HELP : Spyware resistant

Bonsoir,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

• Double clique sur HJTInstall.exe pour lancer l'installation.
• Clique sur Install.
• Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
• Accepte la licence en cliquant sur Yes.
• Clique sur Do a system scan and save a logfile.
• Poste ici le rapport généré.

Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

Aide : Comment utiliser HijackThis.

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

• Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :

• Fais redémarrer ton ordinateur en mode sans échec

- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

• Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
• Afin de lancer la recherche, clic sur"Rechercher".
• Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

Aide :

• Comment utiliser MBAM.
• Comment faire démarrer son ordinateur en mode sans échec.

J'ai fais le scan (un peu long xD) le voici :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 3

22/11/2008 23:54:53
mbam-log-2008-11-22 (23-54-49).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 124162
Temps écoulé: 1 hour(s), 50 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{b31f9ef2-40d0-4f3e-9334-502c709ddc57} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d76fbc4f-5e07-41fa-9013-fa3a53e46b95} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{10026069-7a5f-4531-811e-c8df20643bee} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Laurence\Application Data\AntispywareBot (Rogue.AntiSpywareBot) -> No action taken.
C:\Documents and Settings\Laurence\Application Data\AntispywareBot\Log (Rogue.AntiSpywareBot) -> No action taken.
C:\Documents and Settings\Laurence\Application Data\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\Laurence\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Laurence\Application Data\AntispywareBot\rs.dat (Rogue.AntiSpywareBot) -> No action taken.
C:\Documents and Settings\Laurence\Application Data\AntispywareBot\Log\2008 Nov 04 - 04_38_09 PM_484.log (Rogue.AntiSpywareBot) -> No action taken.
C:\Documents and Settings\Laurence\Application Data\AntispywareBot\Settings\ScanResults.pie (Rogue.AntiSpywareBot) -> No action taken.
C:\WINDOWS\system32\c.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\m.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\p.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\s.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\Tasks\AntispywareBot Scheduled Scan.job (Rogue.AntiSpywareBot) -> No action taken.
C:\Documents and Settings\Laurence\Favoris\SMS TRAP.url (Rogue.Link) -> No action taken.



J'ai supprimé les trucs selectionnés avec MBAM, mais les fenêtres pop up re-apparaissent encore... =/
Merci de ta patience!! xD ^^"

Re,

J'ai pas trouvé ce que tu voulais dire par "fichiers host" donc je t'envoie tout le rapport ^^"

SmitFraudFix v2.376

Rapport fait à 11:20:43,32, 23/11/2008
Executé à partir de D:\T‚l‚chargements\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\DOCUME~1\Laurence\Favoris\VIP Casino.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2DA0AD67-2538-42BA-927F-EF818CEC3FE0}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D0033AE2-7486-4129-9D33-FA88FAFB498D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2DA0AD67-2538-42BA-927F-EF818CEC3FE0}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D0033AE2-7486-4129-9D33-FA88FAFB498D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2DA0AD67-2538-42BA-927F-EF818CEC3FE0}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D0033AE2-7486-4129-9D33-FA88FAFB498D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Et le nouveau rapport Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:40, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2b\RpcAgentSrv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2b\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 5710 bytes


Voilà =)
PS : les fenêtres pop up reviennent ><

Voilà :


ComboFix 08-11-22.02 - Laurence 2008-11-23 12:16:27.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1266 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurence\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Laurence\Favoris\Cheap Pharmacy Online.url
c:\documents and settings\Laurence\Favoris\Search Online.url
c:\windows\system32\_004198_.tmp.dll
c:\windows\system32\_004199_.tmp.dll
c:\windows\system32\_004200_.tmp.dll
c:\windows\system32\_004201_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004209_.tmp.dll
c:\windows\system32\_004210_.tmp.dll
c:\windows\system32\_004211_.tmp.dll
c:\windows\system32\_004213_.tmp.dll
c:\windows\system32\_004214_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004218_.tmp.dll
c:\windows\system32\_004220_.tmp.dll
c:\windows\system32\_004221_.tmp.dll
c:\windows\system32\_004222_.tmp.dll
c:\windows\system32\_004224_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004228_.tmp.dll
c:\windows\system32\_004232_.tmp.dll
c:\windows\system32\_004233_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004238_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004242_.tmp.dll
c:\windows\system32\_004243_.tmp.dll
c:\windows\system32\_004244_.tmp.dll
c:\windows\system32\_004247_.tmp.dll
c:\windows\system32\_004248_.tmp.dll
c:\windows\system32\_004249_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004251_.tmp.dll
c:\windows\system32\_004256_.tmp.dll
c:\windows\system32\_004258_.tmp.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-23 au 2008-11-23 ))))))))))))))))))))))))))))))))))))
.

2008-11-23 11:21 . 2008-11-23 11:21 1,914 --a------ c:\windows\system32\tmp.reg
2008-11-23 11:20 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-23 11:20 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-23 11:20 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-23 11:20 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-23 11:20 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-23 11:20 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-23 11:20 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-23 11:20 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-23 11:20 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-23 11:20 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-22 21:56 . 2008-11-22 21:56 <REP> d-------- c:\documents and settings\Laurence\Application Data\Malwarebytes
2008-11-22 21:55 . 2008-11-22 21:55 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 21:55 . 2008-11-22 21:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-22 21:55 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 21:55 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-22 21:29 . 2008-11-22 22:26 <REP> d-------- c:\program files\Spyware Doctor
2008-11-22 21:29 . 2008-11-22 21:29 <REP> d-------- c:\documents and settings\Laurence\Application Data\PC Tools
2008-11-22 21:29 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-11-22 21:29 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-11-22 21:29 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-11-22 21:29 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-22 21:20 . 2008-11-22 21:20 <REP> d-------- c:\program files\Trend Micro
2008-11-22 20:13 . 2008-11-22 20:14 <REP> d-------- c:\program files\CleanUp!
2008-11-22 20:03 . 2008-11-22 20:03 <REP> d-------- C:\VundoFix Backups
2008-11-21 17:53 . 2008-11-22 12:34 <REP> d--h----- C:\$AVG8.VAULT$
2008-11-21 17:49 . 2008-11-23 10:05 <REP> d-------- c:\windows\system32\drivers\Avg
2008-11-21 17:49 . 2008-11-21 17:49 <REP> d-------- c:\program files\AVG
2008-11-21 17:49 . 2008-11-21 17:49 <REP> d-------- c:\documents and settings\Laurence\Application Data\AVGTOOLBAR
2008-11-21 17:49 . 2008-11-21 17:49 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-21 17:49 . 2008-11-21 17:49 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-21 17:49 . 2008-11-21 17:49 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-21 17:49 . 2008-11-21 17:49 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-21 17:06 . 2008-11-21 17:08 <REP> d-------- C:\MSNFix
2008-11-17 16:45 . 2008-11-17 17:01 <REP> d-------- c:\program files\WowCartographe
2008-11-16 15:19 . 2008-11-17 20:01 <REP> d-------- c:\program files\World of Warcraft
2008-11-16 14:40 . 2008-11-16 14:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-16 10:25 . 2008-11-16 10:25 <REP> d-------- C:\Logs
2008-11-16 09:44 . 2008-11-16 19:05 <REP> d-------- c:\windows\Patch Darluok
2008-11-16 00:23 . 2008-11-16 00:23 <REP> d-------- C:\WoW-2.0.0-frFR-Installer
2008-11-15 19:10 . 2001-09-30 19:10 246,784 --a------ c:\windows\system32\ActiveSkin.ocx
2008-11-15 19:10 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.MSNFix
2008-11-15 19:10 . 2002-01-18 18:12 112 --a------ c:\windows\ActiveSkin.INI
2008-11-14 20:29 . 2008-11-14 20:29 <REP> d-------- c:\program files\NCH Swift Sound
2008-11-14 20:29 . 2008-11-14 20:29 <REP> d-------- c:\program files\NCH Software
2008-11-14 20:29 . 2008-11-14 20:29 <REP> d-------- c:\documents and settings\Laurence\Application Data\Recordpad
2008-11-14 20:29 . 2008-11-15 19:46 <REP> d-------- c:\documents and settings\Laurence\Application Data\NCH Swift Sound
2008-11-14 20:29 . 2008-11-14 20:29 <REP> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-14 20:16 . 2008-11-14 20:16 <REP> d-------- c:\windows\system32\$(WinPath)
2008-11-14 20:16 . 2008-11-14 20:16 <REP> d-------- c:\program files\SoundRecorder
2008-11-14 20:16 . 2004-11-12 11:14 36,864 --a------ c:\windows\system32\SCLabel.ocx
2008-11-13 17:26 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 17:26 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 15:44 . 2008-11-12 15:44 <REP> d-------- c:\program files\Total Video Converter
2008-11-12 15:09 . 2008-11-12 15:44 <REP> d-------- c:\program files\AVS4YOU
2008-11-11 17:55 . 2008-05-06 07:01 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2008-11-11 17:55 . 2008-05-06 07:01 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2008-11-11 15:14 . 2008-11-11 15:14 <REP> d-------- c:\documents and settings\Laurence\Application Data\PGP Corporation
2008-11-11 15:13 . 2008-11-11 15:13 <REP> d-------- c:\documents and settings\All Users\Application Data\PGP Corporation
2008-11-11 15:12 . 2008-11-11 15:20 <REP> d-------- c:\program files\Fichiers communs\PGP Corporation
2008-11-11 15:12 . 2008-11-11 15:12 162,132 --a------ c:\windows\system32\PGPlspRollback.reg
2008-11-10 20:17 . 2008-11-10 20:17 268 --ah----- C:\sqmdata04.sqm
2008-11-10 20:17 . 2008-11-10 20:17 244 --ah----- C:\sqmnoopt04.sqm
2008-11-08 16:05 . 2008-11-08 16:05 <REP> d-------- c:\documents and settings\Laurence\Application Data\Grisoft
2008-11-08 16:05 . 2008-11-08 16:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-11-08 15:53 . 2008-11-08 15:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-08 13:27 . 2008-11-15 12:20 <REP> d-------- c:\program files\Wakfu
2008-11-07 17:33 . 2008-11-07 17:33 <REP> d-------- c:\program files\Recuva
2008-11-04 21:39 . 2008-11-04 21:39 <REP> d-------- c:\windows\usbbin
2008-11-04 21:39 . 2001-08-23 17:46 61,952 --a--c--- c:\windows\system32\dllcache\acerscad.dll
2008-11-04 21:39 . 2001-08-23 17:46 61,952 --a------ c:\windows\system32\AcerScaD.dll
2008-11-04 21:39 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-04 21:39 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-04 16:55 . 2008-11-04 16:55 <REP> d-------- c:\program files\Panicware
2008-11-02 10:43 . 2008-11-23 12:14 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-02 10:43 . 2008-11-02 11:01 <REP> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2008-11-02 10:43 . 2008-11-02 10:43 479,298 --a------ c:\windows\system32\wbocx.ocx
2008-11-02 10:43 . 2008-11-02 10:43 172,032 --a------ c:\windows\system32\AniGIF.ocx
2008-11-02 10:43 . 2008-11-02 10:43 50,688 --a------ c:\windows\system32\wbhelp2.dll
2008-10-31 23:42 . 2008-10-31 23:43 <REP> d-------- c:\program files\oO
2008-10-31 23:25 . 2008-10-31 23:27 <REP> d-------- c:\program files\Unlocker
2008-10-31 23:25 . 2008-11-22 23:54 <REP> d-------- c:\documents and settings\Laurence\Application Data\Desktopicon
2008-10-31 15:11 . 2008-10-31 15:11 <REP> d-------- c:\documents and settings\Laurence\Application Data\PCF-VLC
2008-10-31 15:09 . 2008-10-31 15:09 <REP> d-------- c:\documents and settings\Laurence\Application Data\Participatory Culture Foundation
2008-10-30 14:05 . 2008-11-11 19:15 <REP> d-------- c:\program files\adslTV
2008-10-29 22:56 . 2008-10-29 22:56 <REP> d-------- c:\program files\Fichiers communs\NSV
2008-10-29 22:53 . 2008-10-29 22:53 <REP> d-------- c:\program files\Fichiers communs\Nullsoft
2008-10-29 22:51 . 2008-11-04 12:17 <REP> d-------- c:\program files\worldTVRT
2008-10-29 22:51 . 2008-10-31 15:07 370 --a------ c:\windows\wTRTv5.ini
2008-10-29 19:14 . 2008-10-29 19:14 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2008-10-29 19:14 . 2008-10-29 19:14 <REP> d-------- c:\program files\Adobe Media Player
2008-10-29 14:32 . 2008-11-04 16:18 <REP> d-------- c:\program files\Proxomitron Naoko v4.5
2008-10-29 14:15 . 2006-03-02 13:00 185,344 --a------ c:\windows\system32\Thawbrkr.dll
2008-10-29 09:22 . 2008-10-29 09:22 <REP> d-------- c:\program files\Common Files
2008-10-29 09:22 . 2003-07-16 07:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2008-10-29 09:22 . 2004-12-30 22:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-10-28 16:02 . 2008-10-28 16:05 <REP> d-------- c:\program files\Ludi
2008-10-28 14:49 . 2008-10-28 14:49 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-27 11:26 . 2008-10-29 10:06 30 --a------ c:\windows\mscpt.dat
2008-10-27 11:25 . 2008-10-27 11:25 <REP> d-------- c:\program files\TLKGAMES
2008-10-26 22:55 . 2008-11-04 12:17 <REP> d-------- c:\program files\JW Player
2008-10-26 22:36 . 2008-10-26 22:36 <REP> d-------- c:\program files\Internet Download Manager
2008-10-26 22:36 . 2008-11-22 10:05 <REP> d-------- c:\documents and settings\Laurence\Application Data\IDM
2008-10-26 22:36 . 2008-11-23 12:12 <REP> d-------- c:\documents and settings\Laurence\Application Data\DMCache
2008-10-25 10:27 . 2008-10-25 10:27 38 --a------ c:\windows\AviSplitter.INI
2008-10-24 16:47 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 09:02 . 2008-10-28 12:21 <REP> d-------- c:\documents and settings\Laurence\dwhelper

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 10:24 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin
2008-11-22 09:16 --------- d-----w c:\program files\Dofus
2008-11-21 16:54 --------- d-----w c:\program files\Alice
2008-11-18 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2008-11-17 15:37 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-15 17:57 --------- d-----w c:\documents and settings\Laurence\Application Data\dvdcss
2008-11-14 19:12 --------- d-----w c:\documents and settings\Laurence\Application Data\LimeWire
2008-11-14 18:09 --------- d-----w c:\documents and settings\Laurence\Application Data\OpenOffice.org2
2008-11-12 14:44 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-11-05 12:06 --------- d-----w c:\program files\quake3
2008-11-04 17:39 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-04 11:17 --------- d-----w c:\program files\TmNationsForever
2008-11-04 11:17 --------- d-----w c:\program files\StuffPlug3
2008-11-04 11:17 --------- d-----w c:\program files\LimeWire
2008-11-04 11:17 --------- d-----w c:\program files\FairUse Wizard 2
2008-11-04 11:17 --------- d-----w c:\program files\CamStudio
2008-10-31 22:41 --------- d-----w c:\program files\Free Video Converter
2008-10-31 22:00 --------- d-----w c:\program files\Winamp
2008-10-31 22:00 --------- d-----w c:\program files\Mozilla Thunderbird
2008-10-28 13:49 --------- d-----w c:\program files\Java
2008-10-24 17:29 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-24 17:09 --------- d-----w c:\documents and settings\Laurence\Application Data\XnView
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 20:04 --------- d-----w c:\program files\DivX
2008-10-16 17:16 --------- d-----w c:\documents and settings\Laurence\Application Data\Winamp
2008-10-11 20:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-11 20:32 --------- d-----w c:\program files\gPotato.eu
2008-10-11 17:50 --------- d-----w c:\program files\PhotoFiltre Studio
2008-10-11 12:50 --------- d-----w c:\program files\SQLyog Community
2008-10-11 12:18 --------- d-----w c:\program files\JeffProd
2008-10-11 12:08 --------- d-----w c:\documents and settings\Laurence\Application Data\SQLyog
2008-10-10 17:42 --------- d-----w c:\documents and settings\Laurence\Application Data\Apple Computer
2008-10-09 16:01 --------- d-----w c:\program files\Windows Journal Viewer
2008-10-09 16:00 --------- d-----w c:\program files\QuickTime
2008-10-09 16:00 --------- d-----w c:\program files\iTunes
2008-10-09 16:00 --------- d-----w c:\program files\iPod
2008-10-09 16:00 --------- d-----w c:\program files\Fichiers communs\Apple
2008-10-09 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-09 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 15:59 --------- d-----w c:\program files\Apple Software Update
2008-10-09 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-06 15:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-06 15:07 --------- d-----w c:\program files\Messenger Plus! Live
2008-09-29 17:32 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-28 16:46 --------- d-----w c:\program files\Real
2008-09-28 16:46 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-09-28 16:46 --------- d-----w c:\program files\Fichiers communs\Real
2008-09-27 13:18 --------- d-----w c:\documents and settings\Laurence\Application Data\AVS4YOU
2008-09-27 13:18 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-09-27 10:22 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-12 10:44 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 08:11 826,368 ------w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-10-19 5724184]
"Google Update"="c:\documents and settings\Laurence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-11 133104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-09-12 2610608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-11-14 577540]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-21 1234712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\RpcAgentSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\cstrike.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\quake3\\quake3\\quake132.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2b\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\quake3\\quake3\\cnq3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"d:\\Téléchargements\\WoWq.exe"=
"d:\\Téléchargements\\WoWBC.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-21 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-21 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-21 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-21 76040]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2b\RpcAgentSrv.exe [2008-07-08 98488]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;c:\windows\system32\drivers\asusgsb.sys [2008-07-08 12416]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys [2008-07-08 10752]
S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\DRIVERS\MRVW225.sys [2008-07-08 299904]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-22 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Laurence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-11 13:18]

2008-11-23 c:\windows\Tasks\Pop-Up Stopper Free Edition.job
- c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe [2005-03-17 11:10]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Laurence\Application Data\Mozilla\Firefox\Profiles\2grnaqm5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.speedbit.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 12:17:16
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\idmmbc.dll
.
Heure de fin: 2008-11-23 12:17:52
ComboFix-quarantined-files.txt 2008-11-23 11:17:40

Avant-CF: 15 467 343 872 octets libres
Après-CF: 15,443,853,312 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer

325 --- E O F --- 2008-11-13 16:29:58



"je vais m'en sortir docteur ?" ^^

Oui je n'ai plus les fenêtres ad.yieldmanager qui s'ouvrent dans Google Chrome mais maintenant j'ai des fenêtres ou il n'y a rien (page blanche) qui s'ouvrent dans IE ...

Je comprends pu rien xD

J'ai un ordi bizarre mais pourtant performant

Voila info.txt


info.txt logfile of random's system information tool 1.04 2008-11-24 18:07:03

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3nity Sound Recorder-->"C:\Program Files\SoundRecorder\unins000.exe"
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->msiexec /qb /x {5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Media Player-->MsiExec.exe /I{5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
Ahead Nero Burning ROM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUS Gamer OSD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dofus 1.25.0-->C:\Program Files\Dofus\uninstall.exe
ExplorerXP (remove only)-->C:\Program Files\ExplorerXP\Uninst.exe
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
FairUse Wizard 2 LE-->"C:\Program Files\FairUse Wizard 2\un_FU-Setup_14333.exe"
File Writer output plugin for WinAMP 2 v1.21b (remove only)-->"C:\Program Files\Winamp\Plugins\uninstfilewrite.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Video Converter V 1.3-->"C:\Program Files\Free Video Converter\unins000.exe"
GIMP 2.4.2-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kit de Connexion Alice ADSL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}\setup.exe" -l0x40c ControlPanel
K-Lite Mega Codec Pack 3.5.7-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Ludi-->C:\Program Files\Ludi\uninstall.exe
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Moniteur WiFi OLITEC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE06F9AA-6C9D-4D64-A028-41B6340200AF}\setup.exe" -l0x40c -removeonly
Mozilla Firefox (2.0.0.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MySQL-Front 3.2-->"C:\Program Files\MySQL-Front\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.3-->MsiExec.exe /I{417E90DF-A9C4-43C4-90D9-FD7F107B68DB}
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C7A451815AD6A55564D6F47B5A12C61D8B4DCFD1\amdk8.inf
Patch Darluok-->"C:\WINDOWS\Patch Darluok\uninstall.exe" "/U:C:\Program Files\World of Warcraft\Uninstall\uninstall.xml"
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Pop-Up Stopper Free Edition-->C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rappelz-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01A8838A-9469-425F-A5FB-FC14D4CF93B9}\setup.exe" -l0x40c -removeonly
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.EXE -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly
Recordpad-->C:\Program Files\NCH Swift Sound\Recordpad\uninst.exe
Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"
SiSoftware Sandra Lite XII.SP2b-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2b\unins000.exe"
Sony Media Manager 2.2-->MsiExec.exe /X{44DE93F5-EAD8-40E4-95B3-6FC7B81517F9}
Sony Vegas 7.0c-->MsiExec.exe /X{DD690C53-FACF-4B26-A1CA-300C761BB9C9}
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
StuffPlug 3-->C:\Program Files\StuffPlug3\Uninstall.exe
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Total Video Converter 3.11 070908-->"C:\Program Files\Total Video Converter\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wakfu-->C:\Program Files\Wakfu\uninstall.exe
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp Toolbar for Firefox-->"C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\2grnaqm5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
world TVRT Special Edition 7.02-->C:\Program Files\worldTVRT\uninst.exe
Wow Cartographe 1.09-->C:\Program Files\WowCartographe\uninst.exe
XnView 1.91.6-->"C:\Program Files\XnView\unins000.exe"
XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Smart Projects\IsoBuster
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2b
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------



Et voilà log.txt


Logfile of random's system information tool 1.04 (written by random/random)
Run by Laurence at 2008-11-24 18:06:55
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 15 GB (30%) free of 50 GB
Total RAM: 2046 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:02, on 24/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2b\RpcAgentSrv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Dofus\Dofus.exe
C:\Program Files\Dofus\dofus.dll
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Téléchargements\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Laurence.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2b\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 5890 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\Pop-Up Stopper Free Edition.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-21 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-21 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-21 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"ISUSPM Startup"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"Recordpad"=C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe [2008-11-14 577540]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-21 1234712]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-10-19 5724184]
"Google Update"=C:\Documents and Settings\Laurence\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-11 133104]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2008-09-12 2610608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFavoritesMenu"=0
"NoSimpleStartMenu"=0
"NoUserNameInStartMenu"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2b\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2b\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike 1.6\cstrike.exe"="C:\Program Files\Counter-Strike 1.6\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\quake3\quake3\quake132.exe"="C:\Program Files\quake3\quake3\quake132.exe:*:Enabled:quake132"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2b\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2b\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\quake3\quake3\cnq3.exe"="C:\Program Files\quake3\quake3\cnq3.exe:*:Enabled:cnq3"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv"
"D:\Téléchargements\WoWq.exe"="D:\Téléchargements\WoWq.exe:*:Enabled:Blizzard Downloader"
"D:\Téléchargements\WoWBC.exe"="D:\Téléchargements\WoWBC.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-11-24 18:06:55 ----D---- C:\rsit
2008-11-23 18:21:22 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-23 16:32:17 ----SHD---- C:\RECYCLER
2008-11-23 15:12:40 ----D---- C:\Program Files\No-IP
2008-11-23 12:17:53 ----A---- C:\ComboFix.txt
2008-11-23 12:16:13 ----A---- C:\Boot.bak
2008-11-23 12:16:09 ----RASHD---- C:\cmdcons
2008-11-23 12:15:18 ----A---- C:\WINDOWS\zip.exe
2008-11-23 12:15:18 ----A---- C:\WINDOWS\VFIND.exe
2008-11-23 12:15:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-23 12:15:18 ----A---- C:\WINDOWS\SWSC.exe
2008-11-23 12:15:18 ----A---- C:\WINDOWS\SWREG.exe
2008-11-23 12:15:18 ----A---- C:\WINDOWS\sed.exe
2008-11-23 12:15:18 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-23 12:15:18 ----A---- C:\WINDOWS\grep.exe
2008-11-23 12:15:18 ----A---- C:\WINDOWS\fdsv.exe
2008-11-23 12:15:14 ----D---- C:\WINDOWS\ERDNT
2008-11-23 12:15:14 ----D---- C:\Qoobox
2008-11-23 12:15:14 ----D---- C:\ComboFix
2008-11-23 11:21:08 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-23 11:20:43 ----A---- C:\rapport.txt
2008-11-23 11:20:31 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-23 11:20:31 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-23 11:20:30 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-11-23 11:20:30 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-11-23 11:20:30 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-11-23 11:20:29 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-11-23 11:20:29 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-11-23 11:20:28 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-11-23 11:20:28 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-11-23 11:20:27 ----A---- C:\WINDOWS\system32\Process.exe
2008-11-22 21:56:00 ----D---- C:\Documents and Settings\Laurence\Application Data\Malwarebytes
2008-11-22 21:55:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 21:55:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-22 21:29:45 ----D---- C:\Program Files\Spyware Doctor
2008-11-22 21:29:45 ----D---- C:\Documents and Settings\Laurence\Application Data\PC Tools
2008-11-22 21:20:50 ----D---- C:\Program Files\Trend Micro
2008-11-22 20:13:58 ----D---- C:\Program Files\CleanUp!
2008-11-22 20:03:52 ----D---- C:\VundoFix Backups
2008-11-22 20:03:52 ----A---- C:\VundoFix.txt
2008-11-21 17:53:06 ----HD---- C:\$AVG8.VAULT$
2008-11-21 17:49:15 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-11-21 17:49:08 ----D---- C:\Documents and Settings\Laurence\Application Data\AVGTOOLBAR
2008-11-21 17:49:03 ----D---- C:\Program Files\AVG
2008-11-21 17:49:03 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-21 17:08:25 ----A---- C:\WINDOWS\err.txt
2008-11-21 17:07:57 ----A---- C:\WINDOWS\presf.txt
2008-11-21 17:07:32 ----A---- C:\WINDOWS\msnfix.txt
2008-11-21 17:06:01 ----D---- C:\MSNFix
2008-11-17 16:45:52 ----D---- C:\Program Files\WowCartographe
2008-11-16 15:19:45 ----D---- C:\Program Files\World of Warcraft
2008-11-16 14:40:46 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-11-16 10:25:14 ----D---- C:\Logs
2008-11-16 09:44:13 ----D---- C:\WINDOWS\Patch Darluok
2008-11-16 00:23:54 ----D---- C:\WoW-2.0.0-frFR-Installer
2008-11-15 19:41:30 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-15 19:10:44 ----A---- C:\WINDOWS\ActiveSkin.INI
2008-11-14 20:29:40 ----D---- C:\Documents and Settings\Laurence\Application Data\Recordpad
2008-11-14 20:29:40 ----D---- C:\Documents and Settings\Laurence\Application Data\NCH Swift Sound
2008-11-14 20:29:32 ----D---- C:\Program Files\NCH Software
2008-11-14 20:29:29 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-11-14 20:29:02 ----D---- C:\Program Files\NCH Swift Sound
2008-11-14 20:16:39 ----D---- C:\WINDOWS\system32\$(WinPath)
2008-11-14 20:16:39 ----D---- C:\Program Files\SoundRecorder
2008-11-13 17:29:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 17:29:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 17:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 15:44:06 ----D---- C:\Program Files\Total Video Converter
2008-11-12 15:09:13 ----D---- C:\Program Files\AVS4YOU
2008-11-11 17:55:17 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2008-11-11 17:55:16 ----A---- C:\temp.txt
2008-11-11 15:14:00 ----D---- C:\Documents and Settings\Laurence\Application Data\PGP Corporation
2008-11-11 15:13:44 ----D---- C:\Documents and Settings\All Users\Application Data\PGP Corporation
2008-11-11 15:12:33 ----D---- C:\Program Files\Fichiers communs\PGP Corporation
2008-11-10 23:16:21 ----D---- C:\Program Files\xerox
2008-11-08 16:05:07 ----D---- C:\Documents and Settings\Laurence\Application Data\Grisoft
2008-11-08 16:05:00 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-11-08 15:53:47 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-08 13:27:58 ----D---- C:\Program Files\Wakfu
2008-11-07 17:33:10 ----D---- C:\Program Files\Recuva
2008-11-04 21:39:30 ----D---- C:\WINDOWS\usbbin
2008-11-04 21:39:30 ----A---- C:\WINDOWS\system32\AcerScaD.dll
2008-11-04 16:55:48 ----D---- C:\Program Files\Panicware
2008-11-02 10:43:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-02 10:43:15 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-11-02 10:43:13 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2008-10-31 23:42:59 ----D---- C:\Program Files\oO
2008-10-31 23:31:41 ----D---- C:\WINDOWS\pss
2008-10-31 23:25:06 ----D---- C:\Documents and Settings\Laurence\Application Data\Desktopicon
2008-10-31 23:25:05 ----D---- C:\Program Files\Unlocker
2008-10-31 15:11:12 ----D---- C:\Documents and Settings\Laurence\Application Data\PCF-VLC
2008-10-31 15:09:05 ----D---- C:\Documents and Settings\Laurence\Application Data\Participatory Culture Foundation
2008-10-30 14:05:07 ----D---- C:\Program Files\adslTV
2008-10-29 22:56:49 ----D---- C:\Program Files\Fichiers communs\NSV
2008-10-29 22:53:49 ----D---- C:\Program Files\Fichiers communs\Nullsoft
2008-10-29 22:51:39 ----A---- C:\WINDOWS\wTRTv5.ini
2008-10-29 22:51:07 ----D---- C:\Program Files\worldTVRT
2008-10-29 19:14:39 ----D---- C:\Program Files\Adobe Media Player
2008-10-29 19:14:36 ----D---- C:\Program Files\Fichiers communs\Adobe AIR
2008-10-29 14:32:40 ----D---- C:\Program Files\Proxomitron Naoko v4.5
2008-10-29 14:16:22 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-10-29 14:16:22 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-10-29 14:16:22 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-10-29 14:16:21 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-10-29 14:16:10 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-10-29 14:16:02 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-10-29 14:16:02 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-10-29 14:16:02 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-10-29 14:15:49 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-10-29 14:15:42 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-10-29 14:15:42 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-10-29 14:15:42 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-10-29 14:15:42 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-10-29 14:15:40 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-10-29 14:15:40 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-10-29 14:15:39 ----RA---- C:\WINDOWS\system32\kbdintel.dll
2008-10-29 14:15:39 ----RA---- C:\WINDOWS\system32\kbdintam.dll
2008-10-29 14:15:39 ----RA---- C:\WINDOWS\system32\kbdinpun.dll
2008-10-29 14:15:39 ----RA---- C:\WINDOWS\system32\kbdinmar.dll
2008-10-29 14:15:39 ----RA---- C:\WINDOWS\system32\kbdinkan.dll
2008-10-29 14:15:39 ----RA---- C:\WINDOWS\system32\kbdinhin.dll
2008-10-29 14:15:39 ----RA---- C:\WINDOWS\system32\kbdinguj.dll
2008-10-29 14:15:39 ----RA---- C:\WINDOWS\system32\kbdindev.dll
2008-10-29 14:15:39 ----RA---- C:\WINDOWS\system32\kbdgeo.dll
2008-10-29 14:15:39 ----RA---- C:\WINDOWS\system32\kbdarmw.dll
2008-10-29 14:15:39 ----RA---- C:\WINDOWS\system32\kbdarme.dll
2008-10-29 14:15:39 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2008-10-29 14:15:39 ----A---- C:\WINDOWS\system32\c_iscii.dll
2008-10-29 14:15:38 ----RA---- C:\WINDOWS\system32\kbdvntc.dll
2008-10-29 14:15:37 ----RA---- C:\WINDOWS\system32\kbdsyr2.dll
2008-10-29 14:15:37 ----RA---- C:\WINDOWS\system32\kbdsyr1.dll
2008-10-29 14:15:37 ----RA---- C:\WINDOWS\system32\kbddiv2.dll
2008-10-29 14:15:36 ----RA---- C:\WINDOWS\system32\kbdurdu.dll
2008-10-29 14:15:36 ----RA---- C:\WINDOWS\system32\kbdfa.dll
2008-10-29 14:15:36 ----RA---- C:\WINDOWS\system32\kbddiv1.dll
2008-10-29 14:15:36 ----RA---- C:\WINDOWS\system32\kbda3.dll
2008-10-29 14:15:36 ----RA---- C:\WINDOWS\system32\kbda2.dll
2008-10-29 14:15:36 ----RA---- C:\WINDOWS\system32\kbda1.dll
2008-10-29 14:15:36 ----A---- C:\WINDOWS\system32\kbdusa.dll
2008-10-29 14:15:35 ----RA---- C:\WINDOWS\system32\kbdheb.dll
2008-10-29 14:15:32 ----RA---- C:\WINDOWS\system32\kbdth3.dll
2008-10-29 14:15:32 ----RA---- C:\WINDOWS\system32\kbdth2.dll
2008-10-29 14:15:32 ----RA---- C:\WINDOWS\system32\kbdth1.dll
2008-10-29 14:15:32 ----RA---- C:\WINDOWS\system32\kbdth0.dll
2008-10-29 14:15:31 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2008-10-29 09:22:13 ----D---- C:\Program Files\Common Files
2008-10-28 16:02:25 ----D---- C:\Program Files\Ludi
2008-10-28 14:49:41 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-27 11:25:54 ----D---- C:\Program Files\TLKGAMES
2008-10-26 22:55:12 ----D---- C:\Program Files\JW Player
2008-10-26 22:36:40 ----D---- C:\Documents and Settings\Laurence\Application Data\IDM
2008-10-26 22:36:40 ----D---- C:\Documents and Settings\Laurence\Application Data\DMCache
2008-10-26 22:36:37 ----D---- C:\Program Files\Internet Download Manager
2008-10-25 10:27:58 ----A---- C:\WINDOWS\AviSplitter.INI

======List of files/folders modified in the last 1 months======

2008-11-24 18:07:02 ----D---- C:\WINDOWS\Temp
2008-11-24 18:07:00 ----D---- C:\WINDOWS\Prefetch
2008-11-24 16:52:24 ----D---- C:\WINDOWS
2008-11-24 16:52:03 ----D---- C:\WINDOWS\system32\drivers
2008-11-23 22:23:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-23 20:05:52 ----D---- C:\Documents and Settings\Laurence\Application Data\OpenOffice.org2
2008-11-23 18:24:29 ----HD---- C:\WINDOWS\inf
2008-11-23 18:21:22 ----RD---- C:\Program Files
2008-11-23 17:50:52 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-23 12:17:55 ----D---- C:\WINDOWS\system32
2008-11-23 12:17:17 ----A---- C:\WINDOWS\system.ini
2008-11-23 12:16:53 ----D---- C:\WINDOWS\AppPatch
2008-11-23 12:16:53 ----D---- C:\Program Files\Fichiers communs
2008-11-23 12:16:13 ----RASH---- C:\boot.ini
2008-11-22 23:58:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-22 18:14:18 ----A---- C:\WINDOWS\win.ini
2008-11-22 10:16:09 ----D---- C:\Program Files\Dofus
2008-11-21 22:36:34 ----D---- C:\WINDOWS\Debug
2008-11-21 17:54:43 ----D---- C:\Program Files\Alice
2008-11-21 17:49:01 ----SHD---- C:\WINDOWS\Installer
2008-11-21 17:48:17 ----SD---- C:\Documents and Settings\Laurence\Application Data\Microsoft
2008-11-18 19:18:44 ----D---- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-11-17 22:10:32 ----SD---- C:\WINDOWS\Tasks
2008-11-17 16:37:52 ----D---- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-11-16 09:48:03 ----D---- C:\Program Files\Mozilla Firefox
2008-11-15 19:43:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-15 19:41:21 ----D---- C:\Program Files\Windows Media Player
2008-11-15 19:41:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-15 19:41:20 ----D---- C:\WINDOWS\Help
2008-11-15 18:57:19 ----D---- C:\Documents and Settings\Laurence\Application Data\dvdcss
2008-11-14 20:12:44 ----D---- C:\Documents and Settings\Laurence\Application Data\LimeWire
2008-11-13 17:29:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 15:44:27 ----D---- C:\Program Files\Fichiers communs\AVSMedia
2008-11-12 15:44:08 ----RSD---- C:\WINDOWS\Fonts
2008-11-12 15:09:19 ----D---- C:\WINDOWS\WinSxS
2008-11-12 15:09:19 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-11-10 20:11:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-05 13:06:25 ----D---- C:\Program Files\quake3
2008-11-04 12:18:45 ----D---- C:\Program Files\Messenger
2008-11-04 12:17:51 ----D---- C:\Program Files\TmNationsForever
2008-11-04 12:17:51 ----D---- C:\Program Files\StuffPlug3
2008-11-04 12:17:50 ----D---- C:\Program Files\LimeWire
2008-11-04 12:17:50 ----D---- C:\Program Files\FairUse Wizard 2
2008-11-04 12:17:50 ----D---- C:\Program Files\CamStudio
2008-11-04 01:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-31 23:41:57 ----D---- C:\Program Files\Free Video Converter
2008-10-31 23:00:23 ----D---- C:\Program Files\Mozilla Thunderbird
2008-10-31 23:00:03 ----D---- C:\Program Files\Winamp
2008-10-31 15:09:08 ----D---- C:\Documents and Settings\Laurence\Application Data\Mozilla
2008-10-29 19:14:41 ----D---- C:\Documents and Settings\Laurence\Application Data\Adobe
2008-10-29 19:14:41 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-29 12:57:19 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-28 14:49:38 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-28 14:49:38 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-28 14:49:38 ----A---- C:\WINDOWS\system32\java.exe
2008-10-28 14:49:37 ----D---- C:\Program Files\Java
2008-10-28 14:19:56 ----D---- C:\WINDOWS\Minidump
2008-10-26 18:54:23 ----D---- C:\Download

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-07-12 11136]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-21 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-21 26824]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-21 76040]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2007-07-12 10752]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP; C:\WINDOWS\system32\DRIVERS\MRVW225.sys [2006-09-29 299904]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2b\WNt500x86\Sandra.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-21 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-21 231704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-28 147456]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2b\RpcAgentSrv.exe [2008-04-17 98488]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2007-07-12 257024]
S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-14 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

-----------------EOF-----------------

On est encore loin ou c'est bien parti ?

ça change rien =/

Mais merci quand même pour ton aide, ça aura quand même réglé quelques bug par-ci par-là ^^'

Si quelqu'un d'autre a une idée, qu'il n'hésite pas