Votre question

Problème - Malware/Spyware - Viruseffaceur [Résolu]

Tags :
  • Spyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
8 Mars 2008 18:51:53

Salut à tous,
voilà il y a une semaine environ j'ai reçu, je ne sais comment, un spyware ou malware intitulé VIRUSEFFACEUR : un grande nombre de pop up s'ouvrent faisant apparaitrent beaucoup de publicité pour antivirus/ spyware, etc, de plus des publicités s'affichent en mettant : "felicitation vous êtes le 999,999 visiteurs vous avez gagné!" ou "jouer sur poker eu", etc.
J'ai fait un grand nombre de scan en tout genre (ccleanner, bitdefender scan online, avg antispyware, etc. Et j'ai enlever pas moin de 11 virus.
Depuis je n'ai plus de pop up mais j'ai toujours ces publicités à la con qui me ralentissent le chargement des pages.

Quelqu'un pourrait il m'aider.... HELP!

PS: je ne pratique aucune activité illégale.

Autres pages sur : probleme malware spyware viruseffaceur resolu

8 Mars 2008 18:58:13

Bonjour,

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**
8 Mars 2008 20:34:50

Re, alors voici mon premier rapport :

SmitFraudFix v2.300

Rapport fait à 20:30:21,45, 08/03/2008
Executé à partir de C:\Documents and Settings\JohannV\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JohannV


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JohannV\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JohannV\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11a/b/g WLAN - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{44236785-0A88-4040-B6B0-7D00A849AE3F}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{44236785-0A88-4040-B6B0-7D00A849AE3F}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{44236785-0A88-4040-B6B0-7D00A849AE3F}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
Contenus similaires
8 Mars 2008 21:27:27

Re,

Alors voici mon rapport Hijacthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:54, on 08/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BMa7039e9e] Rundll32.exe "C:\WINDOWS\system32\yjejvmyy.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [System Patcher] BTCPatcher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkjkhi - jkkjkhi.dll (file missing)
O20 - Winlogon Notify: mljjghe - mljjghe.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 13273 bytes
9 Mars 2008 11:03:24

:hello: 

1) Télécharge SDFix (créé par AndyManchesta ) et sauvegarde le sur ton Bureau.
Guide d'utilisation : http://mickael.barroux.free.fr/securite/sdfix.php

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
    N.B.:
    - Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
    - Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

    2) Poste un nouveau rapport hijackthis :super:
    9 Mars 2008 19:52:42

    Salut,

    Alors voici d'abord mon rapport SDFix :

    SDFix: Version 1.154

    Run by JohannV on 09/03/2008 at 19:09

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\JohannV\Bureau\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-09 19:31:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
    "EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
    "CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:44,65,bc,81,89,3f,ad,21,9a,e2,d4,d6,a5,65,ad,6b,7f,76,84,81,a6,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:44,65,bc,81,89,3f,ad,21,9a,e2,d4,d6,a5,65,ad,6b,7f,76,84,81,a6,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2]
    "AB141C35E9F4BF344B9FC010BB17F68A"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\Registered"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
    "OfflineDetectionPending"=dword:00000001

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 4


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
    "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
    "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
    "C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
    "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
    "C:\\Program Files\\backburner 2\\monitor.exe"="C:\\Program Files\\backburner 2\\monitor.exe:*:Enabled:backburner 2.3 monitor"
    "C:\\Program Files\\backburner 2\\manager.exe"="C:\\Program Files\\backburner 2\\manager.exe:*:Enabled:backburner 2.3 manager"
    "C:\\Program Files\\backburner 2\\server.exe"="C:\\Program Files\\backburner 2\\server.exe:*:Enabled:backburner 2.3 server"
    "C:\\Program Files\\discreet\\combustion 4\\combustion.exe"="C:\\Program Files\\discreet\\combustion 4\\combustion.exe:*:Enabled:combustion"
    "C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"="C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe:*:Enabled:Maya"
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe:*:Enabled:Render Manager"
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe:*:Enabled:Studio"
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe:*:Enabled:p MSRegisterFile"
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe:*:Enabled:umi"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\DOCUME~1\JohannV\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Mon 4 Feb 2008 24 A.SH. --- "C:\WINDOWS\S2EC1F66B.tmp"
    Wed 27 Dec 2006 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
    Sat 19 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
    Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT6.tmp"
    Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITA.tmp"
    Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
    Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT7.tmp"
    Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT4.tmp"
    Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT4A.tmp"
    Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\598b3ea05d3c2f275520ea46f80fb98d\BIT61.tmp"
    Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\631bea423a2590540110f7e11fcbd692\BIT46.tmp"
    Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT9.tmp"
    Mon 21 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT2D.tmp"
    Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT5.tmp"
    Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT45.tmp"
    Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT8.tmp"
    Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\BIT50.tmp"
    Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7bd07c1089c2af7712a37e4bc06b52c1\download\BIT90.tmp"
    Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\download\BIT104.tmp"

    Finished!



    .............................................................................................................

    Et voici mon dernier rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:50:05, on 09/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [BMa7039e9e] Rundll32.exe "C:\WINDOWS\system32\yjejvmyy.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: jkkjkhi - jkkjkhi.dll (file missing)
    O20 - Winlogon Notify: mljjghe - mljjghe.dll (file missing)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 12954 bytes

    ..............................................................................................................

    NB: Merci de m'aider à résoudre ce problème.
    9 Mars 2008 20:47:57

    Re,


    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

    http://www.atribune.org/ccount/click.php?id=4

  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note:
    Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".

    Bonne soirée :hello: 
    10 Mars 2008 08:06:04

    Re,

    Alors j'ai lancer le scan comme tu la dit, mais Vundo n'a trouver aucun fichiers inffecter....

    Que faire ?

    Tchao
    10 Mars 2008 09:31:06

    :hello: 

    1) Affiche les fichiers et dossiers cachés …
    Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
    Ensuite, clique sur > Outils > Options des dossiers ...
    clique sur l' onglet « Affichage » et ...
    coche ---> Afficher les fichiers et dossiers cachés
    décoche > Masquer les extensions des fichiers dont le type est connu
    décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
    « Appliquer » et « OK ».

    2) Désactive toute protection résidente ( antivirus…) !

    Télécharge Combofix de sUBs :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofi...

    Redémarre en mode sans échecs : aide ici >>>

    http://forum.telecharger.01net.com/telecharger/virus_et...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    3) Copie/colle un nouveau rapport HiJackThis avec.
    10 Mars 2008 17:28:27

    Salut,

    Alors voici d'abord mon rapport COMBOFIX :

    ComboFix 08-03-09.4 - JohannV 2008-03-10 17:07:21.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.780 [GMT 1:00]
    Endroit: C:\Documents and Settings\JohannV\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BMa7039e9e.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\ihlchhje.dll
    C:\WINDOWS\system32\jiimrtpy.dll
    C:\WINDOWS\system32\jpcasepj.dll
    C:\WINDOWS\system32\jpesacpj.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\opotddmb.dll
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\vvvwa.ini2
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\yjejvmyy.dll
    C:\WINDOWS\system32\ynrnrltm.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\LEGACY_NPF
    -------\NPF


