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\HLSW\\hlsw.exe"=
    "C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "41952:TCP"= 41952:TCP:MediaServer.exe

    R0 Wkdu43;Wkdu43;C:\WINDOWS\system32\drivers\Wkdu43.sys [2008-03-16 19:45]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S1 kjo23bk;kjo23bk;C:\WINDOWS\kjo23bk.dll []
    S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
    S3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
    S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
    S3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
    S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
    C:\WINDOWS\system32\msbifx.com
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-20 16:52:17
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
    C:\WINDOWS\system32\drivers\Wkdu43.sys 167936 bytes executable

    Scan terminé avec succès
    Les fichiers cachés: 2

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
    "ImagePath"="\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide"
    .
    Temps d'accomplissement: 2008-03-20 16:56:31
    .
    2008-03-12 06:30:54 --- E O F ---
    20 Mars 2008 17:14:26

    :hello: 

    Tu as deux rootkits qui sont toujours présents sur ton PC :) 

    1) Poste un nouveau hijackthis.

    2) Télécharge OAD (de !aur3n7)
    http://sosvirus.changelog.fr/OAD.exe
  • Enregistre le sur ton Bureau
  • Double clique sur le OAD pour le lancer
  • Nom de fichier à rechercher tape ou fais un copier coller de : Wkdu43.sys
  • Type de recherche : sélectionne l’option 6 puis valide [entrée]
  • OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il ait terminé.
    Le rapport de recherche s'affichera automatiquement dès qu'il aura terminé.
    Fais un copier / coller de ce rapport dans ton prochain post.

    Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient.

    Ensuite fais de même pour : riode32.sys

    ;) 
    20 Mars 2008 17:22:06

    voila le rapport, sinon c'est possible que ce virus est affecter le fonctionnement de certain de mes logicielle parce que depuis que j'ai ce virus mon micro ne marche plus sur Team Speak alors qu'il marche sur tout les autre logicielle de communication ?

    rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:19:59, on 20/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: opnnolj - opnnolj.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 11650 bytes
    20 Mars 2008 17:24:10

    Re,

    Oui c'est possible, tu n'auras qu'à désinstaller et réinstaller TeamSpeak une fois la désinfection finie :) 

    Fais la manip' numéro deux demandée ;) 

    20 Mars 2008 17:31:06

    manip faite :

    resultat :

    20/03/2008 ---- 17:26:52,09

    ----------------------------------
    §§§§§§ [Wkdu43.sys] §§§§§§
    ----------------------------------
    [X] Registre

    -------------- [ ] rapide
    -- Fichier --- [ ] disque systeme
    ------------- [X] complete


    ********************
    [Registre]
    ********************

    Aucune entrée détectée

    *******************
    [Fichier]
    *******************



    *********************
    [Même date]
    *********************

    Aucun fichier créé à la même date détecté


    Outil Aide Diagnostic By !aur3n7 Version 1.1
    ----------------------------------
    §§§§§ Fin Rapport §§§§§
    ----------------------------------


    resultat 2 :

    20/03/2008 ---- 17:29:27,09

    ----------------------------------
    §§§§§§ [riode32.sys] §§§§§§
    ----------------------------------
    [X] Registre

    -------------- [ ] rapide
    -- Fichier --- [ ] disque systeme
    ------------- [X] complete


    ********************
    [Registre]
    ********************

    Aucune entrée détectée

    *******************
    [Fichier]
    *******************



    *********************
    [Même date]
    *********************

    Aucun fichier créé à la même date détecté


    Outil Aide Diagnostic By !aur3n7 Version 1.1
    ----------------------------------
    §§§§§ Fin Rapport §§§§§
    ----------------------------------


    20 Mars 2008 17:45:30

    Re,

    1) Vas dans le menu démarrer -> exécuter et tu tapes : services.msc

    Cherche le service suivant : ASFWHide
    Double clic dessus : dans le champ "Status du service" mets-le sur "arrêté".
    Dans le champ "Type de démarrage" mets-le sur "désactivé" puis "Appliquer" puis "ok".
    Quitte les services.
    Passe par hijackthis :" Misc Tools Section"=> "Delete an NT service" et tu rentre le nom du service dans la case: ASFWHide et tu cliques sur "ok".

    2) Supprime toutes traces de combofix sur ton PC. Retélécharge-le et installe-le ici : C:\ , c'est-à-dire à la racine du disque dur.

    Ensuite, scan avec combofix normalement et poste-moi le rapport.

    ;) 
    20 Mars 2008 18:03:23

    j'ai pas ASFWhide :s
    20 Mars 2008 18:03:53

    Oki,

    Fais la suite :) 

    20 Mars 2008 18:12:12

    mais c'est pas grave si j'ai pas ASFWHide ?
    20 Mars 2008 18:27:41

    voila le rapport :

    ComboFix 08-03-18.1 - Compaq_Propriétaire 2008-03-20 18:15:54.9 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.604 [GMT 1:00]
    Endroit: C:\ComboFix.exe
    .
    TimedOut: progfile.dat

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-20 18:14 . 2008-03-20 18:13 1,599,141 --a------ C:\ComboFix.exe
    2008-03-19 21:32 . 2008-03-19 21:32 <REP> d-------- C:\Program Files\Guitar Pro 4
    2008-03-19 21:18 . 2008-03-19 21:18 <REP> d-------- C:\Program Files\QuickTime
    2008-03-19 21:16 . 2008-03-19 21:16 <REP> d-------- C:\Program Files\Bonjour
    2008-03-19 21:09 . 2008-03-19 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Program Files\Avira
    2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-19 16:48 . 2008-03-19 16:48 <REP> d-------- C:\Program Files\Ashampoo
    2008-03-19 16:05 . 2008-03-19 16:05 <REP> d-------- C:\Program Files\Sunbelt Software
    2008-03-19 14:13 . 2008-03-19 14:14 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-19 13:28 . 2008-03-19 13:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
    2008-03-19 12:57 . 2008-03-19 12:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-19 12:57 . 2008-03-19 12:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
    2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-17 21:12 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-17 21:12 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-17 21:12 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-17 21:12 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-17 21:12 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-17 21:12 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
    2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
    2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
    2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
    2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
    2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
    2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
    2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
    2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
    2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
    2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
    2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
    2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
    2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
    2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
    2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
    2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
    2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
    2008-03-01 19:40 . 2008-03-19 17:03 <REP> d-------- C:\Program Files\Steam
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
    2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
    2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
    2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
    2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
    2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
    2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
    2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
    2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
    2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
    2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
    2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
    2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free
    2008-02-21 19:52 . 2008-02-21 19:52 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
    2008-02-21 10:53 . 2008-02-21 10:53 <REP> d-------- C:\Program Files\SteamKeyFr
    2008-02-20 19:23 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
    2008-02-20 19:23 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
    2008-02-20 19:23 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
    2008-02-20 19:23 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
    2008-02-20 19:23 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
    2008-02-20 19:23 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
    2008-02-20 19:23 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
    2008-02-20 19:23 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
    2008-02-20 19:22 . 2008-02-20 19:22 <REP> d-------- C:\Program Files\Trust
    2008-02-20 19:22 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-20 16:43 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
    2008-03-20 16:39 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
    2008-03-19 20:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
    2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
    2008-03-17 19:14 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
    2008-03-17 15:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-15 12:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
    2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
    2008-03-12 19:55 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
    2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
    2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
    2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
    2008-03-05 12:10 --------- d-----w C:\Program Files\Java
    2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
    2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
    2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
    2008-02-24 21:45 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
    2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
    2008-02-21 15:10 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
    2008-02-19 21:47 --------- d-----w C:\Program Files\Sega
    2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
    2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
    2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
    2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
    2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
    2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
    2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
    2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
    2008-02-02 14:15 --------- d-----w C:\Program Files\Audacity
    2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
    2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-01 16:13 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
    2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
    2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
    2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
    2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]
    "Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 19:30 249896]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
    opnnolj.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
    backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2008-03-01 19:40 1266936 C:\Program Files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\ICQ6\\ICQ.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\HLSW\\hlsw.exe"=
    "C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "41952:TCP"= 41952:TCP:MediaServer.exe

    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
    R3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
    R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S1 kjo23bk;kjo23bk;C:\WINDOWS\kjo23bk.dll []
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
    S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
    C:\WINDOWS\system32\msbifx.com
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-20 18:22:31
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
    C:\WINDOWS\system32\drivers\Wkdu43.sys 167936 bytes executable

    Scan terminé avec succès
    Les fichiers cachés: 2

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wkdu43]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
    "ImagePath"="\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide"
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
    .
    Temps d'accomplissement: 2008-03-20 18:26:38
    ComboFix2.txt 2008-03-20 15:56:32
    .
    2008-03-12 06:30:54 --- E O F ---
    20 Mars 2008 19:14:51

    Re,

    Non non t'inquiète pas ;) 

    Désactive toute protection résidente ( antivirus…) !

    Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    File::
    C:\WINDOWS\system32\eudtodug.tmp
    C:\WINDOWS\system32\dsoudd.dll
    C:\WINDOWS\system32\drivers\riode32.sys
    C:\WINDOWS\system32\drivers\Wkdu43.sys

    Driver::
    Wkdu43



    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.
    20 Mars 2008 20:05:37

    voici les rapport :

    hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:04:12, on 20/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: opnnolj - opnnolj.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 11736 bytes


    log.txt :

    ComboFix 08-03-18.1 - Compaq_Propriétaire 2008-03-20 19:52:48.10 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.460 [GMT 1:00]
    Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Compaq_PropriÚtaire\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    .
    TimedOut: progfile.dat

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-19 21:32 . 2008-03-19 21:32 <REP> d-------- C:\Program Files\Guitar Pro 4
    2008-03-19 21:18 . 2008-03-19 21:18 <REP> d-------- C:\Program Files\QuickTime
    2008-03-19 21:16 . 2008-03-19 21:16 <REP> d-------- C:\Program Files\Bonjour
    2008-03-19 21:09 . 2008-03-19 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Program Files\Avira
    2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-19 16:48 . 2008-03-19 16:48 <REP> d-------- C:\Program Files\Ashampoo
    2008-03-19 16:05 . 2008-03-19 16:05 <REP> d-------- C:\Program Files\Sunbelt Software
    2008-03-19 14:13 . 2008-03-19 14:14 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-19 13:28 . 2008-03-19 13:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
    2008-03-19 12:57 . 2008-03-19 12:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-19 12:57 . 2008-03-19 12:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
    2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-17 21:12 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-17 21:12 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-17 21:12 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-17 21:12 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-17 21:12 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-17 21:12 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
    2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
    2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
    2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
    2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
    2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
    2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
    2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
    2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
    2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
    2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
    2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
    2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
    2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
    2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
    2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
    2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
    2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
    2008-03-01 19:40 . 2008-03-20 18:48 <REP> d-------- C:\Program Files\Steam
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
    2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
    2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
    2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
    2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
    2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
    2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
    2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
    2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
    2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
    2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
    2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
    2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free
    2008-02-21 19:52 . 2008-02-21 19:52 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
    2008-02-21 10:53 . 2008-02-21 10:53 <REP> d-------- C:\Program Files\SteamKeyFr
    2008-02-20 19:23 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
    2008-02-20 19:23 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
    2008-02-20 19:23 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
    2008-02-20 19:23 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
    2008-02-20 19:23 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
    2008-02-20 19:23 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
    2008-02-20 19:23 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
    2008-02-20 19:23 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
    2008-02-20 19:22 . 2008-02-20 19:22 <REP> d-------- C:\Program Files\Trust
    2008-02-20 19:22 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-20 16:43 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
    2008-03-20 16:39 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
    2008-03-19 20:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
    2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
    2008-03-17 19:14 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
    2008-03-17 15:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-15 12:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
    2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
    2008-03-12 19:55 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
    2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
    2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
    2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
    2008-03-05 12:10 --------- d-----w C:\Program Files\Java
    2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
    2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
    2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
    2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
    2008-02-21 15:10 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
    2008-02-19 21:47 --------- d-----w C:\Program Files\Sega
    2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
    2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
    2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
    2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
    2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
    2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
    2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
    2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
    2008-02-02 14:15 --------- d-----w C:\Program Files\Audacity
    2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
    2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
    2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
    2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
    2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
    2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
    2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]
    "Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 19:30 249896]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
    opnnolj.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
    backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2008-03-01 19:40 1266936 C:\Program Files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\ICQ6\\ICQ.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\HLSW\\hlsw.exe"=
    "C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "41952:TCP"= 41952:TCP:MediaServer.exe

    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
    R3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
    R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S1 kjo23bk;kjo23bk;C:\WINDOWS\kjo23bk.dll []
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
    S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
    S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
    C:\WINDOWS\system32\msbifx.com
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-20 19:59:25
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
    C:\WINDOWS\system32\drivers\Wkdu43.sys 167936 bytes executable

    Scan terminé avec succès
    Les fichiers cachés: 2

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wkdu43]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
    "ImagePath"="\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide"
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
    .
    Temps d'accomplissement: 2008-03-20 20:03:28
    ComboFix2.txt 2008-03-20 17:26:39
    ComboFix3.txt 2008-03-20 15:56:32
    .
    2008-03-12 06:30:54 --- E O F ---
    20 Mars 2008 20:45:30

    Re,

    Télécharger OTMoveIt2. ( de OldTimer)
  • Enregistrece fichier sur le Bureau.
  • Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisissez Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\*.* /s

  • Retourne dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Custom List Of Files/Patterns To Move" (sous la barre jaune) puis choisis Coller.

  • Clique sur le bouton rouge Moveit!.
  • Copie tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Ferme OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l'outil.


    21 Mars 2008 07:20:13

    voici le rapport :

    [Custom Input]
    < C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\*.* /s >
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\alm.log moved successfully.
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\amt.log moved successfully.
    File move failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_1ef0.dat scheduled to be moved on reboot.
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Sans nom-1.swf moved successfully.
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Sans nom-2.swf moved successfully.
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Sans nom-3.swf moved successfully.
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Sans nom-4.swf moved successfully.
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\wmplog00.sqm moved successfully.
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\wmplog01.sqm moved successfully.
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\wmplog02.sqm moved successfully.
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MessengerCache\HaUX8VwL2F1qcRSjBH8Ga+DoquDY= moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03212008_070554
    21 Mars 2008 19:12:15

    :hello: 

    Je te réponds en fin de soirée ;) 

    N.B : Ne te fais pas de souci, après être passé entre mes mains, tu retrouveras un PC tout propre ;) 
    21 Mars 2008 19:22:24

    lol ^^ j'ai toute confiance en toi
    21 Mars 2008 21:56:12

    Re,

    REDEMARRE EN MODE SANS ECHEC ! ( si la manipulation ne marche pas en mode sans échec, fais la en mode normal ;)  )
    Aide ici : http://www.infos-du-net.com/forum/272325-11-tuto-demarr...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig /!\

    Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
    Colle ligne par ligne en validant entre deux (par entrée) les lignes suivantes dans la fenêtre noire qui apparaît. Ne pas s'inquiéter si message d'erreur indiquant le que le service n'existe pas, mais continuer ;) 

    sc config Wkdu43 start=disabled
    sc stop Wkdu43
    sc delete Wkdu43
    sc config ASFWHide start=disabled
    sc stop ASFWHide
    sc delete ASFWHide

    Redémarre en mode normal, fais un nouveau rapport combofix en mode normal et poste-moi son rapport ainsi qu'un nouveau rapport hijackthis :super:
    22 Mars 2008 10:18:45

    voila les rapport :

    hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:19:33, on 22/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: opnnolj - opnnolj.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 12240 bytes



    log.txt :

    ComboFix 08-03-18.1 - Compaq_Propriétaire 2008-03-22 10:07:38.11 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.571 [GMT 1:00]
    Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
    .
    TimedOut: progfile.dat

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\Wkdu43.sys

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-21 23:17 . 2008-03-21 23:17 <REP> d-------- C:\Program Files\Winamp Toolbar
    2008-03-21 23:17 . 2008-03-21 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
    2008-03-21 23:15 . 2008-03-21 23:17 <REP> d-------- C:\Program Files\Winamp
    2008-03-21 23:15 . 2008-03-21 23:48 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Winamp
    2008-03-21 07:05 . 2008-03-21 07:05 <REP> d-------- C:\_OTMoveIt
    2008-03-19 21:32 . 2008-03-19 21:32 <REP> d-------- C:\Program Files\Guitar Pro 4
    2008-03-19 21:18 . 2008-03-19 21:18 <REP> d-------- C:\Program Files\QuickTime
    2008-03-19 21:16 . 2008-03-19 21:16 <REP> d-------- C:\Program Files\Bonjour
    2008-03-19 21:09 . 2008-03-19 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Program Files\Avira
    2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-19 16:48 . 2008-03-19 16:48 <REP> d-------- C:\Program Files\Ashampoo
    2008-03-19 16:05 . 2008-03-19 16:05 <REP> d-------- C:\Program Files\Sunbelt Software
    2008-03-19 14:13 . 2008-03-19 14:14 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-19 13:28 . 2008-03-19 13:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
    2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
    2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-17 21:12 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-17 21:12 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-17 21:12 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-17 21:12 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-17 21:12 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-17 21:12 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
    2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
    2008-03-16 19:45 . 2008-03-16 19:45 167,936 --a------ C:\WINDOWS\system32\drivers\riode32.sys
    2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
    2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
    2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
    2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
    2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
    2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
    2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
    2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
    2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
    2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
    2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
    2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
    2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
    2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
    2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
    2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
    2008-03-01 19:40 . 2008-03-21 21:57 <REP> d-------- C:\Program Files\Steam
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
    2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
    2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
    2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
    2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
    2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
    2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
    2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
    2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
    2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
    2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
    2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
    2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-21 23:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-21 23:00 --------- d-----w C:\Program Files\Audacity
    2008-03-21 22:27 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
    2008-03-21 22:16 --------- d-----w C:\Program Files\Winamp Remote
    2008-03-21 20:26 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
    2008-03-20 20:37 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
    2008-03-20 20:35 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
    2008-03-20 16:43 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
    2008-03-20 16:39 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
    2008-03-19 20:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
    2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
    2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
    2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
    2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
    2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
    2008-03-05 12:10 --------- d-----w C:\Program Files\Java
    2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
    2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
    2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
    2008-02-24 21:45 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
    2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
    2008-02-21 18:52 --------- d-----w C:\Program Files\Fichiers communs\logishrd
    2008-02-21 09:53 --------- d-----w C:\Program Files\SteamKeyFr
    2008-02-20 18:22 --------- d-----w C:\Program Files\Trust
    2008-02-19 21:47 --------- d-----w C:\Program Files\Sega
    2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
    2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
    2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
    2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
    2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
    2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
    2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
    2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
    2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
    2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-01 16:13 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
    2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
    2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
    2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
    2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-12-13 17:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 17:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]
    "Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 19:30 249896]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
    opnnolj.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
    backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2008-03-01 19:40 1266936 C:\Program Files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\ICQ6\\ICQ.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\HLSW\\hlsw.exe"=
    "C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Steam\\steamapps\\thibaut8513\\condition zero\\hl.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "41952:TCP"= 41952:TCP:MediaServer.exe

    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
    R3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
    R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S1 kjo23bk;kjo23bk;C:\WINDOWS\kjo23bk.dll []
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
    S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
    S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe

    *Newly Created Service* - ASFWHIDE

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
    C:\WINDOWS\system32\msbifx.com
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-22 10:14:06
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
    "ImagePath"="\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide"
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
    .
    Temps d'accomplissement: 2008-03-22 10:15:49
    ComboFix-quarantined-files.txt 2008-03-22 09:15:41
    ComboFix2.txt 2008-03-20 19:03:29
    ComboFix3.txt 2008-03-20 17:26:39
    ComboFix4.txt 2008-03-20 15:56:32
    .
    2008-03-12 06:30:54 --- E O F ---
    22 Mars 2008 11:30:47

    :hello: 

    1) Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
    Colle ligne par ligne en validant entre deux (par entrée) les lignes suivantes dans la fenêtre noire qui apparaît.
    sc config kjo23bk start=disabled
    sc stop kjo23bk
    sc delete kjo23bk


    2) Télécharge SREng (de Smallfrogs) ( ou System Repair Engineer ) :
    http://www.kztechs.com/eng/download.html
  • Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
  • Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
  • Clique sur "smart scan".
  • Clique sur le bouton "scan".
  • Quand l'analyse est terminée, clique sur le bouton "save reports".
  • Sauvegarde alors le rapport sur ton bureau.
  • Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

    ;) 
    22 Mars 2008 12:29:38

    1. 2008-03-22,12:28:53
    2.  
    3. System Repair Engineer 2.5.16.900
    4. Smallfrogs (http://www.KZTechs.com)
    5.  
    6. Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
    7.  
    8. Follow item(s) have been choosed:
    9. All Boot Items (Including Registry, Startup Folders, Services and so on)
    10. Browser Add-ons
    11. Runing Processes (Including process model information)
    12. File Associations
    13. Winsock Provider
    14. Autorun.Inf
    15. HOSTS File
    16. Process Privileges Scan
    17.  
    18.  
    19. Boot Items
    20. Registry
    21. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    22. <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
    23. <Orb><"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background> [Orb Networks]
    24. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    25. <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    26. <SpywareTerminator><"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"> [Crawler.com]
    27. <Ashampoo FireWall><"C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY> [(Verified)ashampoo GmbH & Co. KG]
    28. <avgnt><"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH]
    29. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    30. <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
    31. <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
    32. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    33. <AppInit_DLLs><> [N/A]
    34. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    35. <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
    36. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    37. <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
    38. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnolj]
    39. <WinlogonNotify: opnnolj><opnnolj.dll> [N/A]
    40. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    41. <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
    42. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    43. <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
    44. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    45. <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
    46. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    47. <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    48. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
    49. <N/A><C:\WINDOWS\system32\msbifx.com> [N/A]
    50. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    51. <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
    52. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    53. <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
    54. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    55. <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
    56. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    57. <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
    58. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    59. <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    60. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    61. <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
    62. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    63. <Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]
    64. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    65. <Skype><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
    66. <Steam><; "C:\Program Files\Steam\Steam.exe" -silent> [(Verified)Valve]
    67. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    68. <TrojanScanner><; C:\Program Files\Trojan Remover\Trjscan.exe> [N/A]
    69.  
    70. ==================================
    71. Startup Folders
    72. [Lancer l'utilitaire Olitec]
    73. <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancer l'utilitaire Olitec.lnk --> C:\PROGRA~1\OLITEC~1.11G\WlanUtil.exe []><N>
    74. [Stardock ObjectDock]
    75. <C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk --> C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [N/A]><N>
    76.  
    77. ==================================
    78. Services
    79. [AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler][Running/Auto Start]
    80. <"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"><Avira GmbH>
    81. [AntiVir PersonalEdition Classic Guard / AntiVirService][Running/Auto Start]
    82. <"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"><Avira GmbH>
    83. [Gestion d'applications / AppMgmt][Stopped/Manual Start]
    84. <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
    85. [BlueSoleil Hid Service / BlueSoleil Hid Service][Running/Auto Start]
    86. <C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe><N/A>
    87. [##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## / Bonjour Service][Running/Auto Start]
    88. <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Computer, Inc.>
    89. [CyberLink Background Capture Service (CBCS) / CLCapSvc][Running/Auto Start]
    90. <"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"><>
    91. [CyberLink Task Scheduler (CTS) / CLSched][Running/Auto Start]
    92. <"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"><>
    93. [Symantec Lic NetConnect service / CLTNetCnService][Stopped/Auto Start]
    94. <><N/A>
    95. [CyberLink Media Library Service / CyberLink Media Library Service][Running/Auto Start]
    96. <"C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"><Cyberlink>
    97. [FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
    98. <"C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
    99. [Google Updater Service / gusvc][Stopped/Manual Start]
    100. <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
    101. [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
    102. <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
    103. [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
    104. <"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
    105. [LexBce Server / LexBceS][Running/Auto Start]
    106. <C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
    107. [LibUsb-Win32 - Daemon, Version 0.1.10.1 / libusbd][Running/Auto Start]
    108. <system32\libusbd-nt.exe><N/A>
    109. [LiveUpdate / LiveUpdate][Stopped/Manual Start]
    110. <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
    111. [LiveUpdate Notice Service Ex / LiveUpdate Notice Ex][Stopped/Auto Start]
    112. <><N/A>
    113. [LiveUpdate Notice Service / LiveUpdate Notice Service][Running/Auto Start]
    114. <"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"><Symantec Corporation>
    115. [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    116. <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
    117. [Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Running/Auto Start]
    118. <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation>
    119. [Spyware Terminator Realtime Shield Service / sp_rssrv][Running/Auto Start]
    120. <"C:\Program Files\Spyware Terminator\sp_rsser.exe"><Crawler.com>
    121. [TVersityMediaServer / TVersityMediaServer][Stopped/Auto Start]
    122. <"C:\Program Files\TVersity\Media Server\MediaServer.exe"><N/A>
    123. [wampapache / wampapache][Stopped/Manual Start]
    124. <"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice><Apache Software Foundation>
    125. [wampmysqld / wampmysqld][Stopped/Manual Start]
    126. <c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld><N/A>
    127. [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
    128. <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>
    129.  
    130. ==================================
    131. Drivers
    132. [Pilote de processeur AMD / AmdK8][Running/System Start]
    133. <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
    134. [ATITool Overclocking Utility / ATITool][Stopped/System Start]
    135. <system32\DRIVERS\ATITool.sys><>
    136. [avgio / avgio][Running/System Start]
    137. <\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys><Avira GmbH>
    138. [avgntflt / avgntflt][Running/Manual Start]
    139. <\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys><Avira GmbH>
    140. [avipbb / avipbb][Running/System Start]
    141. <system32\DRIVERS\avipbb.sys><AVIRA GmbH>
    142. [Bluetooth Audio Service / BlueletAudio][Running/Manual Start]
    143. <system32\DRIVERS\blueletaudio.sys><IVT Corporation>
    144. [Bluetooth SCO Audio Service / BlueletSCOAudio][Running/Manual Start]
    145. <system32\DRIVERS\BlueletSCOAudio.sys><IVT Corporation>
    146. [Bluetooth PAN Network Adapter / BT][Running/Manual Start]
    147. <system32\DRIVERS\btnetdrv.sys><IVT Corporation>
    148. [Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
    149. <System32\Drivers\btcusb.sys><IVT Corporation>
    150. [Bluetooth HID Enumerator / BTHidEnum][Running/Manual Start]
    151. <system32\DRIVERS\vbtenum.sys><N/A>
    152. [Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
    153. <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
    154. [catchme / catchme][Stopped/Manual Start]
    155. <\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys><N/A>
    156. [Carte réseau virtuelle FreeBox USB / fbxusb][Stopped/Manual Start]
    157. <system32\DRIVERS\fbxusb32.sys><FreeBox SA>
    158. [Hamachi Network Interface / hamachi][Running/Manual Start]
    159. <system32\DRIVERS\hamachi.sys><LogMeIn, Inc.>
    160. [Pilote de bus Microsoft UAA pour High Definition Audio / HDAudBus][Running/Manual Start]
    161. <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
    162. [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
    163. <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
    164. [LibUsb-Win32 - Kernel Driver, Version 0.1.10.1 / libusb0][Running/Manual Start]
    165. <system32\drivers\libusb0.sys><N/A>
    166. [LT Modem Driver / ltmodem5][Stopped/Manual Start]
    167. <system32\DRIVERS\ltmdmnt.sys><LT>
    168. [Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start]
    169. <system32\DRIVERS\LVUSBSta.sys><Logitech Inc.>
    170. [nv / nv][Running/Manual Start]
    171. <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
    172. [nvata / nvata][Running/Boot Start]
    173. <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
    174. [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
    175. <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
    176. [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
    177. <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
    178. [Stick USB 802.11g OLITEC Driver(OLITEC) / OLITEC(OLITEC)][Running/Manual Start]
    179. <system32\DRIVERS\zd1211u.sys><ZyDAS Technology Corporation>
    180. [Logitech QuickCam IM(PID_PEPI) / PID_PEPI][Stopped/Manual Start]
    181. <system32\DRIVERS\LV302V32.SYS><Logitech Inc.>
    182. [Ps2 / Ps2][Running/Manual Start]
    183. <system32\DRIVERS\PS2.sys><Hewlett-Packard Company>
    184. [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
    185. <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    186. [PxHelp20 / PxHelp20][Running/Boot Start]
    187. <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
    188. [Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start]
    189. <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
    190. [Secdrv / Secdrv][Running/Auto Start]
    191. <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
    192. [service.sys / service.sys][Stopped/Manual Start]
    193. <\??\C:\WINDOWS\system32\service.sys><N/A>
    194. [StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
    195. <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology (StarForce)>
    196. [StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
    197. <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
    198. [StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]
    199. <\SystemRoot\System32\drivers\sfvfs02.sys><Protection Technology>
    200. [Trust WB-3100P Portable Webcam / snpstd2][Running/Manual Start]
    201. <system32\DRIVERS\snpstd2.sys><>
    202. [sptd / sptd][Running/Boot Start]
    203. <\SystemRoot\System32\Drivers\sptd.sys><N/A>
    204. [Spyware Terminator Driver 2 / sp_rsdrv2][Running/System Start]
    205. <\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys><>
    206. [ssmdrv / ssmdrv][Running/System Start]
    207. <system32\DRIVERS\ssmdrv.sys><Avira GmbH>
    208. [LGE Mobile Composite USB Device / usbbus][Stopped/Manual Start]
    209. <system32\DRIVERS\lgusbbus.sys><LG Electronics Inc.>
    210. [LGE Mobile USB Modem / USBModem][Stopped/Manual Start]
    211. <system32\DRIVERS\lgusbmodem.sys><LG Electronics Inc.>
    212. [Virtual Serial port driver / VComm][Running/Manual Start]
    213. <system32\DRIVERS\VComm.sys><IVT Corporation>
    214. [Bluetooth VComm Manager Service / VcommMgr][Running/Manual Start]
    215. <System32\Drivers\VcommMgr.sys><IVT Corporation>
    216. [ViaIde / ViaIde][Running/Boot Start]
    217. <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
    218. [Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
    219. <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
    220. [XPAD Filter Service 02 / XPADFL02][Stopped/Manual Start]
    221. <system32\DRIVERS\xpadfl02.sys><N/A>
    222. [ZDPNDIS5 NDIS Protocol Driver / ZDPNDIS5][Running/Manual Start]
    223. <\??\C:\WINDOWS\system32\ZDPNDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
    224. [ASFWHide / ASFWHide][Running/Manual Start]
    225. <\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide><N/A>
    226.  
    227. ==================================
    228. Browser Add-ons
    229. [Yahoo! Toolbar Helper]
    230. {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
    231. [AcroIEHlprObj Class]
    232. {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
    233. [Winamp Toolbar BHO]
    234. {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} <C:\Program Files\Winamp Toolbar\winamptb.dll, AOL LLC>
    235. [SSVHelper Class]
    236. {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    237. [Programme d'aide de l'Assistant de connexion Windows Live]
    238. {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    239. [Google Toolbar Helper]
    240. {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    241. [Google Toolbar Notifier BHO]
    242. {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
    243. [Java Plug-in 1.6.0_05]
    244. {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    245. [BlogThisToolbarButton Class]
    246. {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} <C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll, Microsoft Corporation>
    247. [Aide à la connexion]
    248. {E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A>
    249. []
    250. {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
    251. [ICQ6]
    252. {E59EB121-F339-4851-A3BA-FE49C35617C2} <C:\Program Files\ICQ6\ICQ.exe, ICQ, Inc.>
    253. [Messenger]
    254. {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
    255. [Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
    256. {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
    257. [&Google]
    258. {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    259. [Winamp Toolbar]
    260. {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} <C:\Program Files\Winamp Toolbar\winamptb.dll, AOL LLC>
    261. [ITPPDiagIE Class]
    262. {084DAC27-6FA3-4F55-9005-033F2F102F5C} <C:\npwwg.dll, Winwise>
    263. [CKAVWebScan Object]
    264. {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
    265. [Shockwave ActiveX Control]
    266. {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
    267. [Windows Genuine Advantage Validation Tool]
    268. {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
    269. [CMediaMix Object]
    270. {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} <C:\WINDOWS\system32\MediaLogic.dll, Microsoft Corp.>
    271. [YInstStarter Class]
    272. {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
    273. [Java Plug-in 1.6.0_05]
    274. {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    275. [Java Plug-in 1.5.0_05]
    276. {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    277. [Java Plug-in 1.6.0_01]
    278. {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    279. [Java Plug-in 1.6.0_02]
    280. {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    281. [Java Plug-in 1.6.0_03]
    282. {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    283. [Java Plug-in 1.6.0_05]
    284. {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    285. [Java Plug-in 1.6.0_05]
    286. {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll, Sun Microsystems, Inc.>
    287. [Shockwave Flash Object]
    288. {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
    289. [Google Script Object]
    290. {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    291. [Yahoo! Toolbar Helper]
    292. {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
    293. [QuickTime Object]
    294. {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\WINDOWS\system32\QTPlugin.ocx, Apple Computer, Inc.>
    295. [ActiveMovieControl Object]
    296. {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\msdxm.OCX, Microsoft Corporation>
    297. [AcroIEHlprObj Class]
    298. {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
    299. [ITPPDiagIE Class]
    300. {084DAC27-6FA3-4F55-9005-033F2F102F5C} <C:\npwwg.dll, Winwise>
    301. [CKAVWebScan Object]
    302. {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
    303. [Shockwave ActiveX Control]
    304. {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
    305. [Windows Genuine Advantage Validation Tool]
    306. {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
    307. [InformationCardSigninHelper Class]
    308. {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
    309. [Windows Media Player]
    310. {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.OCX, Microsoft Corporation>
    311. [&Google]
    312. {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    313. [Shockwave ActiveX Control]
    314. {233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Macromed\Director\swdir.dll, Adobe Systems, Inc.>
    315. [HTML Document]
    316. {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
    317. [Winamp Toolbar BHO]
    318. {25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} <C:\Program Files\Winamp Toolbar\winamptb.dll, AOL LLC>
    319. [XML DOM Document]
    320. {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
    321. [XSL Template]
    322. {2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
    323. [XML Document]
    324. {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
    325. [Shell Name Space]
    326. {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
    327. [CKAVReportCtrl Object]
    328. {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
    329. [WUWebControl Class]
    330. {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
    331. [DivXBrowserPlugin Object]
    332. {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>
    333. [Windows Media Player]
    334. {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    335. [MUWebControl Class]
    336. {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
    337. [Active Desktop Mover]
    338. {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
    339. [SSVHelper Class]
    340. {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    341. [Microsoft Web Browser]
    342. {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
    343. [XML HTTP 4.0]
    344. {88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
    345. [Programme d'aide de l'Assistant de connexion Windows Live]
    346. {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    347. [RMGetLicense Class]
    348. {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
    349. [Google Toolbar Helper]
    350. {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    351. [Google Toolbar Notifier BHO]
    352. {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
    353. [RDS.DataSpace]
    354. {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
    355. [Helper Class]
    356. {BF0118D4-63FF-4138-9327-F3028FB1A578} <C:\WINDOWS\web\wallpaper\welcome\AWhelper.dll, >
    357. [AUDIO__MP3 Moniker Class]
    358. {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    359. [AUDIO__WAV Moniker Class]
    360. {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    361. [VIDEO__X_MS_ASF Moniker Class]
    362. {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    363. [RealPlayer G2 Control]
    364. {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
    365. [Contrôle de l'Assistant de connexion Windows Live]
    366. {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    367. [Shockwave Flash Object]
    368. {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
    369. [QuickTimeCheck Class]
    370. {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\WINDOWS\system32\QuickTimeCheck.ocx, Apple Computer, Inc.>
    371. []
    372. {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
    373. [VideoLAN VLC ActiveX Plugin v1]
    374. {E23FE9C6-778E-49D4-B537-38FCDE4887D8} <C:\Program Files\VideoLAN\VLC\axvlc.dll, >
    375. [WebViewFolderIcon Class]
    376. {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} <C:\WINDOWS\system32\webvw.dll, Microsoft Corporation>
    377. [XML HTTP Request]
    378. {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
    379. [Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
    380. {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
    381. [Runclose Control]
    382. {F31D1897-7EFD-4647-8687-E05894E382AB} <C:\WINDOWS\System32\RUNCLOSE.OCX, Hewlett-Packard Company>
    383. [XML DOM Document 3.0]
    384. {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
    385. [XML HTTP 3.0]
    386. {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
    387. [XML DOM Document]
    388. {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
    389. [Free Threaded XML DOM Document]
    390. {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
    391. [XML HTTP]
    392. {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
    393. [&Clean Traces]
    394. <C:\Program Files\DAP\Privacy Package\dapcleanerie.htm, N/A>
    395. [&Download with &DAP]
    396. <C:\Program Files\DAP\dapextie.htm, N/A>
    397. [&Winamp Toolbar Search]
    398. <C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html, N/A>
    399. [Download &all with DAP]
    400. <C:\Program Files\DAP\dapextie2.htm, N/A>
    401. [Ouvrir avec GetRight]
    402. <C:\Program Files\GetRight\GRbrowse.htm, N/A>
    403. [Télecharger avec GetRight]
    404. <C:\Program Files\GetRight\GRdownload.htm, N/A>
    405.  
    406. ==================================
    407. Running Processes
    408. [PID: 972 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    409. [PID: 1216 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    410. [PID: 1240 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    411. [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
    412. [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    413. [PID: 1284 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    414. [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    415. [PID: 1296 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    416. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    417. [PID: 1440 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    418. [PID: 1500 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    419. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    420. [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    421. [PID: 1640 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    422. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    423. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    424. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    425. [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    426. [PID: 1696 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    427. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    428. [PID: 1736 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    429. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    430. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    431. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    432. [PID: 684 / SYSTEM][C:\WINDOWS\system32\LEXBCES.EXE] [Lexmark International, Inc., 8.29]
    433. [C:\WINDOWS\system32\lexp2p32.dll] [Lexmark International, Inc., 8.29]
    434. [C:\WINDOWS\system32\lex2kusb.dll] [Lexmark International, Inc., 8.29]
    435. [PID: 708 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    436. [C:\WINDOWS\system32\LEXLMPM.DLL] [Lexmark International, Inc., 8.29]
    437. [C:\WINDOWS\system32\LexBce.dll] [Lexmark International, Inc., 8.29]
    438. [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBKPP5C.dll] [, 1.0.0.0]
    439. [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    440. [C:\WINDOWS\system32\LXBKpwr.dll] [Lexmark International, Inc., 0, 1, 61, 1]
    441. [PID: 716 / SYSTEM][C:\WINDOWS\system32\LEXPPS.EXE] [Lexmark International, Inc., 8.29]
    442. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    443. [C:\WINDOWS\system32\LEXBCE.DLL] [Lexmark International, Inc., 8.29]
    444. [PID: 808 / SYSTEM][C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe] [Avira GmbH, 7.00.00.82]
    445. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.dll] [Avira GmbH, 7.00.00.01]
    446. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll] [Avira GmbH, 7.00.00.20]
    447. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardmsg.dll] [Avira GmbH, 7.00.11.00]
    448. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll] [, 3, 3, 17, 1]
    449. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    450. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL] [Avira GmbH, 7.00.02.02]
    451. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL] [Avira GmbH, 1.02.00.17]
    452. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPACK32.DLL] [Avira GmbH, 7.06.00.03]
    453. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\unacev2.dll] [N/A, ]
    454. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll] [Avira GmbH, 1.00.00.04]
    455. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVEWIN32.DLL] [Avira GmbH, 7.6.0.75]
    456. [PID: 1344 / SYSTEM][C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe] [Avira GmbH, 7.00.00.62]
    457. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    458. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    459. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\schedr.dll] [Avira GmbH, 7.00.24.00]
    460. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll] [Avira GmbH, 7.00.00.20]
    461. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll] [, 3, 3, 17, 1]
    462. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll] [Avira GmbH, 1.00.00.04]
    463. [PID: 1544 / SYSTEM][C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe] [N/A, ]
    464. [PID: 1600 / Compaq_Propriétaire][C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe] [Crawler.com, 2.1.0.276]
    465. [PID: 1608 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe] [Apple Computer, Inc., 1,0,3,1]
    466. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    467. [PID: 1624 / Compaq_Propriétaire][C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe] [N/A, ]
    468. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    469. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    470. [C:\Program Files\Ashampoo\Ashampoo FireWall\ash_inet.dll] [ , 1, 1, 4, 1]
    471. [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    472. [PID: 1688 / Compaq_Propriétaire][C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe] [Avira GmbH, 7.02.00.16]
    473. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
    474. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    475. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\cclib.dll] [Avira GmbH, 7.02.00.03]
    476. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    477. [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    478. [c:\program files\avira\antivir personaledition classic\ccgen.dll] [Avira GmbH, 7.02.00.10]
    479. [c:\program files\avira\antivir personaledition classic\ccgenrc.dll] [Avira GmbH, 7.02.04.02]
    480. [c:\program files\avira\antivir personaledition classic\ccguard.dll] [Avira GmbH, 7.00.01.35]
    481. [c:\program files\avira\antivir personaledition classic\ccgrdrc.dll] [Avira GmbH, 7.00.06.00]
    482. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll] [Avira GmbH, 1.00.00.04]
    483. [c:\program files\avira\antivir personaledition classic\ccupdate.dll] [Avira GmbH, 7.02.00.04]
    484. [c:\program files\avira\antivir personaledition classic\ccupdrc.dll] [Avira GmbH, 7.02.01.00]
    485. [c:\program files\avira\antivir personaledition classic\cclic.dll] [Avira GmbH, 7.02.00.04]
    486. [c:\program files\avira\antivir personaledition classic\cclicrc.dll] [Avira GmbH, 7.02.01.00]
    487. [c:\program files\avira\antivir personaledition classic\ccmsg.dll] [Avira GmbH, 7.00.00.00]
    488. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    489. [PID: 1724 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    490. [PID: 1712 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe] [, 4.05.1409]
    491. [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll] [, 4.05.1409]
    492. [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMRRec4.dll] [CyberLink Corp., 4.01.2609]
    493. [C:\WINDOWS\system32\msdmo.dll] [, ]
    494. [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    495. [C:\WINDOWS\system32\dsnpstd2.ax] [ , 1, 0, 1, 6]
    496. [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMRResample.ax] [CyberLink, 4.0.0126 ]
    497. [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll] [N/A, ]
    498. [PID: 1800 / Compaq_Propriétaire][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    499. [PID: 1856 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe] [Cyberlink, 2, 1, 0, 2301]
    500. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    501. [PID: 1940 / Compaq_Propriétaire][C:\Program Files\Winamp Remote\bin\OrbTray.exe] [Orb Networks, 2, 2008, 105, 1830]
    502. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    503. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    504. [C:\Program Files\Winamp Remote\bin\LangRes.dll] [Orb Networks, 1, 2008, 0110, 1401]
    505. [C:\Program Files\Winamp Remote\bin\CabDirectory.dll] [Orb Networks, 1, 2007, 313, 1100]
    506. [C:\Program Files\Winamp Remote\bin\Cab.dll] [, 1, 2008, 118, 1500]
    507. [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    508. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    509. [PID: 2000 / SYSTEM][C:\WINDOWS\system32\libusbd-nt.exe] [http://libusb-win32.sourceforge.net, 0.1.10.1]
    510. [PID: 2044 / Compaq_Propriétaire][C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe] [, 1, 0, 49, 21]
    511. [C:\Program Files\OLITEC - Moniteur réseau 802.11g\dot1x_dll.dll] [N/A, ]
    512. [C:\WINDOWS\system32\ZDPN50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.55]
    513. [C:\Program Files\OLITEC - Moniteur réseau 802.11g\SSLEAY32.dll] [N/A, ]
    514. [C:\Program Files\OLITEC - Moniteur réseau 802.11g\LIBEAY32.dll] [N/A, ]
    515. [C:\Program Files\OLITEC - Moniteur réseau 802.11g\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    516. [C:\Program Files\OLITEC - Moniteur réseau 802.11g\ZDWLAN.dll] [, 1, 0, 49, 21]
    517. [C:\Program Files\OLITEC - Moniteur réseau 802.11g\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
    518. [PID: 264 / SYSTEM][C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe] [Symantec Corporation, 1.2.0.18]
    519. [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    520. [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    521. [C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll] [Symantec Corporation, 1.2.0.18]
    522. [C:\PROGRA~1\FICHIE~1\SYMANT~1\PIF\{B8E1D~1\PollMgr.dll] [Symantec Corporation, 1.2.0.18]
    523. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    524. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    525. [PID: 364 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.6375]
    526. [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6375]
    527. [PID: 384 / SYSTEM][C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe] [Symantec Corporation, 3.1.0.99]
    528. [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    529. [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    530. [PID: 928 / SYSTEM][C:\Program Files\Spyware Terminator\sp_rsser.exe] [Crawler.com, 2.1.0.284]
    531. [PID: 2064 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    532. [C:\WINDOWS\system32\dsnpstd2.dll] [, 1, 1, 0, 1]
    533. [PID: 2436 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe] [, 4.05.1409]
    534. [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll] [N/A, ]
    535. [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll] [, 4.05.1409]
    536. [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLMLClient.dll] [Cyberlink, 2, 1, 0, 2301]
    537. [PID: 3560 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    538. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    539. [PID: 380 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    540. [PID: 880 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe] [Microsoft Corporation, 8.5.1302.1018]
    541. [C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
    542. [PID: 4856 / Compaq_Propriétaire][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    543. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    544. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    545. [C:\PROGRA~1\WINDOW~1\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    546. [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    547. [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    548. [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    549. [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    550. [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    551. [C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll] [Sun Microsystems, Inc., 2.03]
    552. [C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll] [Sun Microsystems, Inc., 2.03]
    553. [C:\Program Files\OpenOffice.org 2.3\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    554. [C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120]
    555. [C:\Program Files\OpenOffice.org 2.3\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    556. [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
    557. [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
    558. [C:\Program Files\Spyware Terminator\sptcontmenu.dll] [Crawler.com, 1.1.0.15]
    559. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll] [Avira GmbH, 7.00.00.10]
    560. [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
    561. [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    562. [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.6375]
    563. [C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.10.8205]
    564. [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6375]
    565. [C:\WINDOWS\system32\nvshell.dll] [, ]
    566. [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.5.2005092300]
    567. [C:\Program Files\Notepad++\nppshellext.dll] [Notepad++ team, 0.1.0.0]
    568. [C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL] [Speedbit Ltd., 8, 5, 0, 1]
    569. [C:\Program Files\FileZilla Client\fzshellext.dll] [, 3, 0, 7, 0]
    570. [PID: 4104 / Compaq_Propriétaire][C:\Program Files\Steam\Steam.exe] [Valve Corporation, 1.0.0.0]
    571. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    572. [C:\Program Files\Steam\Steam.dll] [Valve Corporation, 2.0.0.0]
    573. [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    574. [C:\Program Files\Steam\SteamUI.dll] [Valve Corporation, 1, 0, 0, 1]
    575. [C:\Program Files\Steam\tier0_s.dll] [Valve Corporation, 1, 0, 0, 1]
    576. [C:\Program Files\Steam\vstdlib_s.dll] [Valve Corporation, 3, 0, 0, 1]
    577. [C:\Program Files\Steam\bin\FileSystem_Steam.dll] [Valve Corporation, 3, 0, 0, 1]
    578. [C:\Program Files\Steam\bin\vgui2.dll] [Valve Corporation, 3, 0, 0, 1]
    579. [C:\Program Files\Steam\steamclient.dll] [Valve Corporation, 3, 0, 0, 1]
    580. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    581. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    582. [C:\Program Files\Steam\bin\p2pcore.dll] [Valve Corporation, 1, 0, 0, 1]
    583. [C:\Program Files\Steam\bin\p2pvoice.dll] [Valve Corporation, 1, 0, 0, 1]
    584. [C:\Program Files\Steam\bin\mss32_s.dll] [N/A, ]
    585. [C:\Program Files\Steam\bin\SteamService.dll] [Valve Corporation, 1, 0, 0, 1]
    586. [C:\Program Files\Steam\dbghelp.dll] [Microsoft Corporation, 6.7.0005.0 (debuggers(dbg).070215-1229)]
    587. [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    588. [C:\Program Files\Steam\bin\vaudio_speex.dll] [N/A, ]
    589. [c:\program files\steam\bin\friendsUI.dll] [Valve Corporation, 3, 0, 0, 1]
    590. [c:\program files\steam\bin\serverbrowser.dll] [Valve Corporation, 1, 0, 0, 1]
    591. [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    592. [C:\PROGRA~1\DAP\dapie.dll] [Speedbit Ltd., 8, 5, 6, 0]
    593. [C:\PROGRA~1\DAP\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
    594. [C:\Program Files\DAP\DAPIEEngine.dll] [Speedbit Ltd., 8, 6, 1, 3]
    595. [C:\Program Files\DAP\DAPIEMonitor.dll] [Speedbit Ltd., 8, 6, 1, 0]
    596. [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
    597. [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.2r22]
    598. [PID: 2164 / Compaq_Propriétaire][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 8.5.1302.1018]
    599. [C:\Program Files\Windows Live\Messenger\MSIMG32.dll] [Patchou, 4, 50, 0, 312]
    600. [C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1302.1018]
    601. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    602. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    603. [C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
    604. [C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1302.1018]
    605. [C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 50, 0, 312]
    606. [C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ]
    607. [C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018]
    608. [C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1302.1018]
    609. [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 50, 0, 312]
    610. [C:\Program Files\Windows Live\Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
    611. [C:\WINDOWS\system32\msdmo.dll] [, ]
    612. [C:\Program Files\Windows Live\Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
    613. [C:\Program Files\Windows Live\Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
    614. [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    615. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    616. [C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1302.1018]
    617. [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corporation, 8.5.1302.1018]
    618. [C:\Program Files\Windows Live\Messenger\lmcdata.dll] [Microsoft Corporation, 8.5.1302.1018]
    619. [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    620. [C:\Program Files\Windows Live\Messenger\contact.dll] [Microsoft Corporation, 8.5.1302.1018]
    621. [C:\Program Files\DAP\DAPIEEngine.dll] [Speedbit Ltd., 8, 6, 1, 3]
    622. [C:\Program Files\DAP\DAPIEMonitor.dll] [Speedbit Ltd., 8, 6, 1, 0]
    623. [C:\Program Files\Windows Live\Messenger\dfsr.dll] [Microsoft Corporation, 8.5.1302.1018]
    624. [C:\Program Files\Windows Live\Messenger\abssm.dll] [Microsoft Corporation, 8.5.1302.1018]
    625. [C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
    626. [C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
    627. [C:\Program Files\Messenger Plus! Live\libsndfile.dll] [N/A, ]
    628. [C:\Program Files\Messenger Plus! Live\lame_enc.dll] [N/A, ]
    629. [C:\WINDOWS\system32\mfplat.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    630. [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    631. [PID: 6364 / Compaq_Propriétaire][C:\Documents and Settings\Compaq_Propriétaire\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
    632. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    633. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    634. [C:\Documents and Settings\Compaq_Propriétaire\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
    635. [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    636. [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    637.  
    638. ==================================
    639. File Associations
    640. .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    641. .EXE OK. ["%1" %*]
    642. .COM OK. ["%1" %*]
    643. .PIF OK. ["%1" %*]
    644. .REG OK. [regedit.exe "%1"]
    645. .BAT OK. ["%1" %*]
    646. .SCR OK. ["%1" /S]
    647. .CHM OK. ["C:\WINDOWS\hh.exe" %1]
    648. .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
    649. .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    650. .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    651. .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    652. .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    653. .LNK OK. [{00021401-0000-0000-C000-000000000046}]
    654.  
    655. ==================================
    656. Winsock Provider
    657. Protected(AF) MSAFD Tcpip [TCP/IP]
    658. C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll(, N/A)
    659. Protected(AF) MSAFD Tcpip [UDP/IP]
    660. C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll(, N/A)
    661. Protected(AF) MSAFD Tcpip [RAW/IP]
    662. C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll(, N/A)
    663. Protected(AF) RSVP UDP Service Provider
    664. C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll(, N/A)
    665. Protected(AF) RSVP TCP Service Provider
    666. C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll(, N/A)
    667. Ashampoo Firewall Filter
    668. C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll(, N/A)
    669.  
    670. ==================================
    671. Autorun.Inf
    672. N/A
    673.  
    674. ==================================
    675. HOSTS File
    676. 127.0.0.1 localhost
    677.  
    678. ==================================
    679. Process Privileges Scan
    680. Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1240, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
    681. Special Privilege Enabled: SeLoadDriverPrivilege [PID = 808, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE]
    682. Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1544, C:\PROGRAM FILES\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE]
    683. Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1600, C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE]
    684. Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1688, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGNT.EXE]
    685. Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1712, C:\PROGRAM FILES\CYBERLINK\POWERCINEMA\KERNEL\TV\CLCAPSVC.EXE]
    686. Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1940, C:\PROGRAM FILES\WINAMP REMOTE\BIN\ORBTRAY.EXE]
    687. Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2000, C:\WINDOWS\SYSTEM32\LIBUSBD-NT.EXE]
    688. Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2044, C:\PROGRAM FILES\OLITEC - MONITEUR RÉSEAU 802.11G\WLANUTIL.EXE]
    689. Special Privilege Enabled: SeDebugPrivilege [PID = 6364, C:\DOCUMENTS AND SETTINGS\COMPAQ_PROPRIÉTAIRE\BUREAU\SRENG2\SRENGPS.EXE]
    690. Special Privilege Enabled: SeLoadDriverPrivilege [PID = 6364, C:\DOCUMENTS AND SETTINGS\COMPAQ_PROPRIÉTAIRE\BUREAU\SRENG2\SRENGPS.EXE]
    691.  
    692. ==================================
    693. API HOOK
    694. N/A
    695.  
    696. ==================================
    697. Hidden Process
    698. N/A
    699.  
    700. ==================================
    22 Mars 2008 12:35:50

    Re,

    Stp, ne mets pas la balise code, poste ton rapport normalement sans balise :p 

    22 Mars 2008 18:20:44

    voila :
    2008-03-22,12:28:53

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

    Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan


    Boot Items
    Registry
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
    <Orb><"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background> [Orb Networks]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SpywareTerminator><"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"> [Crawler.com]
    <Ashampoo FireWall><"C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY> [(Verified)ashampoo GmbH & Co. KG]
    <avgnt><"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnolj]
    <WinlogonNotify: opnnolj><opnnolj.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
    <N/A><C:\WINDOWS\system32\msbifx.com> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:o E /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    <Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Skype><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
    <Steam><; "C:\Program Files\Steam\Steam.exe" -silent> [(Verified)Valve]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <TrojanScanner><; C:\Program Files\Trojan Remover\Trjscan.exe> [N/A]

    ==================================
    Startup Folders
    [Lancer l'utilitaire Olitec]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancer l'utilitaire Olitec.lnk --> C:\PROGRA~1\OLITEC~1.11G\WlanUtil.exe []><N>
    [Stardock ObjectDock]
    <C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk --> C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [N/A]><N>

    ==================================
    Services
    [AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler][Running/Auto Start]
    <"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"><Avira GmbH>
    [AntiVir PersonalEdition Classic Guard / AntiVirService][Running/Auto Start]
    <"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"><Avira GmbH>
    [Gestion d'applications / AppMgmt][Stopped/Manual Start]
    <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
    [BlueSoleil Hid Service / BlueSoleil Hid Service][Running/Auto Start]
    <C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe><N/A>
    [##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## / Bonjour Service][Running/Auto Start]
    <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Computer, Inc.>
    [CyberLink Background Capture Service (CBCS) / CLCapSvc][Running/Auto Start]
    <"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"><>
    [CyberLink Task Scheduler (CTS) / CLSched][Running/Auto Start]
    <"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"><>
    [Symantec Lic NetConnect service / CLTNetCnService][Stopped/Auto Start]
    <><N/A>
    [CyberLink Media Library Service / CyberLink Media Library Service][Running/Auto Start]
    <"C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"><Cyberlink>
    [FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
    <"C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
    [Google Updater Service / gusvc][Stopped/Manual Start]
    <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
    [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
    <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
    [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
    <"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
    [LexBce Server / LexBceS][Running/Auto Start]
    <C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
    [LibUsb-Win32 - Daemon, Version 0.1.10.1 / libusbd][Running/Auto Start]
    <system32\libusbd-nt.exe><N/A>
    [LiveUpdate / LiveUpdate][Stopped/Manual Start]
    <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
    [LiveUpdate Notice Service Ex / LiveUpdate Notice Ex][Stopped/Auto Start]
    <><N/A>
    [LiveUpdate Notice Service / LiveUpdate Notice Service][Running/Auto Start]
    <"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"><Symantec Corporation>
    [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
    [Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Running/Auto Start]
    <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation>
    [Spyware Terminator Realtime Shield Service / sp_rssrv][Running/Auto Start]
    <"C:\Program Files\Spyware Terminator\sp_rsser.exe"><Crawler.com>
    [TVersityMediaServer / TVersityMediaServer][Stopped/Auto Start]
    <"C:\Program Files\TVersity\Media Server\MediaServer.exe"><N/A>
    [wampapache / wampapache][Stopped/Manual Start]
    <"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice><Apache Software Foundation>
    [wampmysqld / wampmysqld][Stopped/Manual Start]
    <c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld><N/A>
    [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
    <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

    ==================================
    Drivers
    [Pilote de processeur AMD / AmdK8][Running/System Start]
    <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
    [ATITool Overclocking Utility / ATITool][Stopped/System Start]
    <system32\DRIVERS\ATITool.sys><>
    [avgio / avgio][Running/System Start]
    <\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys><Avira GmbH>
    [avgntflt / avgntflt][Running/Manual Start]
    <\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys><Avira GmbH>
    [avipbb / avipbb][Running/System Start]
    <system32\DRIVERS\avipbb.sys><AVIRA GmbH>
    [Bluetooth Audio Service / BlueletAudio][Running/Manual Start]
    <system32\DRIVERS\blueletaudio.sys><IVT Corporation>
    [Bluetooth SCO Audio Service / BlueletSCOAudio][Running/Manual Start]
    <system32\DRIVERS\BlueletSCOAudio.sys><IVT Corporation>
    [Bluetooth PAN Network Adapter / BT][Running/Manual Start]
    <system32\DRIVERS\btnetdrv.sys><IVT Corporation>
    [Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
    <System32\Drivers\btcusb.sys><IVT Corporation>
    [Bluetooth HID Enumerator / BTHidEnum][Running/Manual Start]
    <system32\DRIVERS\vbtenum.sys><N/A>
    [Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
    <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
    [catchme / catchme][Stopped/Manual Start]
    <\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys><N/A>
    [Carte réseau virtuelle FreeBox USB / fbxusb][Stopped/Manual Start]
    <system32\DRIVERS\fbxusb32.sys><FreeBox SA>
    [Hamachi Network Interface / hamachi][Running/Manual Start]
    <system32\DRIVERS\hamachi.sys><LogMeIn, Inc.>
    [Pilote de bus Microsoft UAA pour High Definition Audio / HDAudBus][Running/Manual Start]
    <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
    [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
    <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
    [LibUsb-Win32 - Kernel Driver, Version 0.1.10.1 / libusb0][Running/Manual Start]
    <system32\drivers\libusb0.sys><N/A>
    [LT Modem Driver / ltmodem5][Stopped/Manual Start]
    <system32\DRIVERS\ltmdmnt.sys><LT>
    [Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start]
    <system32\DRIVERS\LVUSBSta.sys><Logitech Inc.>
    [nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
    [nvata / nvata][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
    [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
    <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
    [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
    <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
    [Stick USB 802.11g OLITEC Driver(OLITEC) / OLITEC(OLITEC)][Running/Manual Start]
    <system32\DRIVERS\zd1211u.sys><ZyDAS Technology Corporation>
    [Logitech QuickCam IM(PID_PEPI) / PID_PEPI][Stopped/Manual Start]
    <system32\DRIVERS\LV302V32.SYS><Logitech Inc.>
    [Ps2 / Ps2][Running/Manual Start]
    <system32\DRIVERS\PS2.sys><Hewlett-Packard Company>
    [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    [PxHelp20 / PxHelp20][Running/Boot Start]
    <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
    [Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start]
    <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
    [Secdrv / Secdrv][Running/Auto Start]
    <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
    [service.sys / service.sys][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\service.sys><N/A>
    [StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
    <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology (StarForce)>
    [StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
    <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
    [StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]
    <\SystemRoot\System32\drivers\sfvfs02.sys><Protection Technology>
    [Trust WB-3100P Portable Webcam / snpstd2][Running/Manual Start]
    <system32\DRIVERS\snpstd2.sys><>
    [sptd / sptd][Running/Boot Start]
    <\SystemRoot\System32\Drivers\sptd.sys><N/A>
    [Spyware Terminator Driver 2 / sp_rsdrv2][Running/System Start]
    <\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys><>
    [ssmdrv / ssmdrv][Running/System Start]
    <system32\DRIVERS\ssmdrv.sys><Avira GmbH>
    [LGE Mobile Composite USB Device / usbbus][Stopped/Manual Start]
    <system32\DRIVERS\lgusbbus.sys><LG Electronics Inc.>
    [LGE Mobile USB Modem / USBModem][Stopped/Manual Start]
    <system32\DRIVERS\lgusbmodem.sys><LG Electronics Inc.>
    [Virtual Serial port driver / VComm][Running/Manual Start]
    <system32\DRIVERS\VComm.sys><IVT Corporation>
    [Bluetooth VComm Manager Service / VcommMgr][Running/Manual Start]
    <System32\Drivers\VcommMgr.sys><IVT Corporation>
    [ViaIde / ViaIde][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
    [Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
    <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
    [XPAD Filter Service 02 / XPADFL02][Stopped/Manual Start]
    <system32\DRIVERS\xpadfl02.sys><N/A>
    [ZDPNDIS5 NDIS Protocol Driver / ZDPNDIS5][Running/Manual Start]
    <\??\C:\WINDOWS\system32\ZDPNDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
    [ASFWHide / ASFWHide][Running/Manual Start]
    <\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide><N/A>

    ==================================
    Browser Add-ons
    [Yahoo! Toolbar Helper]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
    [AcroIEHlprObj Class]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
    [Winamp Toolbar BHO]
    {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} <C:\Program Files\Winamp Toolbar\winamptb.dll, AOL LLC>
    [SSVHelper Class]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    [Programme d'aide de l'Assistant de connexion Windows Live]
    {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    [Google Toolbar Helper]
    {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    [Google Toolbar Notifier BHO]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
    [Java Plug-in 1.6.0_05]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    [BlogThisToolbarButton Class]
    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} <C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll, Microsoft Corporation>
    [Aide à la connexion]
    {E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A>
    []
    {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
    [ICQ6]
    {E59EB121-F339-4851-A3BA-FE49C35617C2} <C:\Program Files\ICQ6\ICQ.exe, ICQ, Inc.>
    [Messenger]
    {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
    [Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
    [&Google]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    [Winamp Toolbar]
    {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} <C:\Program Files\Winamp Toolbar\winamptb.dll, AOL LLC>
    [ITPPDiagIE Class]
    {084DAC27-6FA3-4F55-9005-033F2F102F5C} <C:\npwwg.dll, Winwise>
    [CKAVWebScan Object]
    {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
    [Shockwave ActiveX Control]
    {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
    [Windows Genuine Advantage Validation Tool]
    {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
    [CMediaMix Object]
    {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} <C:\WINDOWS\system32\MediaLogic.dll, Microsoft Corp.>
    [YInstStarter Class]
    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
    [Java Plug-in 1.6.0_05]
    {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.5.0_05]
    {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_01]
    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_02]
    {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_03]
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_05]
    {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_05]
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll, Sun Microsystems, Inc.>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
    [Google Script Object]
    {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    [Yahoo! Toolbar Helper]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
    [QuickTime Object]
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\WINDOWS\system32\QTPlugin.ocx, Apple Computer, Inc.>
    [ActiveMovieControl Object]
    {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\msdxm.OCX, Microsoft Corporation>
    [AcroIEHlprObj Class]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
    [ITPPDiagIE Class]
    {084DAC27-6FA3-4F55-9005-033F2F102F5C} <C:\npwwg.dll, Winwise>
    [CKAVWebScan Object]
    {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
    [Shockwave ActiveX Control]
    {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
    [Windows Genuine Advantage Validation Tool]
    {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
    [InformationCardSigninHelper Class]
    {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
    [Windows Media Player]
    {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.OCX, Microsoft Corporation>
    [&Google]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    [Shockwave ActiveX Control]
    {233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Macromed\Director\swdir.dll, Adobe Systems, Inc.>
    [HTML Document]
    {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
    [Winamp Toolbar BHO]
    {25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} <C:\Program Files\Winamp Toolbar\winamptb.dll, AOL LLC>
    [XML DOM Document]
    {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
    [XSL Template]
    {2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
    [XML Document]
    {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
    [Shell Name Space]
    {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
    [CKAVReportCtrl Object]
    {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
    [WUWebControl Class]
    {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
    [DivXBrowserPlugin Object]
    {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>
    [Windows Media Player]
    {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [MUWebControl Class]
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
    [Active Desktop Mover]
    {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
    [SSVHelper Class]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
    [Microsoft Web Browser]
    {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
    [XML HTTP 4.0]
    {88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
    [Programme d'aide de l'Assistant de connexion Windows Live]
    {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    [RMGetLicense Class]
    {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
    [Google Toolbar Helper]
    {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    [Google Toolbar Notifier BHO]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
    [RDS.DataSpace]
    {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
    [Helper Class]
    {BF0118D4-63FF-4138-9327-F3028FB1A578} <C:\WINDOWS\web\wallpaper\welcome\AWhelper.dll, >
    [AUDIO__MP3 Moniker Class]
    {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [AUDIO__WAV Moniker Class]
    {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [VIDEO__X_MS_ASF Moniker Class]
    {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [RealPlayer G2 Control]
    {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
    [Contrôle de l'Assistant de connexion Windows Live]
    {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
    [QuickTimeCheck Class]
    {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\WINDOWS\system32\QuickTimeCheck.ocx, Apple Computer, Inc.>
    []
    {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
    [VideoLAN VLC ActiveX Plugin v1]
    {E23FE9C6-778E-49D4-B537-38FCDE4887D8} <C:\Program Files\VideoLAN\VLC\axvlc.dll, >
    [WebViewFolderIcon Class]
    {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} <C:\WINDOWS\system32\webvw.dll, Microsoft Corporation>
    [XML HTTP Request]
    {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
    [Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
    [Runclose Control]
    {F31D1897-7EFD-4647-8687-E05894E382AB} <C:\WINDOWS\System32\RUNCLOSE.OCX, Hewlett-Packard Company>
    [XML DOM Document 3.0]
    {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
    [XML HTTP 3.0]
    {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
    [XML DOM Document]
    {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
    [Free Threaded XML DOM Document]
    {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
    [XML HTTP]
    {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
    [&Clean Traces]
    <C:\Program Files\DAP\Privacy Package\dapcleanerie.htm, N/A>
    [&Download with &DAP]
    <C:\Program Files\DAP\dapextie.htm, N/A>
    [&Winamp Toolbar Search]
    <C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html, N/A>
    [Download &all with DAP]
    <C:\Program Files\DAP\dapextie2.htm, N/A>
    [Ouvrir avec GetRight]
    <C:\Program Files\GetRight\GRbrowse.htm, N/A>
    [Télecharger avec GetRight]
    <C:\Program Files\GetRight\GRdownload.htm, N/A>

    ==================================
    Running Processes
    [PID: 972 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1216 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1240 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1284 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [PID: 1296 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    [PID: 1440 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1500 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    [PID: 1640 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    [PID: 1696 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    [PID: 1736 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    [PID: 684 / SYSTEM][C:\WINDOWS\system32\LEXBCES.EXE] [Lexmark International, Inc., 8.29]
    [C:\WINDOWS\system32\lexp2p32.dll] [Lexmark International, Inc., 8.29]
    [C:\WINDOWS\system32\lex2kusb.dll] [Lexmark International, Inc., 8.29]
    [PID: 708 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\LEXLMPM.DLL] [Lexmark International, Inc., 8.29]
    [C:\WINDOWS\system32\LexBce.dll] [Lexmark International, Inc., 8.29]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBKPP5C.dll] [, 1.0.0.0]
    [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    [C:\WINDOWS\system32\LXBKpwr.dll] [Lexmark International, Inc., 0, 1, 61, 1]
    [PID: 716 / SYSTEM][C:\WINDOWS\system32\LEXPPS.EXE] [Lexmark International, Inc., 8.29]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    [C:\WINDOWS\system32\LEXBCE.DLL] [Lexmark International, Inc., 8.29]
    [PID: 808 / SYSTEM][C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe] [Avira GmbH, 7.00.00.82]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.dll] [Avira GmbH, 7.00.00.01]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll] [Avira GmbH, 7.00.00.20]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardmsg.dll] [Avira GmbH, 7.00.11.00]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll] [, 3, 3, 17, 1]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL] [Avira GmbH, 7.00.02.02]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL] [Avira GmbH, 1.02.00.17]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPACK32.DLL] [Avira GmbH, 7.06.00.03]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\unacev2.dll] [N/A, ]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll] [Avira GmbH, 1.00.00.04]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVEWIN32.DLL] [Avira GmbH, 7.6.0.75]
    [PID: 1344 / SYSTEM][C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe] [Avira GmbH, 7.00.00.62]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\schedr.dll] [Avira GmbH, 7.00.24.00]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll] [Avira GmbH, 7.00.00.20]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll] [, 3, 3, 17, 1]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll] [Avira GmbH, 1.00.00.04]
    [PID: 1544 / SYSTEM][C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe] [N/A, ]
    [PID: 1600 / Compaq_Propriétaire][C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe] [Crawler.com, 2.1.0.276]
    [PID: 1608 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe] [Apple Computer, Inc., 1,0,3,1]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    [PID: 1624 / Compaq_Propriétaire][C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe] [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\ash_inet.dll] [ , 1, 1, 4, 1]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1688 / Compaq_Propriétaire][C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe] [Avira GmbH, 7.02.00.16]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\cclib.dll] [Avira GmbH, 7.02.00.03]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [c:\program files\avira\antivir personaledition classic\ccgen.dll] [Avira GmbH, 7.02.00.10]
    [c:\program files\avira\antivir personaledition classic\ccgenrc.dll] [Avira GmbH, 7.02.04.02]
    [c:\program files\avira\antivir personaledition classic\ccguard.dll] [Avira GmbH, 7.00.01.35]
    [c:\program files\avira\antivir personaledition classic\ccgrdrc.dll] [Avira GmbH, 7.00.06.00]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll] [Avira GmbH, 1.00.00.04]
    [c:\program files\avira\antivir personaledition classic\ccupdate.dll] [Avira GmbH, 7.02.00.04]
    [c:\program files\avira\antivir personaledition classic\ccupdrc.dll] [Avira GmbH, 7.02.01.00]
    [c:\program files\avira\antivir personaledition classic\cclic.dll] [Avira GmbH, 7.02.00.04]
    [c:\program files\avira\antivir personaledition classic\cclicrc.dll] [Avira GmbH, 7.02.01.00]
    [c:\program files\avira\antivir personaledition classic\ccmsg.dll] [Avira GmbH, 7.00.00.00]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [PID: 1724 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1712 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe] [, 4.05.1409]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll] [, 4.05.1409]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMRRec4.dll] [CyberLink Corp., 4.01.2609]
    [C:\WINDOWS\system32\msdmo.dll] [, ]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\dsnpstd2.ax] [ , 1, 0, 1, 6]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMRResample.ax] [CyberLink, 4.0.0126 ]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll] [N/A, ]
    [PID: 1800 / Compaq_Propriétaire][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1856 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe] [Cyberlink, 2, 1, 0, 2301]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    [PID: 1940 / Compaq_Propriétaire][C:\Program Files\Winamp Remote\bin\OrbTray.exe] [Orb Networks, 2, 2008, 105, 1830]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\Program Files\Winamp Remote\bin\LangRes.dll] [Orb Networks, 1, 2008, 0110, 1401]
    [C:\Program Files\Winamp Remote\bin\CabDirectory.dll] [Orb Networks, 1, 2007, 313, 1100]
    [C:\Program Files\Winamp Remote\bin\Cab.dll] [, 1, 2008, 118, 1500]
    [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    [PID: 2000 / SYSTEM][C:\WINDOWS\system32\libusbd-nt.exe] [http://libusb-win32.sourceforge.net, 0.1.10.1]
    [PID: 2044 / Compaq_Propriétaire][C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe] [, 1, 0, 49, 21]
    [C:\Program Files\OLITEC - Moniteur réseau 802.11g\dot1x_dll.dll] [N/A, ]
    [C:\WINDOWS\system32\ZDPN50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.55]
    [C:\Program Files\OLITEC - Moniteur réseau 802.11g\SSLEAY32.dll] [N/A, ]
    [C:\Program Files\OLITEC - Moniteur réseau 802.11g\LIBEAY32.dll] [N/A, ]
    [C:\Program Files\OLITEC - Moniteur réseau 802.11g\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\OLITEC - Moniteur réseau 802.11g\ZDWLAN.dll] [, 1, 0, 49, 21]
    [C:\Program Files\OLITEC - Moniteur réseau 802.11g\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
    [PID: 264 / SYSTEM][C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe] [Symantec Corporation, 1.2.0.18]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll] [Symantec Corporation, 1.2.0.18]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\PIF\{B8E1D~1\PollMgr.dll] [Symantec Corporation, 1.2.0.18]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [PID: 364 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.6375]
    [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6375]
    [PID: 384 / SYSTEM][C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe] [Symantec Corporation, 3.1.0.99]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [PID: 928 / SYSTEM][C:\Program Files\Spyware Terminator\sp_rsser.exe] [Crawler.com, 2.1.0.284]
    [PID: 2064 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dsnpstd2.dll] [, 1, 1, 0, 1]
    [PID: 2436 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe] [, 4.05.1409]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll] [N/A, ]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll] [, 4.05.1409]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLMLClient.dll] [Cyberlink, 2, 1, 0, 2301]
    [PID: 3560 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    [PID: 380 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 880 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
    [PID: 4856 / Compaq_Propriétaire][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\PROGRA~1\WINDOW~1\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll] [Sun Microsystems, Inc., 2.03]
    [C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll] [Sun Microsystems, Inc., 2.03]
    [C:\Program Files\OpenOffice.org 2.3\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120]
    [C:\Program Files\OpenOffice.org 2.3\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
    [C:\Program Files\Spyware Terminator\sptcontmenu.dll] [Crawler.com, 1.1.0.15]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll] [Avira GmbH, 7.00.00.10]
    [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.6375]
    [C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.10.8205]
    [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6375]
    [C:\WINDOWS\system32\nvshell.dll] [, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.5.2005092300]
    [C:\Program Files\Notepad++\nppshellext.dll] [Notepad++ team, 0.1.0.0]
    [C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL] [Speedbit Ltd., 8, 5, 0, 1]
    [C:\Program Files\FileZilla Client\fzshellext.dll] [, 3, 0, 7, 0]
    [PID: 4104 / Compaq_Propriétaire][C:\Program Files\Steam\Steam.exe] [Valve Corporation, 1.0.0.0]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    [C:\Program Files\Steam\Steam.dll] [Valve Corporation, 2.0.0.0]
    [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    [C:\Program Files\Steam\SteamUI.dll] [Valve Corporation, 1, 0, 0, 1]
    [C:\Program Files\Steam\tier0_s.dll] [Valve Corporation, 1, 0, 0, 1]
    [C:\Program Files\Steam\vstdlib_s.dll] [Valve Corporation, 3, 0, 0, 1]
    [C:\Program Files\Steam\bin\FileSystem_Steam.dll] [Valve Corporation, 3, 0, 0, 1]
    [C:\Program Files\Steam\bin\vgui2.dll] [Valve Corporation, 3, 0, 0, 1]
    [C:\Program Files\Steam\steamclient.dll] [Valve Corporation, 3, 0, 0, 1]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\Program Files\Steam\bin\p2pcore.dll] [Valve Corporation, 1, 0, 0, 1]
    [C:\Program Files\Steam\bin\p2pvoice.dll] [Valve Corporation, 1, 0, 0, 1]
    [C:\Program Files\Steam\bin\mss32_s.dll] [N/A, ]
    [C:\Program Files\Steam\bin\SteamService.dll] [Valve Corporation, 1, 0, 0, 1]
    [C:\Program Files\Steam\dbghelp.dll] [Microsoft Corporation, 6.7.0005.0 (debuggers(dbg).070215-1229)]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Steam\bin\vaudio_speex.dll] [N/A, ]
    [c:\program files\steam\bin\friendsUI.dll] [Valve Corporation, 3, 0, 0, 1]
    [c:\program files\steam\bin\serverbrowser.dll] [Valve Corporation, 1, 0, 0, 1]
    [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\PROGRA~1\DAP\dapie.dll] [Speedbit Ltd., 8, 5, 6, 0]
    [C:\PROGRA~1\DAP\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\DAP\DAPIEEngine.dll] [Speedbit Ltd., 8, 6, 1, 3]
    [C:\Program Files\DAP\DAPIEMonitor.dll] [Speedbit Ltd., 8, 6, 1, 0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.2r22]
    [PID: 2164 / Compaq_Propriétaire][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Windows Live\Messenger\MSIMG32.dll] [Patchou, 4, 50, 0, 312]
    [C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 50, 0, 312]
    [C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ]
    [C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 50, 0, 312]
    [C:\Program Files\Windows Live\Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
    [C:\WINDOWS\system32\msdmo.dll] [, ]
    [C:\Program Files\Windows Live\Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
    [C:\Program Files\Windows Live\Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]
    [C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Windows Live\Messenger\lmcdata.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    [C:\Program Files\Windows Live\Messenger\contact.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\DAP\DAPIEEngine.dll] [Speedbit Ltd., 8, 6, 1, 3]
    [C:\Program Files\DAP\DAPIEMonitor.dll] [Speedbit Ltd., 8, 6, 1, 0]
    [C:\Program Files\Windows Live\Messenger\dfsr.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Windows Live\Messenger\abssm.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
    [C:\Program Files\Messenger Plus! Live\libsndfile.dll] [N/A, ]
    [C:\Program Files\Messenger Plus! Live\lame_enc.dll] [N/A, ]
    [C:\WINDOWS\system32\mfplat.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [PID: 6364 / Compaq_Propriétaire][C:\Documents and Settings\Compaq_Propriétaire\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\Documents and Settings\Compaq_Propriétaire\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
    [C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll] [N/A, ]

    ==================================
    File Associations
    .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE OK. ["%1" %*]
    .COM OK. ["%1" %*]
    .PIF OK. ["%1" %*]
    .REG OK. [regedit.exe "%1"]
    .BAT OK. ["%1" %*]
    .SCR OK. ["%1" /S]
    .CHM OK. ["C:\WINDOWS\hh.exe" %1]
    .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
    .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .LNK OK. [{00021401-0000-0000-C000-000000000046}]

    ==================================
    Winsock Provider
    Protected(AF) MSAFD Tcpip [TCP/IP]
    C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll(, N/A)
    Protected(AF) MSAFD Tcpip [UDP/IP]
    C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll(, N/A)
    Protected(AF) MSAFD Tcpip [RAW/IP]
    C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll(, N/A)
    Protected(AF) RSVP UDP Service Provider
    C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll(, N/A)
    Protected(AF) RSVP TCP Service Provider
    C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll(, N/A)
    Ashampoo Firewall Filter
    C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll(, N/A)

    ==================================
    Autorun.Inf
    N/A

    ==================================
    HOSTS File
    127.0.0.1 localhost

    ==================================
    Process Privileges Scan
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1240, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 808, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1544, C:\PROGRAM FILES\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1600, C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1688, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGNT.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1712, C:\PROGRAM FILES\CYBERLINK\POWERCINEMA\KERNEL\TV\CLCAPSVC.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1940, C:\PROGRAM FILES\WINAMP REMOTE\BIN\ORBTRAY.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2000, C:\WINDOWS\SYSTEM32\LIBUSBD-NT.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2044, C:\PROGRAM FILES\OLITEC - MONITEUR RÉSEAU 802.11G\WLANUTIL.EXE]
    Special Privilege Enabled: SeDebugPrivilege [PID = 6364, C:\DOCUMENTS AND SETTINGS\COMPAQ_PROPRIÉTAIRE\BUREAU\SRENG2\SRENGPS.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 6364, C:\DOCUMENTS AND SETTINGS\COMPAQ_PROPRIÉTAIRE\BUREAU\SRENG2\SRENGPS.EXE]

    ==================================
    API HOOK
    N/A

    ==================================
    Hidden Process
    N/A

    ==================================
    22 Mars 2008 18:25:26

    Re,

    Oki :) 

    Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner...

    Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

  • Clique sur Recherche et laisse le scan agir ...
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
    22 Mars 2008 19:55:15

    voila c'est fait mais j'ai pas eu de rapport
    22 Mars 2008 19:58:15

    Re,

    Peux-tu retélécharger combofix et veiller à l'installer sur C:\ ? J'insiste sur l'emplacement, c'est très important.

    Ensuite, tu me fais un scan normal avec combofix, une fois que tu t'es assuré de l'avoir installé sur C:\.

    Je vais peut-être te paraître ch****, mais ce détail n'en est pas un :) 
    22 Mars 2008 21:06:01

    voila le rapport :

    ComboFix 08-03-22.1 - Compaq_Propriétaire 2008-03-22 21:02:06.13 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.495 [GMT 1:00]
    Endroit: C:\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-22 20:36 . 2008-03-22 20:36 1,606,483 --a------ C:\ComboFix.exe
    2008-03-22 16:21 . 2008-03-22 16:21 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-03-22 16:16 . 2008-03-22 16:16 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-03-22 16:16 . 2008-03-22 16:18 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
    2008-03-22 16:16 . 2008-03-22 16:17 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
    2008-03-22 16:16 . 2008-03-22 16:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-22 16:15 . 2008-03-22 16:15 <REP> d-------- C:\Program Files\Microsoft SDKs
    2008-03-22 16:12 . 2008-03-22 16:14 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-03-22 16:12 . 2008-03-22 16:12 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-03-22 16:12 . 2008-03-22 16:12 <REP> d-------- C:\Program Files\MSBuild
    2008-03-22 16:11 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-03-22 16:08 . 2008-03-22 16:08 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-03-21 23:17 . 2008-03-21 23:17 <REP> d-------- C:\Program Files\Winamp Toolbar
    2008-03-21 23:17 . 2008-03-21 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
    2008-03-21 23:15 . 2008-03-21 23:17 <REP> d-------- C:\Program Files\Winamp
    2008-03-21 23:15 . 2008-03-21 23:48 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Winamp
    2008-03-19 21:32 . 2008-03-19 21:32 <REP> d-------- C:\Program Files\Guitar Pro 4
    2008-03-19 21:18 . 2008-03-19 21:18 <REP> d-------- C:\Program Files\QuickTime
    2008-03-19 21:16 . 2008-03-19 21:16 <REP> d-------- C:\Program Files\Bonjour
    2008-03-19 21:09 . 2008-03-19 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Program Files\Avira
    2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-19 16:48 . 2008-03-19 16:48 <REP> d-------- C:\Program Files\Ashampoo
    2008-03-19 16:05 . 2008-03-19 16:05 <REP> d-------- C:\Program Files\Sunbelt Software
    2008-03-19 14:13 . 2008-03-22 19:53 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-19 13:28 . 2008-03-19 13:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
    2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
    2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
    2008-03-16 19:45 . 2008-03-16 19:45 167,936 --a------ C:\WINDOWS\system32\drivers\riode32.sys
    2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
    2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
    2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
    2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
    2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
    2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
    2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
    2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
    2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
    2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
    2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
    2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
    2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
    2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-03-06 20:51 . 2008-03-22 10:16 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-03-06 20:51 . 2008-03-22 10:21 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
    2008-03-04 17:44 . 2008-03-22 19:53 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
    2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
    2008-03-01 19:40 . 2008-03-22 18:39 <REP> d-------- C:\Program Files\Steam
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
    2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
    2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
    2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
    2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
    2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
    2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
    2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
    2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
    2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
    2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
    2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
    2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-22 14:19 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
    2008-03-21 23:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-21 23:00 --------- d-----w C:\Program Files\Audacity
    2008-03-21 22:27 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
    2008-03-21 22:16 --------- d-----w C:\Program Files\Winamp Remote
    2008-03-20 20:37 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
    2008-03-20 20:35 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
    2008-03-20 16:43 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
    2008-03-20 16:39 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
    2008-03-19 20:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
    2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
    2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
    2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
    2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
    2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
    2008-03-05 12:10 --------- d-----w C:\Program Files\Java
    2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
    2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
    2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
    2008-02-24 21:45 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
    2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
    2008-02-21 18:52 --------- d-----w C:\Program Files\Fichiers communs\logishrd
    2008-02-21 09:53 --------- d-----w C:\Program Files\SteamKeyFr
    2008-02-20 18:22 --------- d-----w C:\Program Files\Trust
    2008-02-19 21:47 --------- d-----w C:\Program Files\Sega
    2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
    2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
    2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
    2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
    2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
    2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
    2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
    2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
    2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
    2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-01 16:13 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
    2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
    2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
    2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
    2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-12-13 17:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 17:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-01 19:40 1266936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]
    "Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 19:30 249896]
    "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [ ]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
    opnnolj.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
    backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\ICQ6\\ICQ.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\HLSW\\hlsw.exe"=
    "C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Steam\\steamapps\\thibaut8513\\condition zero\\hl.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "C:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "41952:TCP"= 41952:TCP:MediaServer.exe

    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
    R3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
    R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
    S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
    S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
    C:\WINDOWS\system32\msbifx.com
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-22 21:03:09
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
    "ImagePath"="\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide"
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
    .
    Temps d'accomplissement: 2008-03-22 21:04:12
    ComboFix-quarantined-files.txt 2008-03-22 20:03:43
    .
    2008-03-12 06:30:54 --- E O F ---
    22 Mars 2008 21:11:17

    Re,

    Bien :) 

    Désactive toute protection résidente ( antivirus…) !

    Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    File::
    C:\WINDOWS\system32\drivers\riode32.sys
    C:\WINDOWS\system32\eudtodug.tmp
    C:\WINDOWS\system32\dsoudd.dll



    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt et enregistre-le sur C:\ !!! >>> très important !!!

    Menu démarrer, poste de travail, double clique sur C:\. Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.
    23 Mars 2008 17:29:35

    voici les rapport :

    hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:28:51, on 23/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
    C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: opnnolj - opnnolj.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 12302 bytes


    log.txt :

    ComboFix 08-03-22.3 - Compaq_Propriétaire 2008-03-23 17:14:35.14 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.453 [GMT 1:00]
    Endroit: C:\ComboFix.exe
    Command switches used :: C:\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\WINDOWS\system32\drivers\riode32.sys
    C:\WINDOWS\system32\dsoudd.dll
    C:\WINDOWS\system32\eudtodug.tmp
    .
    TimedOut: progfile.dat
    -- Other TimeOuts --
    VFind -td "C:\WINDOWS\system32\baiso*"
    CF26721.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\* >Windir.dat"
    VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\*
    CF26721.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
    VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
    CF26721.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
    Findstr -MIF:/ sursen
    CF26721.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
    VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
    CF26721.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
    Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
    GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
    VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
    CF26721.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
    VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
    CF26721.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

    CF26721.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
    VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
    CF26721.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\riode32.sys
    C:\WINDOWS\system32\dsoudd.dll
    C:\WINDOWS\system32\eudtodug.tmp

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-23 17:11 . 2008-03-23 17:11 1,606,997 --a------ C:\ComboFix.exe
    2008-03-23 14:11 . 2008-03-23 14:11 <REP> d-------- C:\Program Files\Fichiers communs\Thraex Software
    2008-03-22 16:21 . 2008-03-22 16:21 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-03-22 16:16 . 2008-03-22 16:16 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-03-22 16:16 . 2008-03-22 16:18 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
    2008-03-22 16:16 . 2008-03-22 16:17 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
    2008-03-22 16:16 . 2008-03-22 16:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-22 16:15 . 2008-03-22 16:15 <REP> d-------- C:\Program Files\Microsoft SDKs
    2008-03-22 16:12 . 2008-03-22 16:14 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-03-22 16:12 . 2008-03-22 16:12 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-03-22 16:12 . 2008-03-22 16:12 <REP> d-------- C:\Program Files\MSBuild
    2008-03-22 16:11 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-03-22 16:08 . 2008-03-22 16:08 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-03-21 23:17 . 2008-03-21 23:17 <REP> d-------- C:\Program Files\Winamp Toolbar
    2008-03-21 23:17 . 2008-03-21 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
    2008-03-21 23:15 . 2008-03-21 23:17 <REP> d-------- C:\Program Files\Winamp
    2008-03-21 23:15 . 2008-03-21 23:48 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Winamp
    2008-03-19 21:32 . 2008-03-19 21:32 <REP> d-------- C:\Program Files\Guitar Pro 4
    2008-03-19 21:18 . 2008-03-19 21:18 <REP> d-------- C:\Program Files\QuickTime
    2008-03-19 21:16 . 2008-03-19 21:16 <REP> d-------- C:\Program Files\Bonjour
    2008-03-19 21:09 . 2008-03-19 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Program Files\Avira
    2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-19 16:48 . 2008-03-19 16:48 <REP> d-------- C:\Program Files\Ashampoo
    2008-03-19 16:05 . 2008-03-19 16:05 <REP> d-------- C:\Program Files\Sunbelt Software
    2008-03-19 14:13 . 2008-03-22 21:08 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-19 13:28 . 2008-03-19 13:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
    2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
    2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
    2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
    2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
    2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
    2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
    2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
    2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
    2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
    2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
    2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
    2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
    2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
    2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
    2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-03-06 20:51 . 2008-03-23 14:10 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-03-06 20:51 . 2008-03-23 14:10 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-23 13:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
    2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
    2008-03-04 17:44 . 2008-03-23 17:12 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
    2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
    2008-03-01 19:40 . 2008-03-23 17:08 <REP> d-------- C:\Program Files\Steam
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
    2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
    2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
    2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
    2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
    2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
    2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
    2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
    2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
    2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
    2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-23 10:46 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
    2008-03-21 23:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-21 23:00 --------- d-----w C:\Program Files\Audacity
    2008-03-21 22:27 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
    2008-03-21 22:16 --------- d-----w C:\Program Files\Winamp Remote
    2008-03-20 20:37 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
    2008-03-20 20:35 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
    2008-03-20 16:43 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
    2008-03-20 16:39 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
    2008-03-19 20:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
    2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
    2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
    2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
    2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
    2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
    2008-03-05 12:10 --------- d-----w C:\Program Files\Java
    2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
    2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
    2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
    2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
    2008-02-24 21:45 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
    2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
    2008-02-22 19:15 --------- d-----w C:\Program Files\Free
    2008-02-21 18:52 --------- d-----w C:\Program Files\Fichiers communs\logishrd
    2008-02-21 09:53 --------- d-----w C:\Program Files\SteamKeyFr
    2008-02-20 18:22 --------- d-----w C:\Program Files\Trust
    2008-02-19 21:47 --------- d-----w C:\Program Files\Sega
    2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
    2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
    2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
    2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
    2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
    2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
    2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
    2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
    2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
    2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-01 16:13 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
    2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
    2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
    2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
    2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
    2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ------- Sigcheck -------

    2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-12-13 17:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 17:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 17:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]
    "Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 19:30 249896]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
    opnnolj.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
    backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\utorrent\\utorrent.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\ICQ6\\ICQ.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\HLSW\\hlsw.exe"=
    "C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Steam\\steamapps\\thibaut8513\\condition zero\\hl.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "C:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "41952:TCP"= 41952:TCP:MediaServer.exe

    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
    R3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
    R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
    S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
    S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
    \Shell\AutoRun\command - K:\Autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
    C:\WINDOWS\system32\msbifx.com
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-23 17:21:16
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
    "ImagePath"="\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide"
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
    .
    Temps d'accomplissement: 2008-03-23 17:28:14
    ComboFix-quarantined-files.txt 2008-03-23 16:28:11
    .
    2008-03-12 06:30:54 --- E O F ---
    23 Mars 2008 18:09:46

    :hello: 

    1) Tu as des restes de Norton :
    Désinstalle Symantec, Norton ..
    Désinstallation Norton :
    Télécharge et exécute : http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...

    2) Tu as plusieurs barre d'outils (toolbars), en as-tu besoin ?
    Plusieurs barre d'outils peuvent ralentir l'ordinateur ou occasionner des plantages du navigateur.
    Je te conseille de faire du ménage pour désinstaller les barres d'outils dont tu ne te sers pas à partir d'ajout/suppression de programmes du panneau de configuration.
    Pour plus d'informations, voir l'article Les Toolbars, c'est pas obligatoire!

    3) Télécharge MalwareByte's Anti-Malware et installe le.

    ~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
    Aide


  • Lance MalwareByte's Anti-Malware et sélectionne "Exécuter un examen complet". Patiente le temps du scan.
  • Une fois le scan terminé,clique sur "Afficher les résultats" et enregistre le rapport sur ton Bureau.
  • Clique enfin sur "Supprimer la sélection".

    Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
    Aide

    4) Comment va le PC ?
    24 Mars 2008 22:33:44

    norton supprimer les tolabars pas grave c'est sur internet et j'utilise firefox sinon mon pc va bien mise a par que team speak marche toujours pas et voici le rapport :

    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 526

    Type de recherche: Examen complet (C:\|D:\|G:\|H:\|I:\|J:\|)
    Eléments examinés: 274565
    Temps écoulé: 49 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\service.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\ConnectionServices (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\ConnectionServices (Adware.BHO) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\ConnectionServices\Uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winlogon.old (Heuristic.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS