Se connecter avec
S'enregistrer | Connectez-vous

infecter????

Dernière réponse : dans Sécurité

Bonjour,

voila depuis plusieurs jours j'ais de nombreux message d'erreur et le pc est tres lent ci joint le rapport hijack.

merci d'avance de votre aide.

cordialement.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:42, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a1a18415-a730-4858-9f0a-5d624977102d} - C:\WINDOWS\system32\zsqnts.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12634 bytes

Autres pages sur : infecter

Lassé par la pub ? Créez un compte

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    bonsoir,

    voici le rapport merci bien.

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1062
    Windows 5.1.2600 Service Pack 2

    20:57:11 29/08/2008
    mbam-log-08-29-2008 (20-57-11).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 123305
    Temps écoulé: 2 hour(s), 22 minute(s), 49 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 6
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 21

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1a18415-a730-4858-9f0a-5d624977102d} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a1a18415-a730-4858-9f0a-5d624977102d} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\zsqnts.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP83\A0021282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP90\A0024244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\agyptqfg.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ekwlbvgq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hrwqxnay.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ikiazr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jpqulj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jvpaddjg.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nethbntx.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\QQVRYWRS.0LL (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sibkopsi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tfwcojle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\upxtse.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wduifjnb.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xdtdatsk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\YFISIQIP.0LL (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM77fb25ff.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM77fb25ff.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qaqco_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

    salut

    voici le rapport
    ComboFix 08-08-29.02 - HP_Propriétaire 2008-08-30 15:21:08.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.111 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\InternetGameBox
    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Spyware-Secure
    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\anizva.dll
    C:\WINDOWS\system32\cfpvaxax.ini
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\WINDOWS\system32\eiyekgym.dll
    C:\WINDOWS\system32\gmizhp.dll
    C:\WINDOWS\system32\iywhityx.ini
    C:\WINDOWS\system32\kqvojvmu.dll
    C:\WINDOWS\system32\mpkuoghg.dll
    C:\WINDOWS\system32\oklvhpmc.ini
    C:\WINDOWS\system32\qaqco.dat
    C:\WINDOWS\system32\qaqco.exe
    C:\WINDOWS\system32\qaqco_navps.dat
    C:\WINDOWS\system32\rpuluqrg.dll
    C:\WINDOWS\system32\sjkthwvb.dll
    C:\WINDOWS\system32\srwyrvqq.ini
    C:\WINDOWS\system32\wivrtsdy.dll
    C:\WINDOWS\system32\wutseqlj.ini
    C:\WINDOWS\system32\xoicefsx.ini
    C:\WINDOWS\system32\xqnknv.dll
    C:\WINDOWS\system32\yhvynlxe.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-29 22:13 . 2008-08-29 22:15 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-08-29 21:42 . 2008-08-29 21:42 <REP> d-------- C:\Program Files\Alwil Software
    2008-08-29 18:27 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-29 07:33 . 2008-08-29 07:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-08-29 07:30 . 2008-08-29 07:30 <REP> d-------- C:\Program Files\Yahoo!
    2008-08-29 07:30 . 2008-08-29 07:30 <REP> d-------- C:\Program Files\CCleaner
    2008-08-13 05:39 . 2008-08-13 05:40 82,432 --------- C:\WINDOWS\system32\XYTIHWYI.0LL
    2008-08-08 15:28 . 2008-08-08 15:28 82,432 --------- C:\WINDOWS\system32\CMPHVLKO.0LL
    2008-08-07 20:21 . 2008-08-07 20:21 82,432 --------- C:\WINDOWS\system32\XAXAVPFC.0LL
    2008-08-02 14:42 . 2008-08-02 14:42 83,456 --------- C:\WINDOWS\system32\XSFECIOX.0LL
    2008-08-01 13:31 . 2008-08-01 13:31 83,456 --a------ C:\WINDOWS\system32\LJBGSXJY.0LL
    2008-08-01 10:46 . 2008-08-01 10:46 <REP> d-------- C:\Program Files\poll mp3 find
    2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
    2008-07-16 18:41 . 2008-08-29 18:27 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-16 18:41 . 2008-07-16 18:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-16 18:41 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-30 13:25 --------- d-----w C:\Program Files\Wanadoo
    2008-08-30 08:58 --------- d-----w C:\Program Files\Circle Developement
    2008-08-30 08:55 --------- d-----w C:\Program Files\Navilog1
    2008-08-29 11:44 --------- d-----w C:\Program Files\eMule
    2008-08-29 11:33 --------- d-----w C:\Program Files\AntivirusFirewall
    2008-08-01 08:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP54"= SP5X_32.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "C:\\Program Files\\AOL 9.0\\waol.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-08-30 C:\WINDOWS\Tasks\A3AAE2A391899363.job
    - c:\docume~1\hp_pro~1\applic~1\pollmp~1\mpeg up window.exe []

    2008-08-30 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []
    .
    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
    R0 -: HKCU-Main,Search Page = hxxp://www.google.com
    R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
    R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    R1 -: HKCU-Internet Settings,ProxyOverride = localhost
    R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 -: { - C:\Program Files\Messenger\msmsgs.exe
    O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-30 15:25:20
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aavmker4]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
    "ImagePath"="system32\DRIVERS\ACPI.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
    "ImagePath"="system32\drivers\aec.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
    "ImagePath"="\SystemRoot\System32\drivers\afd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
    "ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
    "ImagePath"="%SystemRoot%\System32\alg.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
    "ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Arp1394]
    "ImagePath"="system32\DRIVERS\arp1394.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
    "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswFsBlk]
    "ImagePath"="system32\DRIVERS\aswFsBlk.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMon2]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswRdr]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswSP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswTdi]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswUpdSv]
    "ImagePath"="\"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
    "ImagePath"="system32\DRIVERS\asyncmac.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
    "ImagePath"="system32\DRIVERS\atapi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ati HotKey Poller]
    "ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ati2mtag]
    "ImagePath"="system32\DRIVERS\ati2mtag.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atierecord]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
    "ImagePath"="system32\DRIVERS\atmarpc.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
    "ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
    "ImagePath"="system32\DRIVERS\audstub.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Antivirus]
    "ImagePath"="\"C:\Program Files\Alwil Software\Avast4\ashServ.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Mail Scanner]
    "ImagePath"="\"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe\" /service"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Web Scanner]
    "ImagePath"="\"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe\" /service"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
    "MofImagePath"="System32\Drivers\battc.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
    "ServiceDll"="%systemroot%\system32\qmgr.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
    "ServiceDll"="%SystemRoot%\System32\browser.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
    "ImagePath"="\??\C:\ComboFix\catchme.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCDECODE]
    "ImagePath"="system32\DRIVERS\CCDECODE.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
    "ImagePath"="system32\DRIVERS\cdrom.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
    "ImagePath"="%SystemRoot%\system32\cisvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CLCapSvc]
    "ImagePath"="\"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe\"\00\00\00·\02\00\00\00\00=\00\00\00\00\00u\02pè\13\00pè\13\00\18î‘|PÃ\02x\01\15\00m\05’|æ\1b€|\00\00\00\00\00\00\00\00ö\1b€|\00\00Òs¹ƒ|"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
    "ImagePath"="%SystemRoot%\system32\clipsrv.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CLSched]
    "ImagePath"="\"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe\"\00\00C\00i\00n\00e\00m\00a\00\\00K\00e\00r\00n\00e\00l\00\\00T\00V\00\\00C\00L\00C\00a\00p\00S\00v\00c\00.\00e\00x\00e"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
    "ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
    "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CyberLink Media Library Service]
    "ImagePath"="\"C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
    "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
    "ImagePath"="system32\DRIVERS\disk.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
    "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
    "ImagePath"="System32\drivers\dmboot.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
    "ImagePath"="System32\drivers\dmio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
    "ImagePath"="System32\drivers\dmload.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
    "ServiceDll"="%SystemRoot%\System32\dmserver.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
    "ImagePath"="system32\drivers\DMusic.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
    "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
    "ImagePath"="system32\drivers\drmkaud.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
    "ServiceDll"="%SystemRoot%\System32\ersvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
    "ImagePath"="%SystemRoot%\system32\services.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
    "ServiceDll"="C:\WINDOWS\system32\es.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
    "ImagePath"="%systemroot%\system32\fxssvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
    "ImagePath"="system32\DRIVERS\fdc.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
    "ImagePath"="system32\DRIVERS\flpydisk.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
    "ImagePath"="system32\DRIVERS\fltMgr.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
    "ImagePath"="system32\DRIVERS\ftdisk.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FTRTSVC]
    "ImagePath"="C:\WINDOWS\System32\FTRTSVC.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
    "ImagePath"="system32\DRIVERS\msgpc.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
    "ImagePath"="\"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
    "ImagePath"="system32\DRIVERS\HDAudBus.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
    "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
    "ServiceDll"="%SystemRoot%\System32\hidserv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
    "ImagePath"="System32\Drivers\HTTP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
    "ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
    "ImagePath"="system32\DRIVERS\i8042prt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
    "ImagePath"="\"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
    "ImagePath"="system32\DRIVERS\imapi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
    "ImagePath"="%systemroot%\system32\imapi.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
    "ImagePath"="system32\drivers\RtkHDAud.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
    "ImagePath"="system32\DRIVERS\intelide.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
    "ImagePath"="system32\DRIVERS\intelppm.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
    "ImagePath"="system32\DRIVERS\Ip6Fw.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
    "ImagePath"="system32\DRIVERS\ipinip.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
    "ImagePath"="system32\DRIVERS\ipnat.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
    "ImagePath"="system32\DRIVERS\ipsec.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
    "ImagePath"="system32\DRIVERS\irenum.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
    "ImagePath"="system32\DRIVERS\isapnp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
    "ImagePath"="system32\drivers\kmixer.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceS]
    "ImagePath"="C:\WINDOWS\system32\LEXBCES.EXE"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ltmodem5]
    "ImagePath"="system32\DRIVERS\ltmdmnt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUSBSta]
    "ImagePath"="system32\drivers\lvusbsta.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
    "ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
    "ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
    "ImagePath"="system32\DRIVERS\mrxdav.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
    "ImagePath"="system32\DRIVERS\mssmbios.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
    "ImagePath"="system32\drivers\MSTEE.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
    "ImagePath"="system32\DRIVERS\NABTSFEC.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
    "ImagePath"="system32\DRIVERS\NdisIP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
    "ImagePath"="system32\DRIVERS\ndistapi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
    "ImagePath"="system32\DRIVERS\ndisuio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
    "ImagePath"="system32\DRIVERS\ndiswan.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
    "ImagePath"="system32\DRIVERS\netbios.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
    "ImagePath"="system32\DRIVERS\netbt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
    "ImagePath"="%SystemRoot%\system32\netdde.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
    "ImagePath"="%SystemRoot%\system32\netdde.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
    "ServiceDll"="%SystemRoot%\System32\netman.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
    "ImagePath"="system32\DRIVERS\nic1394.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
    "ServiceDll"="%SystemRoot%\System32\mswsock.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
    "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
    "ImagePath"="system32\DRIVERS\nwlnkflt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
    "ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
    "ImagePath"="system32\DRIVERS\ohci1394.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
    "ImagePath"="system32\DRIVERS\parport.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCAMPR5]
    "ImagePath"="\??\C:\WINDOWS\system32\PCAMPR5.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCANDIS5]
    "ImagePath"="\??\C:\WINDOWS\system32\PCANDIS5.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
    "ImagePath"="system32\DRIVERS\pci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
    "ImagePath"="system32\DRIVERS\pciide.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
    "ImagePath"="%SystemRoot%\system32\services.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
    "ImagePath"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ps2]
    "ImagePath"="system32\DRIVERS\PS2.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
    "ImagePath"="system32\DRIVERS\psched.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
    "ImagePath"="system32\DRIVERS\ptilink.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
    "ImagePath"="System32\Drivers\PxHelp20.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\QCMerced]
    "ImagePath"="system32\DRIVERS\LVCM.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
    "ImagePath"="system32\DRIVERS\rasacd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
    "ImagePath"="system32\DRIVERS\raspti.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
    "ImagePath"="C:\WINDOWS\system32\sessmgr.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
    "ImagePath"="system32\DRIVERS\redbook.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
    "ServiceDll"="%SystemRoot%\System32\mprdim.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
    "ServiceDll"="%SystemRoot%\System32\rpcss.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
    "ImagePath"="%SystemRoot%\system32\rsvp.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
    "ImagePath"="system32\DRIVERS\Rtnicxp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
    "ImagePath"="system32\DRIVERS\RTL8139.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
    "ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
    "ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
    "ImagePath"="system32\DRIVERS\secdrv.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
    "ServiceDll"="%SystemRoot%\System32\seclogon.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
    "ImagePath"="system32\DRIVERS\SLIP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
    "ImagePath"="system32\drivers\splitter.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
    "ImagePath"="%SystemRoot%\system32\spoolsv.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
    "ImagePath"="system32\DRIVERS\sr.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
    "ServiceDll"="C:\WINDOWS\system32\srsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
    "ImagePath"="system32\DRIVERS\srv.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
    "ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
    "ImagePath"="system32\DRIVERS\StreamIP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
    "ImagePath"="system32\DRIVERS\swenum.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
    "ImagePath"="system32\drivers\swmidi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
    "ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{383FA16D-AF8F-4C60-B213-2B9363664871}"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
    "ImagePath"="system32\drivers\sysaudio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
    "ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
    "ImagePath"="system32\DRIVERS\tcpip.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
    "ImagePath"="system32\DRIVERS\termdd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
    "ServiceDll"="%SystemRoot%\system32\trkwks.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UMWdf]
    "ImagePath"="C:\WINDOWS\system32\wdfmgr.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
    "ImagePath"="system32\DRIVERS\update.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
    "ImagePath"="%SystemRoot%\System32\ups.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
    "ImagePath"="system32\drivers\usbaudio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
    "ImagePath"="system32\DRIVERS\usbehci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
    "ImagePath"="system32\DRIVERS\usbohci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
    "ImagePath"="system32\DRIVERS\usbprint.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
    "ImagePath"="system32\DRIVERS\usbscan.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
    "ImagePath"="system32\DRIVERS\usbuhci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvc]
    "ImagePath"="\"C:\Program Files\Windows Live\Messenger\usnsvc.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
    "ImagePath"="\SystemRoot\System32\drivers\vga.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
    "ImagePath"="system32\DRIVERS\viaide.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
    "ImagePath"="%SystemRoot%\System32\vssvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
    "ServiceDll"="%systemroot%\system32\w32time.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
    "ImagePath"="system32\DRIVERS\wanarp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wceusbsh]
    "ImagePath"="system32\DRIVERS\wceusbsh.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
    "ImagePath"="system32\drivers\wdmaud.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
    "ServiceDll"="%SystemRoot%\System32\webclnt.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
    "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wlancfg]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLSetupSvc]
    "ImagePath"="\"C:\Program Files\Windows Live\installer\WLSetupSvc.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
    "ServiceDll"="C:\WINDOWS\system32\MsPMSNSv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
    "ImagePath"="C:\WINDOWS\system32\wbem\wmiapsrv.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
    "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
    "ImagePath"="system32\DRIVERS\WSTCODEC.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
    "ServiceDll"="C:\WINDOWS\system32\wuauserv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
    "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
    "ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{129E5138-452B-44F2-930E-42A8323F3314}]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{3FAD57D5-0833-4C7F-8435-4C798BFD05FD}]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FC3DCE78-611D-4F0C-A21E-202A1562F449}]
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\hp\KBD\kbd.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system\hpsysdrv.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-30 15:30:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-30 13:30:10

    Pre-Run: 232,072,155,136 octets libres
    Post-Run: 232,060,149,760 octets libres

    708 --- E O F --- 2008-08-29 20:15:09

    ComboFix 08-08-29.02 - HP_Propriétaire 2008-08-30 15:21:08.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.111 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\InternetGameBox
    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Spyware-Secure
    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\anizva.dll
    C:\WINDOWS\system32\cfpvaxax.ini
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\WINDOWS\system32\eiyekgym.dll
    C:\WINDOWS\system32\gmizhp.dll
    C:\WINDOWS\system32\iywhityx.ini
    C:\WINDOWS\system32\kqvojvmu.dll
    C:\WINDOWS\system32\mpkuoghg.dll
    C:\WINDOWS\system32\oklvhpmc.ini
    C:\WINDOWS\system32\qaqco.dat
    C:\WINDOWS\system32\qaqco.exe
    C:\WINDOWS\system32\qaqco_navps.dat
    C:\WINDOWS\system32\rpuluqrg.dll
    C:\WINDOWS\system32\sjkthwvb.dll
    C:\WINDOWS\system32\srwyrvqq.ini
    C:\WINDOWS\system32\wivrtsdy.dll
    C:\WINDOWS\system32\wutseqlj.ini
    C:\WINDOWS\system32\xoicefsx.ini
    C:\WINDOWS\system32\xqnknv.dll
    C:\WINDOWS\system32\yhvynlxe.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-29 22:13 . 2008-08-29 22:15 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-08-29 21:42 . 2008-08-29 21:42 <REP> d-------- C:\Program Files\Alwil Software
    2008-08-29 18:27 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-29 07:33 . 2008-08-29 07:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-08-29 07:30 . 2008-08-29 07:30 <REP> d-------- C:\Program Files\Yahoo!
    2008-08-29 07:30 . 2008-08-29 07:30 <REP> d-------- C:\Program Files\CCleaner
    2008-08-13 05:39 . 2008-08-13 05:40 82,432 --------- C:\WINDOWS\system32\XYTIHWYI.0LL
    2008-08-08 15:28 . 2008-08-08 15:28 82,432 --------- C:\WINDOWS\system32\CMPHVLKO.0LL
    2008-08-07 20:21 . 2008-08-07 20:21 82,432 --------- C:\WINDOWS\system32\XAXAVPFC.0LL
    2008-08-02 14:42 . 2008-08-02 14:42 83,456 --------- C:\WINDOWS\system32\XSFECIOX.0LL
    2008-08-01 13:31 . 2008-08-01 13:31 83,456 --a------ C:\WINDOWS\system32\LJBGSXJY.0LL
    2008-08-01 10:46 . 2008-08-01 10:46 <REP> d-------- C:\Program Files\poll mp3 find
    2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
    2008-07-16 18:41 . 2008-08-29 18:27 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-16 18:41 . 2008-07-16 18:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-16 18:41 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-30 13:25 --------- d-----w C:\Program Files\Wanadoo
    2008-08-30 08:58 --------- d-----w C:\Program Files\Circle Developement
    2008-08-30 08:55 --------- d-----w C:\Program Files\Navilog1
    2008-08-29 11:44 --------- d-----w C:\Program Files\eMule
    2008-08-29 11:33 --------- d-----w C:\Program Files\AntivirusFirewall
    2008-08-01 08:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP54"= SP5X_32.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "C:\\Program Files\\AOL 9.0\\waol.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-08-30 C:\WINDOWS\Tasks\A3AAE2A391899363.job
    - c:\docume~1\hp_pro~1\applic~1\pollmp~1\mpeg up window.exe []

    2008-08-30 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []
    .
    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
    R0 -: HKCU-Main,Search Page = hxxp://www.google.com
    R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
    R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    R1 -: HKCU-Internet Settings,ProxyOverride = localhost
    R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 -: { - C:\Program Files\Messenger\msmsgs.exe
    O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-30 15:25:20
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aavmker4]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
    "ImagePath"="system32\DRIVERS\ACPI.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
    "ImagePath"="system32\drivers\aec.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
    "ImagePath"="\SystemRoot\System32\drivers\afd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
    "ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
    "ImagePath"="%SystemRoot%\System32\alg.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
    "ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Arp1394]
    "ImagePath"="system32\DRIVERS\arp1394.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
    "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswFsBlk]
    "ImagePath"="system32\DRIVERS\aswFsBlk.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMon2]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswRdr]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswSP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswTdi]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswUpdSv]
    "ImagePath"="\"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
    "ImagePath"="system32\DRIVERS\asyncmac.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
    "ImagePath"="system32\DRIVERS\atapi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ati HotKey Poller]
    "ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ati2mtag]
    "ImagePath"="system32\DRIVERS\ati2mtag.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atierecord]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
    "ImagePath"="system32\DRIVERS\atmarpc.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
    "ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
    "ImagePath"="system32\DRIVERS\audstub.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Antivirus]
    "ImagePath"="\"C:\Program Files\Alwil Software\Avast4\ashServ.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Mail Scanner]
    "ImagePath"="\"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe\" /service"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Web Scanner]
    "ImagePath"="\"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe\" /service"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
    "MofImagePath"="System32\Drivers\battc.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
    "ServiceDll"="%systemroot%\system32\qmgr.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
    "ServiceDll"="%SystemRoot%\System32\browser.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
    "ImagePath"="\??\C:\ComboFix\catchme.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCDECODE]
    "ImagePath"="system32\DRIVERS\CCDECODE.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
    "ImagePath"="system32\DRIVERS\cdrom.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
    "ImagePath"="%SystemRoot%\system32\cisvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CLCapSvc]
    "ImagePath"="\"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe\"\00\00\00·\02\00\00\00\00=\00\00\00\00\00u\02pè\13\00pè\13\00\18î‘|PÃ\02x\01\15\00m\05’|æ\1b€|\00\00\00\00\00\00\00\00ö\1b€|\00\00Òs¹ƒ|"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
    "ImagePath"="%SystemRoot%\system32\clipsrv.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CLSched]
    "ImagePath"="\"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe\"\00\00C\00i\00n\00e\00m\00a\00\\00K\00e\00r\00n\00e\00l\00\\00T\00V\00\\00C\00L\00C\00a\00p\00S\00v\00c\00.\00e\00x\00e"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
    "ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
    "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CyberLink Media Library Service]
    "ImagePath"="\"C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
    "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
    "ImagePath"="system32\DRIVERS\disk.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
    "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
    "ImagePath"="System32\drivers\dmboot.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
    "ImagePath"="System32\drivers\dmio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
    "ImagePath"="System32\drivers\dmload.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
    "ServiceDll"="%SystemRoot%\System32\dmserver.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
    "ImagePath"="system32\drivers\DMusic.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
    "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
    "ImagePath"="system32\drivers\drmkaud.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
    "ServiceDll"="%SystemRoot%\System32\ersvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
    "ImagePath"="%SystemRoot%\system32\services.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
    "ServiceDll"="C:\WINDOWS\system32\es.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
    "ImagePath"="%systemroot%\system32\fxssvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
    "ImagePath"="system32\DRIVERS\fdc.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
    "ImagePath"="system32\DRIVERS\flpydisk.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
    "ImagePath"="system32\DRIVERS\fltMgr.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
    "ImagePath"="system32\DRIVERS\ftdisk.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FTRTSVC]
    "ImagePath"="C:\WINDOWS\System32\FTRTSVC.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
    "ImagePath"="system32\DRIVERS\msgpc.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
    "ImagePath"="\"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
    "ImagePath"="system32\DRIVERS\HDAudBus.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
    "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
    "ServiceDll"="%SystemRoot%\System32\hidserv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
    "ImagePath"="System32\Drivers\HTTP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
    "ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
    "ImagePath"="system32\DRIVERS\i8042prt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
    "ImagePath"="\"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
    "ImagePath"="system32\DRIVERS\imapi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
    "ImagePath"="%systemroot%\system32\imapi.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
    "ImagePath"="system32\drivers\RtkHDAud.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
    "ImagePath"="system32\DRIVERS\intelide.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
    "ImagePath"="system32\DRIVERS\intelppm.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
    "ImagePath"="system32\DRIVERS\Ip6Fw.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
    "ImagePath"="system32\DRIVERS\ipinip.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
    "ImagePath"="system32\DRIVERS\ipnat.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
    "ImagePath"="system32\DRIVERS\ipsec.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
    "ImagePath"="system32\DRIVERS\irenum.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
    "ImagePath"="system32\DRIVERS\isapnp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
    "ImagePath"="system32\drivers\kmixer.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceS]
    "ImagePath"="C:\WINDOWS\system32\LEXBCES.EXE"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ltmodem5]
    "ImagePath"="system32\DRIVERS\ltmdmnt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUSBSta]
    "ImagePath"="system32\drivers\lvusbsta.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
    "ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
    "ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
    "ImagePath"="system32\DRIVERS\mrxdav.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
    "ImagePath"="system32\DRIVERS\mssmbios.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
    "ImagePath"="system32\drivers\MSTEE.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
    "ImagePath"="system32\DRIVERS\NABTSFEC.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
    "ImagePath"="system32\DRIVERS\NdisIP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
    "ImagePath"="system32\DRIVERS\ndistapi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
    "ImagePath"="system32\DRIVERS\ndisuio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
    "ImagePath"="system32\DRIVERS\ndiswan.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
    "ImagePath"="system32\DRIVERS\netbios.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
    "ImagePath"="system32\DRIVERS\netbt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
    "ImagePath"="%SystemRoot%\system32\netdde.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
    "ImagePath"="%SystemRoot%\system32\netdde.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
    "ServiceDll"="%SystemRoot%\System32\netman.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
    "ImagePath"="system32\DRIVERS\nic1394.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
    "ServiceDll"="%SystemRoot%\System32\mswsock.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
    "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
    "ImagePath"="system32\DRIVERS\nwlnkflt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
    "ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
    "ImagePath"="system32\DRIVERS\ohci1394.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
    "ImagePath"="system32\DRIVERS\parport.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCAMPR5]
    "ImagePath"="\??\C:\WINDOWS\system32\PCAMPR5.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCANDIS5]
    "ImagePath"="\??\C:\WINDOWS\system32\PCANDIS5.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
    "ImagePath"="system32\DRIVERS\pci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
    "ImagePath"="system32\DRIVERS\pciide.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
    "ImagePath"="%SystemRoot%\system32\services.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
    "ImagePath"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ps2]
    "ImagePath"="system32\DRIVERS\PS2.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
    "ImagePath"="system32\DRIVERS\psched.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
    "ImagePath"="system32\DRIVERS\ptilink.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
    "ImagePath"="System32\Drivers\PxHelp20.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\QCMerced]
    "ImagePath"="system32\DRIVERS\LVCM.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
    "ImagePath"="system32\DRIVERS\rasacd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
    "ImagePath"="system32\DRIVERS\raspti.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
    "ImagePath"="C:\WINDOWS\system32\sessmgr.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
    "ImagePath"="system32\DRIVERS\redbook.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
    "ServiceDll"="%SystemRoot%\System32\mprdim.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
    "ServiceDll"="%SystemRoot%\System32\rpcss.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
    "ImagePath"="%SystemRoot%\system32\rsvp.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
    "ImagePath"="system32\DRIVERS\Rtnicxp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
    "ImagePath"="system32\DRIVERS\RTL8139.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
    "ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
    "ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
    "ImagePath"="system32\DRIVERS\secdrv.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
    "ServiceDll"="%SystemRoot%\System32\seclogon.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
    "ImagePath"="system32\DRIVERS\SLIP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
    "ImagePath"="system32\drivers\splitter.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
    "ImagePath"="%SystemRoot%\system32\spoolsv.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
    "ImagePath"="system32\DRIVERS\sr.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
    "ServiceDll"="C:\WINDOWS\system32\srsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
    "ImagePath"="system32\DRIVERS\srv.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
    "ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
    "ImagePath"="system32\DRIVERS\StreamIP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
    "ImagePath"="system32\DRIVERS\swenum.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
    "ImagePath"="system32\drivers\swmidi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
    "ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{383FA16D-AF8F-4C60-B213-2B9363664871}"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
    "ImagePath"="system32\drivers\sysaudio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
    "ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
    "ImagePath"="system32\DRIVERS\tcpip.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
    "ImagePath"="system32\DRIVERS\termdd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
    "ServiceDll"="%SystemRoot%\system32\trkwks.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UMWdf]
    "ImagePath"="C:\WINDOWS\system32\wdfmgr.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
    "ImagePath"="system32\DRIVERS\update.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
    "ImagePath"="%SystemRoot%\System32\ups.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
    "ImagePath"="system32\drivers\usbaudio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
    "ImagePath"="system32\DRIVERS\usbehci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
    "ImagePath"="system32\DRIVERS\usbohci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
    "ImagePath"="system32\DRIVERS\usbprint.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
    "ImagePath"="system32\DRIVERS\usbscan.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
    "ImagePath"="system32\DRIVERS\usbuhci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvc]
    "ImagePath"="\"C:\Program Files\Windows Live\Messenger\usnsvc.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
    "ImagePath"="\SystemRoot\System32\drivers\vga.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
    "ImagePath"="system32\DRIVERS\viaide.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
    "ImagePath"="%SystemRoot%\System32\vssvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
    "ServiceDll"="%systemroot%\system32\w32time.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
    "ImagePath"="system32\DRIVERS\wanarp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wceusbsh]
    "ImagePath"="system32\DRIVERS\wceusbsh.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
    "ImagePath"="system32\drivers\wdmaud.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
    "ServiceDll"="%SystemRoot%\System32\webclnt.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
    "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wlancfg]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLSetupSvc]
    "ImagePath"="\"C:\Program Files\Windows Live\installer\WLSetupSvc.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
    "ServiceDll"="C:\WINDOWS\system32\MsPMSNSv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
    "ImagePath"="C:\WINDOWS\system32\wbem\wmiapsrv.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
    "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
    "ImagePath"="system32\DRIVERS\WSTCODEC.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
    "ServiceDll"="C:\WINDOWS\system32\wuauserv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
    "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
    "ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{129E5138-452B-44F2-930E-42A8323F3314}]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{3FAD57D5-0833-4C7F-8435-4C798BFD05FD}]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FC3DCE78-611D-4F0C-A21E-202A1562F449}]
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\hp\KBD\kbd.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system\hpsysdrv.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-30 15:30:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-30 13:30:10

    Pre-Run: 232,072,155,136 octets libres
    Post-Run: 232,060,149,760 octets libres

    708 --- E O F --- 2008-08-29 20:15:09

    merci voici le rapport hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:55:58, on 30/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [qaqco] "c:\windows\system32\qaqco.exe" qaqco
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

    --
    End of file - 10597 bytes

    merci de ton aide voila le rapport



    Avira AntiVir Personal
    Report file date: samedi 30 août 2008 18:01

    Scanning for 1583963 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: NOM-EB85C523610

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 15:58:16
    ANTIVIR3.VDF : 7.0.6.93 209920 Bytes 30/08/2008 15:58:19
    Engineversion : 8.1.1.23
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.68 315770 Bytes 30/08/2008 15:58:34
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.22 192890 Bytes 30/08/2008 15:58:32
    AEHEUR.DLL : 8.1.0.50 1388918 Bytes 30/08/2008 15:58:30
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 30/08/2008 15:58:22
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 30/08/2008 15:58:20
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 30 août 2008 18:01

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
    Scan process 'MouseDrv.exe' - '1' Module(s) have been scanned
    Scan process 'PI Monitor.exe' - '1' Module(s) have been scanned
    Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
    Scan process 'lxczbmon.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
    Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
    Scan process 'lxczbmgr.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
    Scan process 'CLSched.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'HPZIPM12.EXE' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
    Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
    Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    53 processes with 53 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD5
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '69' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\HP_Propriétaire\Application Data\poll mp3 find\Army noun book file.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was deleted!
    C:\Documents and Settings\HP_Propriétaire\Application Data\poll mp3 find\dgsyaovs.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '492c7062.qua'!
    C:\Documents and Settings\HP_Propriétaire\Application Data\poll mp3 find\ecazzucg.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '491a7060.qua'!
    C:\Documents and Settings\HP_Propriétaire\Application Data\poll mp3 find\MPEG UP WINDOW.1XE
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '48fe704f.qua'!
    C:\Documents and Settings\HP_Propriétaire\Application Data\poll mp3 find\WEB JOY.0XE
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '48fb7046.qua'!
    C:\Documents and Settings\HP_Propriétaire\Bureau\INTERNETGAMEBOX_SETUP.0XE
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '490d7057.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\eiyekgym.dll.vir
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '49327464.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP33\A0006850.exe
    [DETECTION] Is the TR/Fakesu.248320 Trojan
    [NOTE] The file was moved to '48e9743c.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP33\A0006854.exe
    [DETECTION] Contains recognition pattern of the DR/NaviPromo.BU.80 dropper
    [NOTE] The file was moved to '48e9743d.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP72\A0017823.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '48e97457.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP76\A0018070.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '48e9745e.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP80\A0021220.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '48e97464.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP80\A0021243.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '48e97466.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP84\A0021292.dll
    [DETECTION] Is the TR/Monder.duc Trojan
    [NOTE] The file was moved to '48e9746d.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP86\A0022241.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48e97476.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP90\A0024243.dll
    [DETECTION] Is the TR/Monder.bvn.1 Trojan
    [NOTE] The file was moved to '48e9747d.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP90\A0024246.dll
    [DETECTION] Is the TR/Killav.28714 Trojan
    [NOTE] The file was moved to '48e9747f.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP90\A0025263.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e97486.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP90\A0025265.dll
    [DETECTION] Is the TR/Killav.28714 Trojan
    [NOTE] The file was moved to '48e97489.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP92\A0026476.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48e974a2.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP93\A0026514.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48e974a8.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP94\A0026720.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '48e974b0.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP94\A0026721.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '48e974b3.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP94\A0026722.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '48e974b5.qua'!
    C:\WINDOWS\system32\CMPHVLKO.0LL
    [DETECTION] Is the TR/Monder.eym Trojan
    [NOTE] The file was moved to '490976fa.qua'!
    C:\WINDOWS\system32\LJBGSXJY.0LL
    [DETECTION] Is the TR/Monder.bvn.1 Trojan
    [NOTE] The file was moved to '48fb7707.qua'!
    C:\WINDOWS\system32\XAXAVPFC.0LL
    [DETECTION] Is the TR/Monder.duc Trojan
    [NOTE] The file was moved to '4911771a.qua'!
    C:\WINDOWS\system32\XSFECIOX.0LL
    [DETECTION] Is the TR/Monder.cev Trojan
    [NOTE] The file was moved to '48ff772f.qua'!
    C:\WINDOWS\system32\XYTIHWYI.0LL
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '490d7737.qua'!
    Begin scan in 'D:\' <HP_RECOVERY>


    End of the scan: samedi 30 août 2008 18:44
    Used time: 43:09 Minute(s)

    The scan has been done completely.

    6897 Scanning directories
    458863 Files were scanned
    29 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    1 files were deleted
    0 files were repaired
    28 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    458832 Files not concerned
    14869 Archives were scanned
    6 Warnings
    29 Notes

    voila le rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:17:02, on 30/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    c:\program files\avira\antivir personaledition classic\avcenter.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [qaqco] "c:\windows\system32\qaqco.exe" qaqco
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

    --
    End of file - 10811 bytes

    bonjour,

    voici le log de combofix

    merci

    ComboFix 08-08-29.02 - HP_Propriétaire 2008-08-31 9:41:38.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.104 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-30 17:56 . 2008-08-30 17:56 <REP> d-------- C:\Program Files\Avira
    2008-08-30 17:56 . 2008-08-30 17:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-30 15:30 . 2008-08-30 15:30 <REP> d-------- C:\Documents and Settings\HP_PropriÚtaire
    2008-08-29 22:13 . 2008-08-30 22:47 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-08-29 21:42 . 2008-08-29 21:42 <REP> d-------- C:\Program Files\Alwil Software
    2008-08-29 18:27 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-29 07:33 . 2008-08-29 07:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-08-29 07:30 . 2008-08-29 07:30 <REP> d-------- C:\Program Files\Yahoo!
    2008-08-29 07:30 . 2008-08-29 07:30 <REP> d-------- C:\Program Files\CCleaner
    2008-08-01 10:46 . 2008-08-01 10:46 <REP> d-------- C:\Program Files\poll mp3 find
    2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
    2008-07-16 18:41 . 2008-08-29 18:27 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-16 18:41 . 2008-07-16 18:41 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
    2008-07-16 18:41 . 2008-07-16 18:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-16 18:41 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-31 07:40 --------- d-----w C:\Program Files\Wanadoo
    2008-08-30 16:06 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\poll mp3 find
    2008-08-30 11:57 3,678 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
    2008-08-30 08:58 --------- d-----w C:\Program Files\Circle Developement
    2008-08-30 08:55 --------- d-----w C:\Program Files\Navilog1
    2008-08-29 11:44 --------- d-----w C:\Program Files\eMule
    2008-08-29 11:33 --------- d-----w C:\Program Files\AntivirusFirewall
    2008-08-01 08:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-23 09:53 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-05-01 14:31 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-30_15.28.08.93 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-06-23 15:10:27 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll
    + 2008-06-26 08:13:32 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll
    + 2008-06-26 08:13:32 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll
    + 2008-06-23 15:10:27 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
    + 2008-06-25 04:26:28 3,088,896 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll
    + 2008-06-26 08:00:28 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
    + 2008-06-26 08:00:28 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll
    + 2008-06-23 14:56:26 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll
    - 2008-04-21 06:57:16 1,024,512 ----a-w C:\WINDOWS\system32\browseui.dll
    + 2008-06-23 16:15:33 1,024,512 ----a-w C:\WINDOWS\system32\browseui.dll
    - 2008-04-21 06:57:16 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2008-06-23 16:15:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    - 2008-04-21 06:57:17 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    + 2008-06-23 16:15:35 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    - 2008-04-21 06:57:16 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    + 2008-06-23 16:15:33 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    - 2008-04-21 06:57:16 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2008-06-23 16:15:34 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    - 2008-04-21 06:57:17 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    + 2008-06-23 16:15:35 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    - 2008-04-21 06:57:17 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-06-23 16:15:35 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2008-04-21 06:57:18 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-06-23 16:15:35 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2008-04-21 06:57:18 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-06-23 16:15:35 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2008-04-21 06:57:18 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2008-06-23 16:15:36 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    - 2008-04-21 06:57:18 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2008-06-23 16:15:36 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    - 2008-04-21 06:57:18 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-06-23 16:15:36 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2008-04-21 06:57:22 3,087,872 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2008-06-23 16:15:39 3,088,384 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2008-04-21 06:57:22 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-06-23 16:15:40 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2008-04-21 06:57:23 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-06-23 16:15:40 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2008-04-21 06:57:23 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-06-23 16:15:41 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2008-04-21 06:57:23 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2008-06-23 16:15:41 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    - 2008-04-21 06:57:25 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    + 2008-06-23 16:15:42 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    - 2008-04-21 06:57:26 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2008-06-23 16:15:43 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    - 2008-04-21 06:57:26 620,544 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2008-06-23 16:15:43 620,544 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2008-04-21 06:57:27 670,720 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-06-23 16:15:44 671,232 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    - 2008-04-21 06:57:17 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-06-23 16:15:35 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2008-04-21 06:57:18 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2008-06-23 16:15:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2008-04-21 06:57:18 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2008-06-23 16:15:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    - 2008-04-21 06:57:18 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
    + 2008-06-23 16:15:36 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
    - 2008-04-21 06:57:18 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2008-06-23 16:15:36 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    - 2008-04-21 06:57:18 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2008-06-23 16:15:36 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    - 2008-04-21 06:57:22 3,087,872 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2008-06-23 16:15:39 3,088,384 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2008-04-21 06:57:22 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2008-06-23 16:15:40 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2008-04-21 06:57:23 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2008-06-23 16:15:40 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2008-04-21 06:57:23 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2008-06-23 16:15:41 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2008-04-21 06:57:23 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2008-06-23 16:15:41 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2008-04-21 06:57:25 1,499,648 ----a-w C:\WINDOWS\system32\shdocvw.dll
    + 2008-06-23 16:15:42 1,499,648 ----a-w C:\WINDOWS\system32\shdocvw.dll
    - 2008-04-21 06:57:26 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2008-06-23 16:15:43 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
    - 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    + 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
    - 2008-04-21 06:57:26 620,544 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2008-06-23 16:15:43 620,544 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2008-04-21 06:57:27 670,720 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2008-06-23 16:15:44 671,232 ----a-w C:\WINDOWS\system32\wininet.dll
    - 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2008-07-03 09:42:35 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 11:50 68856]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "_SetRes"="c:\hp\bin\cloaker" [X]
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35 49152]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 03:46 147456]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 19:18 49152]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-02 20:10 180269]
    "Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 07:25 57344]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "WireLessMouse"="C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 12:48 94208]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 13:54 16010240 C:\WINDOWS\RTHDCPL.EXE]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 19:40:44 282624]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-08 20:48:07 67128]
    PI Monitor.lnk - C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe [2008-04-12 14:55:55 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP54"= SP5X_32.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    *Newly Created Service* - CATCHME
    *Newly Created Service* - SSMDRV
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-30 C:\WINDOWS\Tasks\A3AAE2A391899363.job
    - c:\docume~1\hp_pro~1\applic~1\pollmp~1\mpeg up window.exe []

    2008-08-31 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []

    2008-08-30 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-qaqco - c:\windows\system32\qaqco.exe


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
    R0 -: HKCU-Main,Search Page = hxxp://www.google.com
    R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
    R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    R1 -: HKCU-Internet Settings,ProxyOverride = localhost
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 -: { - C:\Program Files\Messenger\msmsgs.exe
    O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-31 09:44:30
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-31 9:45:58
    ComboFix-quarantined-files.txt 2008-08-31 07:45:50
    ComboFix2.txt 2008-08-30 13:30:17

    Pre-Run: 231,962,456,064 octets libres
    Post-Run: 231,951,900,672 octets libres

    261 --- E O F --- 2008-08-30 20:47:16

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Folder::
    C:\Program Files\poll mp3 find
    C:\Documents and Settings\HP_Propriétaire\Application Data\poll mp3 find
    C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

    &

    Télécharge Navilog1.exe ([#ff0000]IL-MAFIOSO
    )
    Enregistre-le sur ton Bureau.
    Lance l'installation en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Laisse-toi guider par l'utilitaire. Choisis l'option 4 puis valide.

    Il va te demander de saisir le nom de fichier. Saisie ce qui est en gras ci-dessous et rien d'autre puis valide :
    qaqco
    Retape le nom de fichier quand cela te sera demandé.

    L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
    [#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
    Appuie maintenant sur une touche, comme demandé.
    (si ton PC ne redémarre pas automatiquement, fais-le manuellement)

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.

    Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
    Ainsi qu'un nouveau rapport Hijackthis.

    bonjour,

    voici les rapports.

    merci

    ComboFix 08-08-29.02 - HP_Propriétaire 2008-08-31 15:23:53.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.104 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
    C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\Style Bleh.exe
    C:\Documents and Settings\HP_Propriétaire\Application Data\poll mp3 find
    C:\Documents and Settings\HP_Propriétaire\Application Data\poll mp3 find\0
    C:\Program Files\poll mp3 find

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-30 17:56 . 2008-08-30 17:56 <REP> d-------- C:\Program Files\Avira
    2008-08-30 17:56 . 2008-08-30 17:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-30 15:30 . 2008-08-30 15:30 <REP> d-------- C:\Documents and Settings\HP_PropriÚtaire
    2008-08-29 21:42 . 2008-08-29 21:42 <REP> d-------- C:\Program Files\Alwil Software
    2008-08-29 18:27 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-29 07:33 . 2008-08-29 07:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-08-29 07:30 . 2008-08-29 07:30 <REP> d-------- C:\Program Files\Yahoo!
    2008-08-29 07:30 . 2008-08-29 07:30 <REP> d-------- C:\Program Files\CCleaner
    2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
    2008-07-16 18:41 . 2008-08-29 18:27 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-16 18:41 . 2008-07-16 18:41 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
    2008-07-16 18:41 . 2008-07-16 18:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-16 18:41 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-31 10:22 --------- d-----w C:\Program Files\Wanadoo
    2008-08-30 11:57 3,678 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
    2008-08-30 08:58 --------- d-----w C:\Program Files\Circle Developement
    2008-08-30 08:55 --------- d-----w C:\Program Files\Navilog1
    2008-08-29 11:44 --------- d-----w C:\Program Files\eMule
    2008-08-29 11:33 --------- d-----w C:\Program Files\AntivirusFirewall
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-23 09:53 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-05-01 14:31 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 11:50 68856]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "_SetRes"="c:\hp\bin\cloaker" [X]
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35 49152]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 03:46 147456]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 19:18 49152]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-02 20:10 180269]
    "Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 07:25 57344]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "WireLessMouse"="C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 12:48 94208]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 13:54 16010240 C:\WINDOWS\RTHDCPL.EXE]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 19:40:44 282624]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-08 20:48:07 67128]
    PI Monitor.lnk - C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe [2008-04-12 14:55:55 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP54"= SP5X_32.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-31 C:\WINDOWS\Tasks\A3AAE2A391899363.job
    - c:\docume~1\hp_pro~1\applic~1\pollmp~1\mpeg up window.exe []

    2008-08-31 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []

    2008-08-31 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-31 15:26:02
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-31 15:27:13
    ComboFix-quarantined-files.txt 2008-08-31 13:27:10
    ComboFix2.txt 2008-08-31 07:45:59
    ComboFix3.txt 2008-08-30 13:30:17

    Pre-Run: 231,944,384,512 octets libres
    Post-Run: 231,928,143,872 octets libres

    147 --- E O F --- 2008-08-30 20:47:16

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:29:45, on 31/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

    --
    End of file - 10532 bytes

    Clean Navipromo version 3.5.7 commencé le 31/08/2008 à 15:34:44,70

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "HP_Propriétaire"

    Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS


    Mode suppression par méthode manuelle

    Nom du fichier saisi : qaqco

    Nettoyage exécuté au redémarrage de l'ordinateur


    *** Recherche, création sauvegardes et suppression ***

    * Suppression dans "C:\WINDOWS\system32" *

    * Suppression dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" *


    *** Suppression dossiers dans "C:\WINDOWS" ***


    *** Suppression dossiers dans "C:\Program Files" ***


    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Suppression dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\HP_Propriétaire\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\HP_Propriétaire\menudm~1\progra~1" ***



    *** Suppression fichiers ***


    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\HP_Propri‚taire\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans "C:\WINDOWS\system32" *


    * Dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" *


    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup absent !
    Certificat Electronic-Group supprimé !
    Certificat OOO-Favorit supprimé !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Nettoyage terminé le 31/08/2008 à 15:39:30,53 ***


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:40:30, on 31/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr33...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

    --
    End of file - 10470 bytes

    Lassé par la pub ? Créez un compte
    Tom's guide dans le monde