    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-10 08:01 . 2008-03-10 08:01 <REP> d-------- C:\VundoFix Backups
    2008-03-09 22:57 . 2008-03-10 12:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-09 22:57 . 2008-03-09 22:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-09 19:05 . 2008-03-09 19:05 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-09 10:31 . 2008-03-09 10:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
    2008-03-09 10:31 . 2008-03-09 10:31 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
    2008-03-09 10:31 . 2008-03-09 10:31 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
    2008-03-09 10:31 . 2008-03-09 10:31 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
    2008-03-09 10:31 . 2008-03-09 10:31 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
    2008-03-09 10:31 . 2008-03-09 11:22 219 --a------ C:\WINDOWS\system32\lsprst7.tgz
    2008-03-09 10:31 . 2008-03-09 11:22 205 --a------ C:\WINDOWS\system32\lsprst7.dll
    2008-03-09 10:31 . 2008-03-09 11:22 87 --a------ C:\WINDOWS\system32\ssprs.tgz
    2008-03-09 10:31 . 2008-03-09 11:22 73 --a------ C:\WINDOWS\system32\ssprs.dll
    2008-03-08 18:16 . 2008-03-08 18:16 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-07 23:18 . 2008-03-07 23:19 1,158 --a------ C:\WINDOWS\mozver.dat
    2008-03-07 22:14 . 2008-03-07 22:14 <REP> d-------- C:\Documents and Settings\JohannV\Application Data\Talkback
    2008-03-06 20:50 . 2008-03-06 20:50 <REP> d-------- C:\Presets
    2008-03-06 20:50 . 2008-03-06 20:50 36,868 --a------ C:\Program Files\uninst-Particular.exe
    2008-03-06 20:50 . 2008-03-06 20:50 36,868 --a------ C:\Program Files\uninst-Lux.exe
    2008-03-06 20:49 . 2008-03-06 20:50 <REP> d-------- C:\Program Files\Trapcode
    2008-03-06 20:49 . 2008-03-06 20:49 36,868 --a------ C:\Program Files\uninst-Echospace.exe
    2008-03-06 18:09 . 2008-03-06 20:32 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-03-06 17:59 . 2008-03-06 17:59 <REP> d-------- C:\Program Files\Windows Defender
    2008-03-06 17:35 . 2008-03-06 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-05 22:47 . 2008-03-05 22:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-05 20:17 . 2008-03-05 22:43 1,307,923 ---hs---- C:\WINDOWS\system32\vknhkcea.ini
    2008-03-05 10:46 . 2008-03-05 23:12 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-03-05 10:18 . 2008-03-05 20:06 1,303,138 ---hs---- C:\WINDOWS\system32\gqvymbaw.ini
    2008-03-05 10:15 . 2008-03-05 10:15 <REP> d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
    2008-03-05 10:15 . 2008-03-05 10:15 <REP> d--hs---- C:\Documents and Settings\NetworkService\Historique
    2008-03-05 00:00 . 2008-03-05 10:15 1,302,898 ---hs---- C:\WINDOWS\system32\caounjxg.ini
    2008-03-03 22:06 . 2008-03-03 22:06 268 --ah----- C:\sqmdata03.sqm
    2008-03-03 22:06 . 2008-03-03 22:06 244 --ah----- C:\sqmnoopt03.sqm
    2008-03-01 11:29 . 2008-03-01 11:29 <REP> d-------- C:\Program Files\Real
    2008-03-01 11:29 . 2008-03-01 11:29 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-03-01 11:29 . 2008-03-01 11:29 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-02-28 21:12 . 2004-07-02 17:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
    2008-02-28 21:10 . 2007-01-04 10:07 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
    2008-02-28 21:10 . 2005-02-09 12:59 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
    2008-02-28 21:07 . 2008-02-28 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
    2008-02-28 21:06 . 2008-03-06 16:01 <REP> d-------- C:\Program Files\Pinnacle
    2008-02-28 20:59 . 2008-02-28 21:00 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-02-28 20:51 . 2008-02-28 21:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-02-25 18:55 . 2008-02-25 18:55 <REP> d-------- C:\Documents and Settings\JohannV\Application Data\Microsoft Game Studios
    2008-02-24 14:02 . 2008-02-24 14:02 <REP> d-------- C:\Documents and Settings\JohannV\Application Data\AVS Video Converter
    2008-02-24 13:55 . 2008-02-24 13:56 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
    2008-02-24 13:55 . 2008-02-24 13:55 <REP> d-------- C:\Program Files\AVSMedia
    2008-02-24 13:55 . 2003-05-22 12:26 638,976 --a------ C:\WINDOWS\system32\divx.dll
    2008-02-24 13:55 . 2002-08-20 00:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
    2008-02-24 13:55 . 2003-05-21 23:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
    2008-02-24 13:55 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
    2008-02-24 13:55 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
    2008-02-24 13:55 . 2004-02-04 21:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
    2008-02-24 13:55 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
    2008-02-24 13:55 . 2003-05-21 23:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
    2008-02-24 13:55 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
    2008-02-18 07:23 . 2008-03-06 17:46 <REP> d-------- C:\Program Files\EA GAMES
    2008-02-18 00:24 . 2008-02-18 00:24 268 --ah----- C:\sqmdata02.sqm
    2008-02-18 00:24 . 2008-02-18 00:24 244 --ah----- C:\sqmnoopt02.sqm
    2008-02-13 12:48 . 2008-02-13 12:44 <REP> d-------- C:\Documents and Settings\JohannV\Application Data\Dossier de t‚l‚chargement Share-to-Web
    2008-02-13 12:45 . 2008-02-13 12:45 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
    2008-02-13 12:44 . 2008-02-13 12:44 <REP> d-------- C:\Documents and Settings\JohannV\Application Data\Dossier de t‚l‚chargement Share-to-Web
    2008-02-13 12:27 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-02-13 12:27 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-02-11 20:51 . 2008-02-11 20:51 <REP> d-------- C:\WINDOWS\Evil Dead - Hail to the King

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-10 11:30 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-03-09 20:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-06 17:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-06 16:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-06 15:09 --------- d-----w C:\Program Files\Google
    2008-02-25 08:30 --------- d-----w C:\Documents and Settings\JohannV\Application Data\HP
    2008-02-21 21:14 --------- d-----w C:\Documents and Settings\JohannV\Application Data\Skype
    2008-02-21 20:30 --------- d-----w C:\Documents and Settings\JohannV\Application Data\skypePM
    2008-02-17 08:38 --------- d-----w C:\Program Files\7-Zip
    2008-02-14 12:29 --------- d-----w C:\Documents and Settings\JohannV\Application Data\combustion4
    2008-02-13 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-02-13 11:48 --------- d-----w C:\Documents and Settings\JohannV\Application Data\Dossier de téléchargement Share-to-Web
    2008-02-13 11:44 --------- d-----w C:\Documents and Settings\JohannV\Application Data\Dossier de téléchargement Share-to-Web
    2008-02-13 11:43 --------- d-----w C:\Program Files\HP
    2008-02-09 18:12 --------- d-----w C:\Program Files\Microsoft Games
    2008-02-09 16:31 --------- d-----w C:\Program Files\Microsoft Works
    2008-02-09 16:29 --------- d-----w C:\Program Files\Microsoft.NET
    2008-02-09 11:22 --------- d-----w C:\Documents and Settings\JohannV\Application Data\vlc
    2008-02-06 21:58 --------- d-----w C:\Program Files\FLAC
    2008-02-06 17:22 --------- d-----w C:\Documents and Settings\JohannV\Application Data\Nero
    2008-02-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-02-06 17:16 --------- d-----w C:\Program Files\Nero
    2008-02-06 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-02-05 18:17 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-02-05 17:18 --------- d-----w C:\Documents and Settings\JohannV\Application Data\Sonic
    2008-02-05 17:18 --------- d-----w C:\Documents and Settings\JohannV\Application Data\Leadertech
    2008-02-03 18:06 468 ----a-w C:\Documents and Settings\JohannV\Application Data\wklnhst.dat
    2008-01-29 19:08 --------- d-----w C:\Program Files\Ubisoft
    2008-01-28 19:37 --------- d-----w C:\Documents and Settings\JohannV\Application Data\Template
    2008-01-27 19:44 --------- d--h--w C:\Program Files\Zero G Registry
    2008-01-27 19:44 --------- d-----w C:\Program Files\Pixologic
    2008-01-27 19:44 --------- d-----w C:\Program Files\Fichiers communs\element5 Shared
    2008-01-27 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\element5
    2008-01-25 21:04 --------- d-----w C:\Program Files\Skype
    2008-01-25 18:42 --------- d-----w C:\Documents and Settings\JohannV\Application Data\FlashFXP
    2008-01-23 17:13 --------- d-----w C:\Program Files\Samsung
    2008-01-22 12:58 --------- d-----w C:\Documents and Settings\JohannV\Application Data\CyberLink
    2008-01-22 07:48 --------- d-----w C:\Program Files\WinPcap
    2008-01-22 07:46 --------- d-----w C:\Program Files\discreet
    2008-01-22 07:44 --------- d-----w C:\Program Files\Autodesk
    2008-01-21 16:58 --------- d-----w C:\Documents and Settings\JohannV\Application Data\Ahead
    2008-01-21 16:56 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2008-01-20 17:36 --------- d-----w C:\Program Files\LucasArts
    2008-01-20 17:14 --------- d-----w C:\Program Files\Image-Line
    2008-01-20 17:13 --------- d-----w C:\Program Files\VstPlugins
    2008-01-20 15:55 --------- d-----w C:\Documents and Settings\JohannV\Application Data\Thunderbird
    2008-01-20 15:52 --------- d-----w C:\Program Files\MediaMonkey
    2008-01-20 11:40 --------- d-----w C:\Program Files\e-on software
    2008-01-20 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\discreet
    2008-01-20 11:09 --------- d-----w C:\Program Files\backburner 2
    2008-01-20 11:01 --------- d-----w C:\Documents and Settings\JohannV\Application Data\DAEMON Tools
    2008-01-20 10:43 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-20 10:39 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-01-20 10:26 --------- d-----w C:\Documents and Settings\JohannV\Application Data\SmartFTP
    2008-01-20 10:23 --------- d-----w C:\Program Files\QuickTime
    2008-01-20 10:21 --------- d-----w C:\Program Files\Bonjour
    2008-01-20 10:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-20 10:19 --------- d-----w C:\Documents and Settings\JohannV\Application Data\Apple Computer
    2008-01-20 10:04 --------- d-----w C:\Program Files\Lavalys
    2008-01-20 10:00 --------- d-----w C:\Program Files\Illustrate
    2008-01-19 18:48 --------- d-----w C:\Program Files\Fichiers communs\Alias Shared
    2008-01-19 18:47 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
    2008-01-19 18:46 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
    2008-01-19 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
    2008-01-19 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-01-19 17:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-01-19 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-01-19 17:29 --------- d-----w C:\Program Files\Fichiers communs\Control Panels
    2008-01-19 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
    2008-01-19 16:48 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-01-19 16:32 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-01-19 16:30 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2008-01-19 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2008-01-19 16:23 --------- d-----w C:\Program Files\SLD Codec Pack
    2008-01-19 16:19 --------- d-----w C:\Program Files\CCleaner
    2008-01-19 16:18 --------- d-----w C:\Program Files\VideoLAN
    2008-01-19 16:12 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-19 16:12 --------- d-----w C:\Program Files\Windows Live
    2008-01-19 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-19 14:21 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-19 14:19 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-19 08:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-01-19 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-19 08:20 --------- d-----w C:\Program Files\Alwil Software
    2008-01-19 08:19 --------- d-----w C:\Program Files\Java
    2008-01-19 06:26 --------- d-----w C:\Program Files\Windows Plus
    2008-01-19 06:26 --------- d-----w C:\Program Files\Synaptics
    2008-01-19 06:26 --------- d-----w C:\Program Files\Sonic
    2008-01-19 06:26 --------- d-----w C:\Program Files\Services en ligne
    2008-01-19 06:25 --------- d-----w C:\Program Files\NetWaiting
    2008-01-19 06:25 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-19 06:24 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-01-19 06:23 --------- d-----w C:\Program Files\GemMasterFrench
    2008-01-19 06:23 --------- d-----w C:\Program Files\FrenchOtto
    2008-01-19 06:23 --------- d-----w C:\Program Files\Fichiers communs\TiVo Shared
    2008-01-19 06:23 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
    2008-01-19 06:23 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2008-01-19 06:23 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-01-19 06:23 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 05:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
    "LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [ ]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58 458752]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 09:00 7585792]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 09:00 86016]
    "nwiz"="nwiz.exe" [2006-08-18 09:00 1617920 C:\WINDOWS\system32\nwiz.exe]
    "MsmqIntCert"="regsvr32 /s mqrt.dll" []
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 06:01 761946]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 20:55 102400]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
    "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 15:02 40960]
    "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-20 11:23 155648]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-01 11:29 185896]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-25 05:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjkhi]
    jkkjkhi.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjghe]
    mljjghe.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\mqsvc.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "C:\\Program Files\\backburner 2\\monitor.exe"=
    "C:\\Program Files\\backburner 2\\manager.exe"=
    "C:\\Program Files\\backburner 2\\server.exe"=
    "C:\\Program Files\\discreet\\combustion 4\\combustion.exe"=
    "C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1055:TCP"= 1055:TCP:D iscreet BrowseD
    "1066:TCP"= 1066:TCP:D iscreet Slave Render

    R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 21:39]
    R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 00:49]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0370341e-d40a-11dc-9375-001b244fbf86}]
    \Shell\AutoRun\command - F:\Setupx.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34ef1851-e771-11dc-93a3-001b244fbf86}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3071db2-dde9-11dc-938f-001b244fbf86}]
    \Shell\AutoRun\command - F:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b56d767c-c760-11dc-9356-001b244fbf86}]
    \Shell\AutoRun\command - F:\autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-10 16:16:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-10 17:14:07
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???0d??????Y?@?????<?@

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\msdtc.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-10 17:18:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-10 16:18:14
    .
    2008-03-09 18:02:49 --- E O F ---



    ..............................................................................................................

    Et voici mon rapport HIJACKTHIS :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:27:21, on 10/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: jkkjkhi - jkkjkhi.dll (file missing)
    O20 - Winlogon Notify: mljjghe - mljjghe.dll (file missing)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 12477 bytes
    10 Mars 2008 17:40:46

    Re,

    Fais analyser ce(s) fichier(s) sur VirusTotal :

    Citation :
    C:\WINDOWS\system32\sysprs7.dll
    C:\WINDOWS\system32\clauth2.dll
    C:\WINDOWS\system32\lsprst7.dll
    C:\WINDOWS\system32\ssprs.dll


    ici: http://www.virustotal.com/fr/

    Tutorial ici : http://bibou0007.com/tutos-f45/tutorial-sur-virustotal-...

    Une fois sur le site, faites "Parcourir", Naviguez dans l'explorateur Windows, jusqu'à trouver le fichier concerné, une fois le fichier trouvé, faites "Ouvrir". Puis cliquez sur "Envoyer le fichier".

    Patientez pendant la file d'attente et le temps de l'analyse du fichier...


    Une fois le scan du fichier fini, copiez-moi tous les résultats de tous les Antivirus, et collez les dans votre prochaine réponse
    10 Mars 2008 20:21:46

    Re, voila les résultats des analyses des 4 fichiers

    1er fichier : ssprs.dll

    Fichier ssprs.dll reçu le 2007.11.20 01:42:45 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - -
    AntiVir - - -
    Authentium - - -
    Avast - - -
    AVG - - -
    BitDefender - - -
    CAT-QuickHeal - - -
    ClamAV - - -
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - -
    FileAdvisor - - -
    Fortinet - - -
    F-Prot - - -
    F-Secure - - -
    Ikarus - - -
    Kaspersky - - -
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - -
    Prevx1 - - -
    Rising - - -
    Sophos - - -
    Sunbelt - - -
    Symantec - - -
    TheHacker - - -
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - BlockReason.0

    Information additionnelle
    MD5: 4aa1108231e158a00afbde5c719e54ee
    SHA1: 958a051c7f12ccf5739296b82b6b2091fb145d93
    SHA256: 51aa3a37ef0b45ef4276f239865c0fa67d047d4777e36a2ebf3c1b09ba09b3af
    SHA512: 94d7fe2617b3df707cfa99077649540b19fb6b4bc3a1e21f70f14a6a364bbe55 7f45aef4bb6e9c2d0a4f4f100ab65b66009ee08fbae5efb9138f3077fb57d8c4

    2ème fichier : clauth2.dll

    Fichier clauth2.dll reçu le 2008.03.10 20:05:33 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.3.4.0 2008.03.10 -
    AntiVir 7.6.0.73 2008.03.10 -
    Authentium 4.93.8 2008.03.07 -
    Avast 4.7.1098.0 2008.03.09 -
    AVG 7.5.0.516 2008.03.10 -
    BitDefender 7.2 2008.03.10 -
    CAT-QuickHeal 9.50 2008.03.08 -
    ClamAV 0.92.1 2008.03.10 -
    DrWeb 4.44.0.09170 2008.03.10 -
    eSafe 7.0.15.0 2008.03.09 -
    eTrust-Vet 31.3.5597 2008.03.07 -
    Ewido 4.0 2008.03.10 -
    FileAdvisor 1 2008.03.10 -
    Fortinet 3.14.0.0 2008.03.10 -
    F-Prot 4.4.2.54 2008.03.09 -
    F-Secure 6.70.13260.0 2008.03.10 -
    Ikarus T3.1.1.20 2008.03.10 -
    Kaspersky 7.0.0.125 2008.03.10 -
    McAfee 5248 2008.03.10 -
    Microsoft 1.3301 2008.03.10 -
    NOD32v2 2935 2008.03.10 -
    Norman 5.80.02 2008.03.10 -
    Panda 9.0.0.4 2008.03.10 -
    Prevx1 V2 2008.03.10 -
    Rising 20.35.02.00 2008.03.10 -
    Sophos 4.27.0 2008.03.10 -
    Sunbelt 3.0.930.0 2008.03.05 -
    Symantec 10 2008.03.10 -
    TheHacker 6.2.92.239 2008.03.09 -
    VBA32 3.12.6.2 2008.03.05 -
    VirusBuster 4.3.26:9 2008.03.10 -
    Webwasher-Gateway 6.6.2 2008.03.10 -

    Information additionnelle
    File size: 1025 bytes
    MD5: 0124ff602cf32f498487c322024fae79
    SHA1: 3e37f54314eb5661bf65aaffaf484aaf05e416f2
    PEiD: -

    3ème fichier : lsprst7.dll

    Fichier lsprst7.dll_ reçu le 2008.03.10 20:15:14 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.3.4.0 2008.03.10 -
    AntiVir 7.6.0.73 2008.03.10 -
    Authentium 4.93.8 2008.03.07 -
    Avast 4.7.1098.0 2008.03.09 -
    AVG 7.5.0.516 2008.03.10 -
    BitDefender 7.2 2008.03.10 -
    CAT-QuickHeal 9.50 2008.03.08 -
    ClamAV 0.92.1 2008.03.10 -
    DrWeb 4.44.0.09170 2008.03.10 -
    eSafe 7.0.15.0 2008.03.09 -
    eTrust-Vet 31.3.5597 2008.03.07 -
    Ewido 4.0 2008.03.10 -
    FileAdvisor 1 2008.03.10 -
    Fortinet 3.14.0.0 2008.03.10 -
    F-Prot 4.4.2.54 2008.03.09 -
    F-Secure 6.70.13260.0 2008.03.10 -
    Ikarus T3.1.1.20 2008.03.10 -
    Kaspersky 7.0.0.125 2008.03.10 -
    McAfee 5248 2008.03.10 -
    Microsoft 1.3301 2008.03.10 -
    NOD32v2 2935 2008.03.10 -
    Norman 5.80.02 2008.03.10 -
    Panda 9.0.0.4 2008.03.10 -
    Prevx1 V2 2008.03.10 -
    Rising 20.35.02.00 2008.03.10 -
    Sophos 4.27.0 2008.03.10 -
    Sunbelt 3.0.930.0 2008.03.05 -
    Symantec 10 2008.03.10 -
    TheHacker 6.2.92.239 2008.03.09 -
    VBA32 3.12.6.2 2008.03.05 -
    VirusBuster 4.3.26:9 2008.03.10 -
    Webwasher-Gateway 6.6.2 2008.03.10 -

    Information additionnelle
    File size: 205 bytes
    MD5: 6b1daaf8219e395294bc068c0b836bbf
    SHA1: 163f1b519f3e59f905fb5310c8ec4aa135c7e6b2
    PEiD: -


    4ème fichier : sysprs7.dll

    Fichier sysprs7.dll reçu le 2008.03.10 19:53:45 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.3.4.0 2008.03.10 -
    AntiVir 7.6.0.73 2008.03.10 -
    Authentium 4.93.8 2008.03.07 -
    Avast 4.7.1098.0 2008.03.09 -
    AVG 7.5.0.516 2008.03.10 -
    BitDefender 7.2 2008.03.10 -
    CAT-QuickHeal 9.50 2008.03.08 -
    ClamAV 0.92.1 2008.03.10 -
    DrWeb 4.44.0.09170 2008.03.10 -
    eSafe 7.0.15.0 2008.03.09 -
    eTrust-Vet 31.3.5597 2008.03.07 -
    Ewido 4.0 2008.03.10 -
    FileAdvisor 1 2008.03.10 -
    Fortinet 3.14.0.0 2008.03.10 -
    F-Prot 4.4.2.54 2008.03.09 -
    F-Secure 6.70.13260.0 2008.03.10 -
    Ikarus T3.1.1.20 2008.03.10 -
    Kaspersky 7.0.0.125 2008.03.10 -
    McAfee 5248 2008.03.10 -
    Microsoft 1.3301 2008.03.10 -
    NOD32v2 2935 2008.03.10 -
    Norman 5.80.02 2008.03.10 -
    Panda 9.0.0.4 2008.03.10 -
    Rising 20.35.02.00 2008.03.10 -
    Sophos 4.27.0 2008.03.10 -
    Sunbelt 3.0.930.0 2008.03.05 -
    Symantec 10 2008.03.10 -
    TheHacker 6.2.92.239 2008.03.09 -
    VBA32 3.12.6.2 2008.03.05 -
    VirusBuster 4.3.26:9 2008.03.10 -
    Webwasher-Gateway 6.6.2 2008.03.10 -

    Information additionnelle
    File size: 1025 bytes
    MD5: 76aeeb5643f3e6c49ed06f483509b86a
    SHA1: caf78e2c688be60f168e4d1a9bc02e479ee7b3fd
    PEiD: -



    10 Mars 2008 22:42:47

    :hello: 

    1) Relance Vundofix

    * Ne clique pas sur Scan for a vundo"
    * Clique droit au milieux de la fenêtre
    * Clique sur Add more files ?
    * Copie/colle les fichiers ci-dessous ( un par case) :

    Citation :
    C:\WINDOWS\system32\vknhkcea.ini
    C:\WINDOWS\system32\gqvymbaw.ini
    C:\WINDOWS\system32\caounjxg.ini


    * Clique sur "Add files"
    * Ensuite clique sur Close Windows
    * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    * Si l'outils demande un redémarrage, accepte
    * Poste le rapport Vundofix

    2) Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
    NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.
    11 Mars 2008 17:41:35

    Salut,

    voici mon rapport extra.txt :

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professionnel (build 2600) SP 2.0
    Architecture: X86; Language: French

    CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-50
    CPU 1: AMD Turion(tm) 64 X2 Mobile Technology TL-50
    Percentage of Memory in Use: 46%
    Physical Memory (total/avail): 1022.54 MiB / 549.85 MiB
    Pagefile Memory (total/avail): 2460.38 MiB / 2103.13 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1925.27 MiB

    C: is Fixed (NTFS) - 102.53 GiB total, 21.14 GiB free.
    D: is Fixed (FAT32) - 8.24 GiB total, 1.32 GiB free.
    E: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - FUJITSU MHV2120BH PL - 111.79 GiB - 3 partitions
    \PARTITION0 (bootable) - Système de fichiers installable - 102.53 GiB - C:
    \PARTITION1 - Unknown - 8.26 GiB - D:
    \PARTITION2 - Unknown - 1027.56 MiB



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.

    AV: avast! antivirus 4.7.1098 [VPS 080311-0] v4.7.1098 (ALWIL Software)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
    "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
    "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
    "C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
    "C:\\Program Files\\backburner 2\\monitor.exe"="C:\\Program Files\\backburner 2\\monitor.exe:*:Enabled:backburner 2.3 monitor"
    "C:\\Program Files\\backburner 2\\manager.exe"="C:\\Program Files\\backburner 2\\manager.exe:*:Enabled:backburner 2.3 manager"
    "C:\\Program Files\\backburner 2\\server.exe"="C:\\Program Files\\backburner 2\\server.exe:*:Enabled:backburner 2.3 server"
    "C:\\Program Files\\discreet\\combustion 4\\combustion.exe"="C:\\Program Files\\discreet\\combustion 4\\combustion.exe:*:Enabled:combustion"
    "C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"="C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe:*:Enabled:Maya"
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\JohannV\Application Data
    CLASSPATH=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Fichiers communs
    COMPUTERNAME=DEXTER
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\JohannV
    LOGONSERVER=\\DEXTER
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Autodesk\Maya8.5\bin;C:\Program Files\Autodesk\Backburner;C:\Program Files\Fichiers communs\Autodesk Shared;C:\Program Files\Bonjour;C:\Program Files\QuickTime\QTSystem;C:\Program Files\backburner 2;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PCTYPE=PAVILION
    PLATFORM=MCD
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=4802
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SonicCentral=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\JohannV\LOCALS~1\Temp
    TMP=C:\DOCUME~1\JohannV\LOCALS~1\Temp
    USERDOMAIN=DEXTER
    USERNAME=JohannV
    USERPROFILE=C:\Documents and Settings\JohannV
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    JohannV (admin)
    Administrateur (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
    517142 - ZBrush (Windows) (Shared Components) --> C:\Program Files\Fichiers communs\element5 Shared\Uninstall\517142 ZBrush Windows\B1FFA000\UninstApplet.exe /uninstall
    Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
    Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
    Adobe After Effects CS3 Third Party Content --> C:\Program Files\Fichiers communs\Adobe\Installers\3675c95c239b992d5d0ee8fce969b9e\Setup.exe
    Adobe After Effects CS3 Third Party Content --> MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
    Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Audition 3.0 --> msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
    Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
    Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
    Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
    Adobe Contribute CS3 --> MsiExec.exe /I{F84ADE4E-9220-4324-994D-801EDD9DD251}
    Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA}
    Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe Dreamweaver CS3 --> MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B}
    Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
    Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
    Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
    Adobe Fireworks CS3 --> MsiExec.exe /I{21C4D775-368A-46C4-8DC3-4207165B7115}
    Adobe Flash CS3 --> MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}
    Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
    Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Video Encoder --> MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
    Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
    Adobe Illustrator CS3 --> MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}
    Adobe InDesign CS3 --> MsiExec.exe /I{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}
    Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
    Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
    Adobe OnLocation CS3 --> C:\Program Files\InstallShield Installation Information\{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}\setup.exe -runfromtemp -l0x040c
    Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3 --> MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
    Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
    Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
    Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
    Adobe Reader 8.1.0 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
    Adobe Setup --> MsiExec.exe /I{004685F7-9FB6-4789-812F-59ABB34A55AF}
    Adobe Setup --> MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
    Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
    Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
    Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
    Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
    Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
    Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
    AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
    Ajouter ou supprimer Adobe Creative Suite 3 Master Collection --> C:\Program Files\Fichiers communs\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe
    Amélioration de nos services --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1036
    Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
    Autodesk 3ds Max 9 32-bit --> MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
    Autodesk DirectConnect 2.0 --> MsiExec.exe /I{28C74612-2C48-4421-BF67-3949CD90748E}
    Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
    avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    AVS Video Converter 4.3.1.371 --> "C:\Program Files\AVSMedia\VideoConverter4\unins000.exe"
    Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
    backburner 2.3 --> MsiExec.exe /I{805A148C-045F-45D9-B837-BAA678DDA212}
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
    combustion 4 --> C:\WINDOWS\unvise32.exe C:\Program Files\discreet\combustion 4\uninstal.log
    Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
    Connexion Facile à Internet --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036
    Correctif n° 2 pour Windows XP Édition Media Center 2005 -->
    Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB888795) -->
    Correctif pour Windows XP (KB891593) -->
    Correctif pour Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB899337) -->
    Correctif pour Windows XP (KB899510) -->
    Correctif pour Windows XP (KB902841) -->
    Correctif pour Windows XP (KB909095) --> "C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB910728) --> "C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB912436) --> "C:\WINDOWS\$NtUninstallKB912436$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB918005) --> "C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"
    Correctif Windows XP - KB873333 -->
    Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB883667 -->
    Correctif Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB885855 --> C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
    Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Correctif Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
    Correctif Windows XP - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB890546 --> C:\WINDOWS\$NtUninstallKB890546$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Correctif Windows XP - KB891220 --> C:\WINDOWS\$NtUninstallKB891220$\spuninst\spuninst.exe
    Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Correctif Windows XP - KB892559 --> "C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe"
    Correctif Windows XP - KB895961 -->
    dBpowerAMP FLAC Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
    dBpowerAMP mp3PRO Input Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP mp3PRO Input Codec.dat
    dBpowerAMP Mp4 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
    dBpoweramp Musepack Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Musepack Codec.dat
    dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
    dBpowerAMP WMA V9 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
    dMC mp3PRO (CLI) Encoder --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dMC mp3PRO (CLI) Encoder.dat
    EVEREST Corporate Edition v4.20 --> "C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
    FBX Plugin 2006.08 for Max 9.0 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
    FL Studio 6 --> C:\Program Files\Image-Line\FL Studio 6\uninstall.exe
    FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
    GemMaster Mystic --> "C:\Program Files\GemMasterFrench\uninstallgemmaster.exe"
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Help and Support --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly
    HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c -removeonly uninst
    HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
    HP Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
    HP User Guides 0032 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E276E05A-FFE8-485B-A005-42E76EA72AC4}\Setup.exe" -l0x40c -removeonly
    HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x40c hpquninst
    IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
    J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Leech (3.3.2) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Leech\Uninst.isu"
    LIVE gaming on Windows Runtime Version 1.0.6027 --> MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
    Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
    Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
    Maya 8.5 --> MsiExec.exe /I{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}
    Maya 8.5 Documentation (en_US) --> MsiExec.exe /I{81525B87-9344-4834-883C-C6A9D78EA1DF}
    MediaMonkey 3.0 --> "C:\Program Files\MediaMonkey\unins000.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
    Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007 --> "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works --> MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Mise à jour pour Lecteur Windows Media 10 (KB910393) --> "C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
    Mise à jour pour Lecteur Windows Media 10 (KB913800) --> "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB894391) -->
    Mise à jour pour Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB911164) --> "C:\WINDOWS\$NtUninstallKB911164$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB912945) -->
    Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
    Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}
    NetWaiting --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel
    NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    Otto --> "C:\Program Files\FrenchOtto\uninstallotto.exe"
    PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    QuickTime --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD} /l1036
    RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Samsung Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung\SSM_Uninstall.exe
    Samsung PC Studio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
    Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
    Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SLD Codec Pack --> C:\Program Files\SLD Codec Pack\uninstall.exe
    Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
    Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
    SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
    Star Wars(TM): Knights of the Old Republic (TM) --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x40c
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Trapcode 3DStroke --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcode3Dstroke.log
    Trapcode Shine --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeShine.log
    Trapcode Starglow --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeStarglow.log
    Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
    VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Vue 5 Esprit --> C:\Program Files\e-on software\Vue 5 Esprit\Uninstall.exe
    Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
    WinPcap 3.0 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
    ZBrush2 --> "C:\Program Files\Pixologic\ZBrush2\UninstallerData\Uninstall ZBrush2.exe"


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type1988 / Error
    Event Submitted/Written: 03/11/2008 04:52:36 PM
    Event ID/Source: 2 / RaySat_3dsmax9_32 Server
    Event Description:
    (1632) getservbyname: Le nom demandé est valide et a été trouvé dans la base de données, mais il ne dispose pas des données associées recherchées. (0x2afc)

    Event Record #/Type1982 / Warning
    Event Submitted/Written: 03/11/2008 08:13:49 AM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.

    Event Record #/Type1976 / Error
    Event Submitted/Written: 03/11/2008 08:09:03 AM
    Event ID/Source: 2 / RaySat_3dsmax9_32 Server
    Event Description:
    (1632) getservbyname: Le nom demandé est valide et a été trouvé dans la base de données, mais il ne dispose pas des données associées recherchées. (0x2afc)

    Event Record #/Type1970 / Warning
    Event Submitted/Written: 03/10/2008 11:39:51 PM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.

    Event Record #/Type1964 / Error
    Event Submitted/Written: 03/10/2008 11:27:30 PM
    Event ID/Source: 2 / RaySat_3dsmax9_32 Server
    Event Description:
    (1632) getservbyname: Le nom demandé est valide et a été trouvé dans la base de données, mais il ne dispose pas des données associées recherchées. (0x2afc)



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type5342 / Warning
    Event Submitted/Written: 03/11/2008 05:32:16 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %DEXTER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DEXTER27 can't undo changes that you allow.

    For more information please see the following:
    %DEXTER275

    Scan ID: {45B76173-10D5-4C20-AD39-68D4BA2B97D5}

    User: DEXTER\JohannV

    Name: %DEXTER271

    ID: %DEXTER272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %DEXTER276

    Alert Type: %DEXTER278

    Detection Type: 1.1.1593.02

    Event Record #/Type5341 / Warning
    Event Submitted/Written: 03/11/2008 05:32:16 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %DEXTER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DEXTER27 can't undo changes that you allow.

    For more information please see the following:
    %DEXTER275

    Scan ID: {0078FE56-ECD9-4211-B355-7A387A7CE09A}

    User: DEXTER\JohannV

    Name: %DEXTER271

    ID: %DEXTER272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %DEXTER276

    Alert Type: %DEXTER278

    Detection Type: 1.1.1593.02

    Event Record #/Type5340 / Warning
    Event Submitted/Written: 03/11/2008 05:32:16 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %DEXTER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DEXTER27 can't undo changes that you allow.

    For more information please see the following:
    %DEXTER275

    Scan ID: {0B63E5EC-C52B-46BE-A621-C12D9F811B83}

    User: DEXTER\JohannV

    Name: %DEXTER271

    ID: %DEXTER272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %DEXTER276

    Alert Type: %DEXTER278

    Detection Type: 1.1.1593.02

    Event Record #/Type5339 / Warning
    Event Submitted/Written: 03/11/2008 05:32:13 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %DEXTER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DEXTER27 can't undo changes that you allow.

    For more information please see the following:
    %DEXTER275

    Scan ID: {2E49EDF1-9B6E-4D18-B97F-1E78DBB67EED}

    User: DEXTER\JohannV

    Name: %DEXTER271

    ID: %DEXTER272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %DEXTER276

    Alert Type: %DEXTER278

    Detection Type: 1.1.1593.02

    Event Record #/Type5338 / Warning
    Event Submitted/Written: 03/11/2008 05:32:13 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %DEXTER27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DEXTER27 can't undo changes that you allow.

    For more information please see the following:
    %DEXTER275

    Scan ID: {87BBDA76-A48E-4974-8945-1503B251A6BE}

    User: DEXTER\JohannV

    Name: %DEXTER271

    ID: %DEXTER272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %DEXTER276

    Alert Type: %DEXTER278

    Detection Type: 1.1.1593.02



    -- End of Deckard's System Scanner: finished at 2008-03-11 17:32:30 ------------

    ..............................................................................................................

    Et voici mon rapport main.txt

    Deckard's System Scanner v20071014.68
    Run by JohannV on 2008-03-11 17:29:55
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    93: 2008-03-11 16:30:03 UTC - RP135 - Deckard's System Scanner Restore Point
    92: 2008-03-10 18:29:28 UTC - RP134 - Point de vérification système
    91: 2008-03-09 18:01:47 UTC - RP133 - Software Distribution Service 3.0
    90: 2008-03-08 11:57:08 UTC - RP132 - Software Distribution Service 3.0
    89: 2008-03-08 11:55:56 UTC - RP131 - Windows Internet Explorer 7 installé.


    -- First Restore Point --
    1: 2008-03-01 10:04:21 UTC - RP43 - Installé Star Wars(TM): Knights of the Old Republic (TM)


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as JohannV.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:32:02, on 11/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Documents and Settings\JohannV\Bureau\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\JohannV.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: jkkjkhi - jkkjkhi.dll (file missing)
    O20 - Winlogon Notify: mljjghe - mljjghe.dll (file missing)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 12485 bytes

    -- File Associations -----------------------------------------------------------

    .js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
    .js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
    R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
    R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

    S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
    S3 catchme - c:\docume~1\johannv\locals~1\temp\catchme.sys (file missing)
    S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
    S3 ssm_bus (Samsung Mobile USB Device II 1.0 driver (WDM)) - c:\windows\system32\drivers\ssm_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device II 1.0>
    S3 ssm_mdfl (Samsung Mobile USB Modem II 1.0 Filter) - c:\windows\system32\drivers\ssm_mdfl.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0 Filter Driver>
    S3 ssm_mdm (Samsung Mobile USB Modem II 1.0 Drivers) - c:\windows\system32\drivers\ssm_mdm.sys <Not Verified; MCCI; Samsung Mobile USB Modem II 1.0>
    S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Autodesk Licensing Service - "c:\program files\fichiers communs\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
    R2 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
    R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
    R3 FLEXnet Licensing Service - "c:\program files\fichiers communs\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

    S2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
    S2 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
    S3 License Management Service ESD - "c:\program files\fichiers communs\element5 shared\service\licence manager esd.exe"
    S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini"


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-03-11 16:55:17 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


    -- Files created between 2008-02-11 and 2008-03-11 -----------------------------

    2008-03-10 20:45:24 0 dr-h----- C:\Documents and Settings\JohannV\Recent
    2008-03-10 17:06:46 68096 --a------ C:\WINDOWS\system32\zip.exe
    2008-03-10 17:06:46 98816 --a------ C:\WINDOWS\system32\sed.exe
    2008-03-10 17:06:46 80412 --a------ C:\WINDOWS\system32\grep.exe
    2008-03-10 17:06:46 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-03-10 08:01:25 0 d-------- C:\VundoFix Backups
    2008-03-09 19:05:25 0 d-------- C:\WINDOWS\ERUNT
    2008-03-09 10:31:27 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
    2008-03-09 10:31:27 73 --a------ C:\WINDOWS\system32\ssprs.dll
    2008-03-09 10:31:27 205 --a------ C:\WINDOWS\system32\lsprst7.dll
    2008-03-09 10:31:27 1025 --a------ C:\WINDOWS\system32\clauth2.dll
    2008-03-09 10:31:27 1025 --a------ C:\WINDOWS\system32\clauth1.dll
    2008-03-09 10:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
    2008-03-08 20:30:28 5208 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-08 20:30:02 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-08 20:30:02 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2008-03-08 20:30:02 86016 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-03-08 20:30:02 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2008-03-08 20:30:02 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2008-03-08 20:30:02 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2008-03-08 20:30:02 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-08 18:16:42 0 d-------- C:\Program Files\Trend Micro
    2008-03-07 23:18:57 1158 --a------ C:\WINDOWS\mozver.dat
    2008-03-07 22:14:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
    2008-03-07 22:14:08 0 d-------- C:\Documents and Settings\JohannV\Application Data\Talkback
    2008-03-07 22:13:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Mozilla
    2008-03-06 20:50:36 36868 --a------ C:\Program Files\uninst-Particular.exe
    2008-03-06 20:50:36 0 d-------- C:\Presets
    2008-03-06 20:50:07 36868 --a------ C:\Program Files\uninst-Lux.exe
    2008-03-06 20:49:16 36868 --a------ C:\Program Files\uninst-Echospace.exe
    2008-03-06 20:49:16 0 d-------- C:\Program Files\Trapcode
    2008-03-06 18:09:31 0 d-------- C:\WINDOWS\BDOSCAN8
    2008-03-06 17:59:25 0 d-------- C:\Program Files\Windows Defender
    2008-03-06 17:35:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-05 22:47:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-05 10:46:20 0 d-------- C:\Program Files\Enigma Software Group
    2008-03-05 10:15:38 0 d--hs---- C:\Documents and Settings\NetworkService\Historique
    2008-03-05 10:15:37 0 d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
    2008-03-01 11:29:54 0 d-------- C:\Program Files\Fichiers communs\xing shared
    2008-03-01 11:29:03 0 d-------- C:\Program Files\Fichiers communs\Real
    2008-03-01 11:29:00 0 d-------- C:\Program Files\Real
    2008-03-01 11:28:30 0 d-------- C:\Documents and Settings\JohannV\Application Data\Real
    2008-02-28 21:12:25 95 --a------ C:\AUTOEXEC.BAT
    2008-02-28 21:10:27 14165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
    2008-02-28 21:10:15 171520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
    2008-02-28 21:07:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
    2008-02-28 21:06:12 0 d-------- C:\Program Files\Pinnacle
    2008-02-28 20:59:45 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    2008-02-28 20:51:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-02-25 18:55:48
    11 Mars 2008 17:47:32

    Re,

    Où est le rapport de vundofix ?

    Le rapport main.txt est incomplet, reposte-le en entier et s'il ne tient pas en un seul message, poste-le en deux fois.

    ;) 
    11 Mars 2008 20:35:32

    Re,

    Alors Vundofix, n'a détecter aucune menace et n'a pas edité de rapport.

    Voici mon rapport DSS, main.txt

    Deckard's System Scanner v20071014.68
    Run by JohannV on 2008-03-11 20:31:35
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as JohannV.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:31:42, on 11/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\JohannV\Bureau\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\JohannV.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: jkkjkhi - jkkjkhi.dll (file missing)
    O20 - Winlogon Notify: mljjghe - mljjghe.dll (file missing)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 12822 bytes

    -- Files created between 2008-02-11 and 2008-03-11 -----------------------------

    2008-03-11 17:37:14 0 d-------- C:\WINDOWS\LastGood
    2008-03-10 20:45:24 0 dr-h----- C:\Documents and Settings\JohannV\Recent
    2008-03-10 17:06:46 68096 --a------ C:\WINDOWS\system32\zip.exe
    2008-03-10 17:06:46 98816 --a------ C:\WINDOWS\system32\sed.exe
    2008-03-10 17:06:46 80412 --a------ C:\WINDOWS\system32\grep.exe
    2008-03-10 17:06:46 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-03-10 08:01:25 0 d-------- C:\VundoFix Backups
    2008-03-09 19:05:25 0 d-------- C:\WINDOWS\ERUNT
    2008-03-09 10:31:27 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
    2008-03-09 10:31:27 73 --a------ C:\WINDOWS\system32\ssprs.dll
    2008-03-09 10:31:27 205 --a------ C:\WINDOWS\system32\lsprst7.dll
    2008-03-09 10:31:27 1025 --a------ C:\WINDOWS\system32\clauth2.dll
    2008-03-09 10:31:27 1025 --a------ C:\WINDOWS\system32\clauth1.dll
    2008-03-09 10:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
    2008-03-08 20:30:28 5208 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-08 20:30:02 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-08 20:30:02 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2008-03-08 20:30:02 86016 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-03-08 20:30:02 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2008-03-08 20:30:02 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2008-03-08 20:30:02 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2008-03-08 20:30:02 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-08 18:16:42 0 d-------- C:\Program Files\Trend Micro
    2008-03-07 23:18:57 1158 --a------ C:\WINDOWS\mozver.dat
    2008-03-07 22:14:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
    2008-03-07 22:14:08 0 d-------- C:\Documents and Settings\JohannV\Application Data\Talkback
    2008-03-07 22:13:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Mozilla
    2008-03-06 20:50:36 36868 --a------ C:\Program Files\uninst-Particular.exe
    2008-03-06 20:50:36 0 d-------- C:\Presets
    2008-03-06 20:50:07 36868 --a------ C:\Program Files\uninst-Lux.exe
    2008-03-06 20:49:16 36868 --a------ C:\Program Files\uninst-Echospace.exe
    2008-03-06 20:49:16 0 d-------- C:\Program Files\Trapcode
    2008-03-06 18:09:31 0 d-------- C:\WINDOWS\BDOSCAN8
    2008-03-06 17:59:25 0 d-------- C:\Program Files\Windows Defender
    2008-03-06 17:35:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-05 22:47:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-05 10:46:20 0 d-------- C:\Program Files\Enigma Software Group
    2008-03-05 10:15:38 0 d--hs---- C:\Documents and Settings\NetworkService\Historique
    2008-03-05 10:15:37 0 d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
    2008-03-01 11:29:54 0 d-------- C:\Program Files\Fichiers communs\xing shared
    2008-03-01 11:29:03 0 d-------- C:\Program Files\Fichiers communs\Real
    2008-03-01 11:29:00 0 d-------- C:\Program Files\Real
    2008-03-01 11:28:30 0 d-------- C:\Documents and Settings\JohannV\Application Data\Real
    2008-02-28 21:12:25 95 --a------ C:\AUTOEXEC.BAT
    2008-02-28 21:10:27 14165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
    2008-02-28 21:10:15 171520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
    2008-02-28 21:07:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
    2008-02-28 21:06:12 0 d-------- C:\Program Files\Pinnacle
    2008-02-28 20:59:45 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    2008-02-28 20:51:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-02-25 18:55:48 0 d-------- C:\Documents and Settings\JohannV\Application Data\Microsoft Game Studios
    2008-02-25 09:37:20 0 d-------- C:\WINDOWS\pss
    2008-02-24 14:02:36 0 d-------- C:\Documents and Settings\JohannV\Application Data\AVS Video Converter
    2008-02-24 13:55:51 0 d-------- C:\Program Files\Fichiers communs\AVSMedia
    2008-02-24 13:55:50 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
    2008-02-24 13:55:50 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
    2008-02-24 13:55:50 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
    2008-02-24 13:55:49 0 d-------- C:\Program Files\AVSMedia
    2008-02-18 07:23:39 0 d-------- C:\Program Files\EA GAMES
    2008-02-13 12:45:23 0 d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
    2008-02-13 12:44:49 0 d-------- C:\Documents and Settings\JohannV\Application Data\Dossier de téléchargement Share-to-Web
    2008-02-13 12:44:49 0 d-------- C:\Documents and Settings\JohannV\Application Data\Dossier de téléchargement Share-to-Web
    2008-02-11 20:51:42 0 d-------- C:\WINDOWS\Evil Dead - Hail to the King


    -- Find3M Report ---------------------------------------------------------------

    2008-03-11 18:29:54 196 --a------ C:\Documents and Settings\JohannV\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
    2008-03-11 16:52:32 8405015 --a------ C:\WINDOWS\TempFile
    2008-03-10 12:30:58 0 d-------- C:\Program Files\Mozilla Thunderbird
    2008-03-09 21:16:24 0 d-------- C:\Program Files\Fichiers communs\Adobe
    2008-03-07 22:13:35 0 d-------- C:\Documents and Settings\JohannV\Application Data\Mozilla
    2008-03-06 20:35:01 0 d-------- C:\Program Files\Fichiers communs
    2008-03-06 17:46:12 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-03-06 16:09:54 0 d-------- C:\Program Files\Google
    2008-03-01 14:03:47 480448 --a------ C:\WINDOWS\system32\perfh00C.dat
    2008-03-01 14:03:47 79176 --a------ C:\WINDOWS\system32\perfc00C.dat
    2008-02-25 16:03:37 0 d-------- C:\Documents and Settings\JohannV\Application Data\Adobe
    2008-02-25 09:30:56 0 d-------- C:\Documents and Settings\JohannV\Application Data\HP
    2008-02-21 22:14:15 0 d-------- C:\Documents and Settings\JohannV\Application Data\Skype
    2008-02-21 21:30:35 0 d-------- C:\Documents and Settings\JohannV\Application Data\skypePM
    2008-02-17 09:38:10 0 d-------- C:\Program Files\7-Zip
    2008-02-14 13:29:26 0 d-------- C:\Documents and Settings\JohannV\Application Data\combustion4
    2008-02-13 12:43:48 0 d-------- C:\Program Files\HP
    2008-02-09 19:12:11 0 d-------- C:\Program Files\Microsoft Games
    2008-02-09 17:31:40 0 d-------- C:\Program Files\Microsoft Works
    2008-02-09 17:29:53 0 d-------- C:\Program Files\Microsoft.NET
    2008-02-09 12:22:39 0 d-------- C:\Documents and Settings\JohannV\Application Data\vlc
    2008-02-06 22:58:47 0 d-------- C:\Program Files\FLAC
    2008-02-06 22:55:54 2655 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
    2008-02-06 22:55:54 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
    2008-02-06 21:16:24 0 d-------- C:\Documents and Settings\JohannV\Application Data\Sun
    2008-02-06 18:22:30 0 d-------- C:\Documents and Settings\JohannV\Application Data\Nero
    2008-02-06 18:20:48 0 d-------- C:\Program Files\Fichiers communs\Nero
    2008-02-06 18:16:52 0 d-------- C:\Program Files\Nero
    2008-02-05 19:17:49 0 d-------- C:\Program Files\Fichiers communs\Ahead
    2008-02-05 18:18:24 0 d-------- C:\Documents and Settings\JohannV\Application Data\Sonic
    2008-02-05 18:18:04 0 d-------- C:\Documents and Settings\JohannV\Application Data\Leadertech
    2008-02-04 15:57:38 34308 --a------ C:\WINDOWS\system32\Chip.dll
    2008-02-03 19:06:30 468 --a------ C:\Documents and Settings\JohannV\Application Data\wklnhst.dat
    2008-01-29 22:38:51 7168 --a------ C:\WINDOWS\system32\sfmdf.exe
    2008-01-29 20:08:46 0 d-------- C:\Program Files\Ubisoft
    2008-01-28 20:37:49 0 d-------- C:\Documents and Settings\JohannV\Application Data\Template
    2008-01-27 20:44:43 0 d-------- C:\Program Files\Fichiers communs\element5 Shared
    2008-01-27 20:44:22 0 d--h----- C:\Program Files\Zero G Registry
    2008-01-27 20:44:09 0 d-------- C:\Program Files\Pixologic
    2008-01-25 22:04:25 0 d-------- C:\Program Files\Skype
    2008-01-25 19:42:21 0 d-------- C:\Documents and Settings\JohannV\Application Data\FlashFXP
    2008-01-23 21:04:41 0 d-------- C:\Documents and Settings\JohannV\Application Data\Google
    2008-01-23 18:13:19 0 d-------- C:\Program Files\Samsung
    2008-01-22 13:58:42 0 d-------- C:\Documents and Settings\JohannV\Application Data\CyberLink
    2008-01-22 13:44:09 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
    2008-01-22 08:48:31 0 d-------- C:\Program Files\WinPcap
    2008-01-22 08:46:22 0 d-------- C:\Program Files\discreet
    2008-01-22 08:44:52 0 d-------- C:\Program Files\Autodesk
    2008-01-21 17:58:11 0 d-------- C:\Documents and Settings\JohannV\Application Data\Ahead
    2008-01-21 17:56:49 0 d-------- C:\Program Files\Fichiers communs\LightScribe
    2008-01-21 11:42:03 3283 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Musepack Codec.dat
    2008-01-20 18:36:10 0 d-------- C:\Program Files\LucasArts
    2008-01-20 18:14:10 0 d-------- C:\Program Files\Image-Line
    2008-01-20 18:13:20 0 d-------- C:\Program Files\VstPlugins
    2008-01-20 16:55:19 0 --a------ C:\WINDOWS\nsreg.dat
    2008-01-20 16:55:18 0 d-------- C:\Documents and Settings\JohannV\Application Data\Thunderbird
    2008-01-20 16:52:38 0 d-------- C:\Program Files\MediaMonkey
    2008-01-20 13:35:18 253 --a------ C:\WINDOWS\Vue5.reg
    2008-01-20 12:40:14 0 d-------- C:\Program Files\e-on software
    2008-01-20 12:09:34 0 d-------- C:\Program Files\backburner 2
    2008-01-20 12:01:58 0 d-------- C:\Documents and Settings\JohannV\Application Data\DAEMON Tools
    2008-01-20 11:43:35 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-20 11:26:16 0 d-------- C:\Documents and Settings\JohannV\Application Data\SmartFTP
    2008-01-20 11:23:35 0 d-------- C:\Program Files\QuickTime
    2008-01-20 11:21:02 0 d-------- C:\Program Files\Bonjour
    2008-01-20 11:19:29 0 d-------- C:\Documents and Settings\JohannV\Application Data\Apple Computer
    2008-01-20 11:04:34 0 d-------- C:\Program Files\Lavalys
    2008-01-20 11:03:40 2181 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
    2008-01-20 11:02:01 2467 --a------ C:\WINDOWS\system32\SpoonUninstall-dMC mp3PRO (CLI) Encoder.dat
    2008-01-20 11:01:52 1578 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
    2008-01-20 11:01:31 2074 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP mp3PRO Input Codec.dat
    2008-01-20 11:00:56 17871 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
    2008-01-20 11:00:53 0 d-------- C:\Program Files\Illustrate
    2008-01-19 19:48:07 0 d-------- C:\Program Files\Fichiers communs\Alias Shared
    2008-01-19 19:47:38 0 d-------- C:\Program Files\Fichiers communs\Autodesk Shared
    2008-01-19 19:46:42 6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
    2008-01-19 19:46:42 383 --a------ C:\WINDOWS\system32\haspdos.sys
    2008-01-19 19:46:41 0 -rahs---- C:\MSDOS.SYS
    2008-01-19 19:46:41 0 -rahs---- C:\IO.SYS
    2008-01-19 18:57:48 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-01-19 18:29:58 0 d-------- C:\Program Files\Fichiers communs\Control Panels
    2008-01-19 17:48:13 0 d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-01-19 17:39:40 0 d-------- C:\Documents and Settings\JohannV\Application Data\WinRAR
    2008-01-19 17:30:33 0 d-------- C:\Program Files\Fichiers communs\Skype
    2008-01-19 17:23:36 0 d-------- C:\Program Files\SLD Codec Pack
    2008-01-19 17:19:28 0 d-------- C:\Program Files\CCleaner
    2008-01-19 17:18:51 0 d-------- C:\Program Files\VideoLAN
    2008-01-19 17:12:25 0 d-------- C:\Program Files\Windows Live
    2008-01-19 17:12:10 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-19 15:26:38 0 d-------- C:\Program Files\Messenger
    2008-01-19 15:21:49 0 d-------- C:\Program Files\MSXML 4.0
    2008-01-19 15:19:28 0 d-------- C:\Program Files\Windows Media Connect 2
    2008-01-19 09:29:42 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
    2008-01-19 09:20:47 0 d-------- C:\Program Files\Alwil Software
    2008-01-19 09:19:40 0 d-------- C:\Program Files\Java
    2008-01-19 07:26:55 0 d-------- C:\Program Files\Windows Plus
    2008-01-19 07:26:52 0 d-------- C:\Program Files\Windows NT
    2008-01-19 07:26:47 0 d-------- C:\Program Files\Synaptics
    2008-01-19 07:26:43 0 d-------- C:\Program Files\Sonic
    2008-01-19 07:26:07 0 d-------- C:\Program Files\Services en ligne
    2008-01-19 07:25:54 0 d-------- C:\Program Files\Online Services
    2008-01-19 07:25:43 0 d-------- C:\Program Files\NetWaiting
    2008-01-19 07:25:41 0 d-------- C:\Program Files\MSN Gaming Zone
    2008-01-19 07:25:39 0 d-------- C:\Program Files\Movie Maker
    2008-01-19 07:25:09 0 d-------- C:\Program Files\microsoft frontpage
    2008-01-19 07:24:07 0 d-------- C:\Program Files\Hewlett-Packard
    2008-01-19 07:23:49 0 d-------- C:\Program Files\GemMasterFrench
    2008-01-19 07:23:47 0 d-------- C:\Program Files\FrenchOtto
    2008-01-19 07:23:44 0 d-------- C:\Program Files\Fichiers communs\TiVo Shared
    2008-01-19 07:23:19 0 d-------- C:\Program Files\Fichiers communs\SureThing Shared
    2008-01-19 07:23:19 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
    2008-01-19 07:23:19 0 d-------- C:\Program Files\Fichiers communs\Sonic Shared
    2008-01-19 07:23:17 0 d-------- C:\Program Files\Fichiers communs\ODBC
    2008-01-19 07:23:17 0 d-------- C:\Program Files\Fichiers communs\MSSoap
    2008-01-19 07:23:02 0 d-------- C:\Program Files\Fichiers communs\Java
    2008-01-19 07:23:02 0 d-------- C:\Program Files\Fichiers communs\InstallShield
    2008-01-19 07:22:59 0 d-------- C:\Program Files\Fichiers communs\HP
    2008-01-19 07:22:58 0 d-------- C:\Program Files\CONEXANT
    2008-01-19 07:19:25 0 d-------- C:\Documents and Settings\JohannV\Application Data\Macromedia
    2008-01-19 07:19:25 0 d-------- C:\Documents and Settings\JohannV\Application Data\Identities
    2008-01-18 22:41:18 0 d-------- C:\Program Files\HPQ
    2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 20:34]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [03/05/2006 21:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [18/08/2006 09:00]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [18/08/2006 09:00]
    "nwiz"="nwiz.exe" [18/08/2006 09:00 C:\WINDOWS\system32\nwiz.exe]
    "MsmqIntCert"="regsvr32 /s mqrt.dll" []
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [26/07/2006 22:44 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/04/2006 06:01]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [11/07/2006 20:55]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 22:11]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/06/2006 10:33]
    "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [30/05/2006 15:02]
    "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 09:23]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/05/2007 22:46]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [20/01/2008 11:23]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [01/03/2008 11:29]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [25/03/2006 05:00]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []
    "LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [03/11/2006 09:59]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjkhi]
    jkkjkhi.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjghe]
    mljjghe.dll


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0370341e-d40a-11dc-9375-001b244fbf86}]
    AutoRun\command- F:\Setupx.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34ef1851-e771-11dc-93a3-001b244fbf86}]
    Auto\command- bittorrent.exe e
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3071db2-dde9-11dc-938f-001b244fbf86}]
    AutoRun\command- F:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b56d767c-c760-11dc-9356-001b244fbf86}]
    AutoRun\command- F:\autorun.exe




    -- End of Deckard's System Scanner: finished at 2008-03-11 20:32:08 ------------

    voili voilou.
    11 Mars 2008 20:38:50

    Re,

    On a bien avancé :super:

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? Avast vs Antivir
    Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.
    12 Mars 2008 18:54:37

    Salut,

    Bon j'avais déjà Ccleaner, donc pour ça c'est bon. Mais par contre l'analyse est assez longue pour Anti vir donc je pense que je te posterai le rrapport demain.

    Merci, en tout cas.
    12 Mars 2008 21:43:43

    :hello: 

    Oki à demain alors ;) 

    :hello: 
    13 Mars 2008 13:23:49

    Salut,
    J'ai fais mon analyse : voici le rapport

    AntiVir PersonalEdition Classic
    Report file date: jeudi 13 mars 2008 11:11

    Scanning for 1145851 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: DEXTER

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 12:13:22
    ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 12:13:22
    ANTIVIR3.VDF : 7.0.3.23 132096 Bytes 13/03/2008 10:10:32
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 12/03/2008 12:13:23
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 12/03/2008 12:13:23
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 13 mars 2008 11:11

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'acrotray.exe' - '1' Module(s) have been scanned
    Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'QPService.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
    Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'NBService.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AdskScSrv.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'msdtc.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    53 processes with 53 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '31' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP111\A0014375.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '480917a9.qua'!
    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP112\A0014422.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '480917ae.qua'!
    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP115\A0014742.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '480917c0.qua'!
    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP125\A0016612.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48091803.qua'!
    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP125\A0016613.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48091805.qua'!
    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP125\A0016614.exe
    [DETECTION] Contains detection pattern of the dropper DR/Agent.VLP.1466
    [INFO] The file was moved to '48091807.qua'!
    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP132\A0017595.exe
    [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.58
    [INFO] The file was moved to '48091854.qua'!
    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP133\A0018744.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48091863.qua'!
    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP133\A0018745.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48091866.qua'!
    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP133\A0018748.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48091868.qua'!
    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP133\A0018749.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48091869.qua'!
    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP68\A0005437.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/IRCBot.CEX Backdoor server programs
    [INFO] The file was moved to '480918bc.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <HP_RECOVERY>


    End of the scan: jeudi 13 mars 2008 13:18
    Used time: 2:06:31 min

    The scan has been done completely.

    17534 Scanning directories
    630519 Files were scanned
    12 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    12 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    630507 Files not concerned
    9618 Archives were scanned
    3 Warnings
    10 Notes

    ..............................................................................................................

    Cet antivirus est très effiace ! 12 virus ont été mis en quarantaine. Il est bien plus perfommant que avast! ;) 
    13 Mars 2008 16:56:20

    :hello: 

    Et oui il est efficace :super:

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L%u2019extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
    Poste le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
    13 Mars 2008 23:56:27

    Re,

    Alors voilà j'ai un petit problème : je fais exactement ce que tu me dis de faire sauf que au momment d'uploader le fichier, le site d'upload de Malekal me dit que n'ai choisi aucun fichier ! Pourtant je prend celui que la fenêtre Ms DOS me dit de prendre : C:/upload_moi_DEXTER.tar.gz

    Comment faire pour continuer ?
    14 Mars 2008 12:36:52

    :hello: 

    Laisse tomber l'upload et poste-moi le rapport demandé.

    ;) 
    14 Mars 2008 16:46:49

    Salut,

    Voici le rapport du fichier : rapport_clean.txt

    14/03/2008 a 16:45:02,67

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\SpoonUninstall.exe FOUND
    "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

    *** Recherche des fichiers dans C:\Program Files


    14 Mars 2008 17:32:31

    Re,

    ~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
    Aide


    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 2 puis patiente.

    ~Redémarre normalement
    Poste le rapport clean qui se trouve en C:\rapport_clean.txt
    17 Mars 2008 08:48:20

    Salut et désolé pour le temps que j'ai mis....

    Voici le rapport : rapport_clean

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 17/03/2008 a 8:38:49,60

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
    tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    17 Mars 2008 10:03:23

    :hello: 

    C’est OK, tu n’es plus infecté(e) :p 

    1) Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner...

    Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

  • Clique sur Recherche et laisse le scan agir ...
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    2) Télécharge et installe Ccleaner :
    http://www.01net.com/telecharger/windows/Utilitaire/net...
  • Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
  • Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
  • Tutorial ici : http://www.infos-du-net.com/forum/272336-7-ccleaner-und...
    3)
  • Désactive ta restauration systeme

  • Réactive ta restauration systeme

  • Tutorial ici : http://www.infos-du-net.com/forum/272480-11-desactiver-...
    ********************************************************************************

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

    - Règles du forum <- ici
    - Poster un message <- ici ( par Malekal )

    Pour t'enregistrer clique sur le bouton register ( en haut )
    Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
    Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

    Tu auras une liste par type d'infection
    Si ton infection n'est pas dans la liste crée un message dans Autres infections

    a+ et bon surf :hello: 


    Quelques liens intéressants :

    http://mickael.barroux.free.fr/securite/
    http://www.malekal.com/
    http://www.infos-du-net.com/forum/275481-11-dossier-pre...
    20 Mars 2008 19:37:38

    Salut voici mon rapport TCleaner

    -->- Recherche:

    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !


    En tout cas merci merci merci beaucoup pour ton aide qui m'a été très précieuse. Merci et a+
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS