Tom's Guide > Forum > Sécurité - Virus > Infection PC

Infection PC

Forum Sécurité - Virus : Infection PC

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !

Créer un nouveau sujet Répondre

Bas de page Chercher dans ce sujet

Bonjour à tous,

Depuis hier mon pc s'est fait infecté et je n'arrive pas à me débarrasser de la menace. J'ai des pop-up et des messages d'alerte du type "Warning!!! Your computer is infected!...".

Quelqu'un pourrait me filer un coup de main svp ?

Merci d'avance pour vos réponses.

Toms

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Voici le résultat du scan RIST :

Rapport LOG :

Spoiler :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Toms at 2009-02-22 18:57:09
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 50 GB (21%) free of 238 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:52, on 22/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Toms\Application Data\uninstall.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\x.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Toms\Bureau\RSIT.exe
C:\Program Files\trend micro\Toms.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\mlJBTjhH.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {94AB205C-18C6-4E03-98E5-1370A981A2F9} - C:\WINDOWS\system32\efcARhHY.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winupdate] C:\Documents and Settings\Toms\Application Data\uninstall.exe
O4 - HKLM\..\Run: [5cab08aa] rundll32.exe "C:\WINDOWS\system32\oetrmelq.dll",b
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [winupdate] C:\Documents and Settings\Toms\Application Data\uninstall.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1343024091-413027322-725345543-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-21-1343024091-413027322-725345543-1008\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe" (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 0753717218
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _1_1_0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Unibet/FlashAX.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - Winlogon Notify: mlJBTjhH - C:\WINDOWS\SYSTEM32\mlJBTjhH.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 13815 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
dsWebAllowBHO Class - C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\mlJBTjhH.dll [2009-02-22 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94AB205C-18C6-4E03-98E5-1370A981A2F9}]
C:\WINDOWS\system32\efcARhHY.dll [2009-02-22 237568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-22 136600]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
""= []
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-27 734264]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-09 13680640]
"nwiz"=nwiz.exe /install []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-09 86016]
"winupdate"=C:\Documents and Settings\Toms\Application Data\uninstall.exe [2009-02-21 24576]
"5cab08aa"=C:\WINDOWS\system32\oetrmelq.dll [2009-02-22 68608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"kava"=C:\WINDOWS\system32\kavo.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-11-23 203720]
"winupdate"=C:\Documents and Settings\Toms\Application Data\uninstall.exe [2009-02-21 24576]
"Power2GoExpress"=C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe /Startup []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

C:\Documents and Settings\Toms\Menu Démarrer\Programmes\Démarrage
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJBTjhH]
C:\WINDOWS\system32\mlJBTjhH.dll [2009-02-22 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\mlJBTjhH.dll [2009-02-22 37376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcARhHY

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:EnablednkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ada51f1-c5fd-11dc-b712-001d606d102c}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cdc4820-34e0-11dd-b78b-0014d142f8b1}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47322c1c-f302-11dd-b886-001cdf911245}]
shell\AutoRun\command - F:\
shell\explore\command - F:\RECYCLED\INFO.exe
shell\open\command - F:\RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aad1346-8993-11dd-b7d1-001cdf911245}]
shell\AutoRun\command - J:\EmDesk.exe
shell\EmDesk\command - J:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dd81fa1-fb67-11dd-b8a2-001cdf911245}]
shell\AutoRun\command - E:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d89e4fc8-c5ee-11dd-b83c-001cdf911245}]
shell\AutoRun\command - G:\
shell\explore\command - G:\RECYCLED\INFO.exe
shell\open\command - G:\RECYCLED\INFO.exe

======List of files/folders created in the last 1 months======

2009-02-22 18:57:15 ----D---- C:\Program Files\trend micro
2009-02-22 18:57:09 ----D---- C:\rsit
2009-02-22 12:33:51 ----SH---- C:\WINDOWS\system32\qlemrteo.ini
2009-02-22 12:33:48 ----A---- C:\WINDOWS\system32\oetrmelq.dll
2009-02-22 12:33:47 ----A---- C:\WINDOWS\system32\5788ccd4-.txt
2009-02-22 12:33:19 ----ASH---- C:\WINDOWS\system32\YHhRAcfe.ini2
2009-02-22 12:33:19 ----ASH---- C:\WINDOWS\system32\YHhRAcfe.ini
2009-02-22 12:33:17 ----A---- C:\WINDOWS\system32\efcARhHY.dll
2009-02-22 12:32:02 ----D---- C:\Documents and Settings\Toms\Application Data\CyberLink
2009-02-22 12:29:31 ----D---- C:\Program Files\CyberLink
2009-02-22 12:29:15 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-02-22 12:28:05 ----A---- C:\WINDOWS\system32\x5.exe
2009-02-22 12:28:00 ----A---- C:\WINDOWS\system32\mlJBTjhH.dll
2009-02-22 12:19:49 ----A---- C:\x.exe
2009-02-22 00:17:12 ----D---- C:\Documents and Settings\Toms\Application Data\vlc
2009-02-22 00:15:48 ----D---- C:\Program Files\VideoLAN
2009-02-21 23:40:55 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-02-21 23:37:29 ----A---- C:\Documents and Settings\Toms\Application Data\CyberLink_Power2Go6.exe
2009-02-21 23:37:27 ----A---- C:\Documents and Settings\Toms\Application Data\uninstall.exe
2009-02-21 23:14:41 ----D---- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2009-02-20 16:28:34 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-02-20 16:16:27 ----D---- C:\Program Files\ma-config.com
2009-02-20 16:16:27 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-02-15 16:10:08 ----D---- C:\Program Files\Lavalys
2009-02-15 14:53:13 ----D---- C:\WINDOWS\74224F8D4A1748169EDB7BB854DE532C.TMP
2009-02-15 14:31:53 ----D---- C:\Program Files\DAEMON Tools Pro
2009-02-12 01:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-02-05 15:27:09 ----D---- C:\Program Files\The Witcher Enhanced Edition
2009-02-01 12:20:51 ----D---- C:\Program Files\Everest Casino

======List of files/folders modified in the last 1 months======

2009-02-22 18:57:15 ----D---- C:\Program Files
2009-02-22 18:48:41 ----D---- C:\WINDOWS\system32
2009-02-22 17:59:23 ----D---- C:\WINDOWS\Temp
2009-02-22 17:35:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-22 16:17:36 ----D---- C:\Program Files\PokerStars
2009-02-22 16:15:39 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-22 14:02:10 ----D---- C:\Documents and Settings\Toms\Application Data\Microgaming
2009-02-22 14:00:26 ----D---- C:\Program Files\Everest Poker
2009-02-22 13:58:16 ----A---- C:\WINDOWS\RTacDbg.txt
2009-02-22 13:47:49 ----D---- C:\WINDOWS
2009-02-22 13:46:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-22 12:35:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-22 12:34:54 ----D---- C:\Program Files\Fichiers communs
2009-02-22 12:34:52 ----SHD---- C:\WINDOWS\Installer
2009-02-22 12:15:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-22 12:14:43 ----RASH---- C:\boot.ini
2009-02-22 03:04:11 ----D---- C:\Documents and Settings\Toms\Application Data\Azureus
2009-02-21 23:40:57 ----D---- C:\WINDOWS\Prefetch
2009-02-20 16:38:17 ----D---- C:\NVIDIA
2009-02-20 16:35:39 ----HD---- C:\WINDOWS\inf
2009-02-20 16:35:14 ----D---- C:\WINDOWS\Help
2009-02-20 16:35:13 ----D---- C:\WINDOWS\nview
2009-02-20 16:34:04 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-02-20 16:33:46 ----D---- C:\Program Files\AGEIA Technologies
2009-02-20 16:32:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-20 16:32:49 ----D---- C:\WINDOWS\system32\drivers
2009-02-20 16:32:41 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-20 16:28:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-20 16:16:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-15 15:24:31 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-02-15 14:54:05 ----D---- C:\WINDOWS\system32\DirectX
2009-02-15 14:53:54 ----RSD---- C:\WINDOWS\assembly
2009-02-15 14:52:54 ----D---- C:\Program Files\Ubisoft
2009-02-15 14:32:10 ----AC---- C:\WINDOWS\system32\BASSMOD.dll
2009-02-12 01:36:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-12 01:36:19 ----A---- C:\WINDOWS\imsins.BAK
2009-02-12 01:36:10 ----D---- C:\Program Files\Internet Explorer
2009-02-12 01:36:02 ----D---- C:\WINDOWS\ie7updates
2009-02-09 22:44:31 ----D---- C:\WINDOWS\Minidump
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwssr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsth.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrses.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrszht.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrstr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsth.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrssv.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrssl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrssk.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsru.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrspt.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrspl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsno.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsko.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsja.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsit.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrshu.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrshe.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrses.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrseng.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsel.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsde.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsda.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrscs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsar.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nview.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\keystone.exe
2009-02-05 22:11:35 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-04 19:07:00 ----D---- C:\Documents and Settings\Toms\Application Data\U3
2009-02-04 00:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-28 11:25:59 ----D---- C:\Program Files\Azureus

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-04-14 21035]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-05 279712]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-05 25888]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-30 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-09 6307328]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 517632]
R3 TotRec7;Total Recorder WDM audio driver; C:\WINDOWS\system32\drivers\TotRec7.sys [2008-10-23 126472]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-27 61984]
S3 aafaxoqt;aafaxoqt; C:\WINDOWS\system32\drivers\aafaxoqt.sys []
S3 alb1tw10;alb1tw10; C:\WINDOWS\system32\drivers\alb1tw10.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 215040]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2008-06-03 72704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-22 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-09 163908]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-02 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-22 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-02 183112]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe [2008-12-03 72704]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Rapport INFO :

Spoiler :

info.txt logfile of random's system information tool 1.05 2009-02-22 18:57:59

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dk-mat-pack v.0905-->C:\Documents and Settings\Toms\Bureau\Uninstal.exe
3dk-mat-pack v.1005-->C:\Documents and Settings\Toms\Bureau\U3dkmpo5.exe
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=040c
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Age of Empires III - The Asian Dynasties-->C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\install.exe -runfromtemp -l0x040c
Age of Empires III - The WarChiefs-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{485775E8-AEB8-46BD-922B-242879E03DD5}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\System32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\System32\Attansic\L1 x86 1969 1048 L1
Autodesk 3ds Max 8 Additional Maps and Materials-->MsiExec.exe /I{59D070F5-CCE6-418B-84A3-CCA63D75ED8A}
Autodesk 3ds Max 8 Architectural Materials-->MsiExec.exe /I{28FDF917-8750-4A54-9E05-D7798E699B47}
Autodesk 3ds Max 8 Reference Files-->MsiExec.exe /I{73C935A7-36C6-48B5-A32E-FD5BD96FD25C}
Autodesk 3ds Max 9 32-bit-->MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Brothers in Arms: Hell's Highway-->C:\Program Files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\uninst.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative DVD Audio Plugin for Audigy Series-->"C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Elys - Yuda The Elder Trainer-->MsiExec.exe /I{3EBDE066-429C-44BD-8640-09E104EB0E45}
EuroPoker (remove only)-->"C:\Program Files\EuroPoker\uninstall.exe"
Everest Casino (Remove Only)-->C:\Program Files\Everest Casino\cstart.exe /uninstall
Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall
EVEREST Ultimate Edition v5.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FBX Plugin 2006.08 for Max 9.0-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
GameTime+-->MsiExec.exe /I{8DFB3904-FBDB-4C2B-AC98-20EFDD37C83D}
Garmin City Navigator Europe NT 2008-->MsiExec.exe /X{EEC8205A-E3DE-4C00-B60C-48E3B9B58B13}
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
GTA San Andreas-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterVideo WinDVD 5-->"C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{9F5DF7FC-3AF2-4502-9084-F62FC00A5A3F}
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Oblivion - Construction Set-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23D683DD-93C6-48E6-B84E-78B57778F126}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion mod manager 1.1.12-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
Oblivion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\SETUP.EXE" -l0x40c -removeonly
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Poker 770-->"C:\Poker\Poker 770\_SetupCasino.exe" /uninstall
Poker Tracker Version 2.17.02-->"C:\Program Files\Poker Tracker V2\unins000.exe"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /uokerStars
PokerTracker 3 (remove only)-->"C:\Program Files\PokerTracker 3\uninstall.exe"
PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
SQLite ODBC Driver (remove only)-->C:\Program Files\SQLite ODBC Driver\Uninstall.exe
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeLL me More-->"C:\TELL ME MORE NV\BIN\unsetup.exe" -file "C:\TELL ME MORE NV\unsetup.aui"
The Club-->"C:\Program Files\InstallShield Installation Information\{5695B707-C5A9-4EF4-9534-31A798683362}\setup.exe" -runfromtemp -l0x040c -removeonly
The Witcher Enhanced Edition-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x040c -removeonly
Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker.exe" /uninstall
Total Recorder 7.1-->"C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{C43421C0-0DCB-4F26-8A3B-BF16155F9879}
Unibet Poker-->C:\MICROG~1\Poker\UNIBET~1\UNIBET~1\UNWISE.EXE C:\MICROG~1\Poker\UNIBET~1\UNIBET~1\INSTALL.LOG
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Desktop Search -->"C:\WINDOWS\$NtUninstallKB911993-V2$\spuninst\spuninst.exe"
Windows Desktop Search Multilingual User Interface Pack -->"C:\WINDOWS\$NtUninstallKB916513$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Worms Armageddon - New Edition-->C:\WINDOWS\WANEUninstaller.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.255.255.255 serial.alcohol-soft.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090221-0]

System event log

Computer Name: THOMAS
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{56D814C1-B4F2-452F-897D-BF0270895CEA} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 8291
Source Name: Tcpip
Time Written: 20090130223714.000000+060
Event Type: Informations
User:

Computer Name: THOMAS
Event Code: 1003
Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001CDF911245. Il s'est
produit l'erreur suivante :
L'opération a été annulée par l'utilisateur.
.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Record Number: 8290
Source Name: Dhcp
Time Written: 20090130223704.000000+060
Event Type: Avertissement
User:

Computer Name: THOMAS
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{56D814C1-B4F2-452F-897D-BF0270895CEA} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 8289
Source Name: Tcpip
Time Written: 20090130223704.000000+060
Event Type: Informations
User:

Computer Name: THOMAS
Event Code: 1003
Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001CDF911245. Il s'est
produit l'erreur suivante :
L'opération a été annulée par l'utilisateur.
.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Record Number: 8288
Source Name: Dhcp
Time Written: 20090130223659.000000+060
Event Type: Avertissement
User:

Computer Name: THOMAS
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{56D814C1-B4F2-452F-897D-BF0270895CEA} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 8287
Source Name: Tcpip
Time Written: 20090130223659.000000+060
Event Type: Informations
User:

Application event log

Computer Name: THOMAS
Event Code: 0
Message: Server started and accepting connections

Record Number: 1378
Source Name: PostgreSQL
Time Written: 20081204182540.000000+060
Event Type: Informations
User:

Computer Name: THOMAS
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 1377
Source Name: SecurityCenter
Time Written: 20081204182539.000000+060
Event Type: Informations
User:

Computer Name: THOMAS
Event Code: 0
Message: 2008-12-04 18:25:38 CET LOG: loaded library "$libdir/plugins/plugin_debugger.dll"

Record Number: 1376
Source Name: PostgreSQL
Time Written: 20081204182538.000000+060
Event Type: Informations
User:

Computer Name: THOMAS
Event Code: 0
Message: Waiting for server startup...

Record Number: 1375
Source Name: PostgreSQL
Time Written: 20081204182538.000000+060
Event Type: Informations
User:

Computer Name: THOMAS
Event Code: 105
Message: The service was started.

Record Number: 1374
Source Name: PLFlash DeviceIoControl Service
Time Written: 20081204182538.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\Fichiers communs\Autodesk Shared\;C:\Program Files\Autodesk\Backburner\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Toms

Répondre à Toms30

Bonjour,

Merci d'éviter les balises spoiler.

Sélectionne l'intégralité du cadre ci-dessous :

Driver::

File::

Folder::

Registry::

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

Cela va relancer Combofix.
Tu devras accepter la licence.

Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Bonsoir Angeldark, et merci beaucoup pour ton aide !

Ci-dessous le rapport ComboFix.txt :

ComboFix 09-02-21.01 - Toms 2009-02-22 21:04:25.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1436 [GMT 1:00]
Lancé depuis: c:\documents and settings\Toms\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Toms\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090221-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Toms\Application Data\CyberLink_Power2Go6.exe
c:\documents and settings\Toms\Application Data\m\
c:\windows\system32\efcARhHY.dll
c:\windows\system32\mlJBTjhH.dll
c:\windows\system32\oetrmelq.dll
c:\windows\system32\qlemrteo.ini
c:\windows\system32\YHhRAcfe.ini
c:\windows\system32\YHhRAcfe.ini2
C:\x.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))
.

2009-02-22 20:50 . 2009-02-22 20:50 0 --a------ c:\windows\nsreg.dat
2009-02-22 18:57 . 2009-02-22 18:57 <REP> d-------- C:\rsit
2009-02-22 18:57 . 2009-02-22 18:57 <REP> d-------- c:\program files\trend micro
2009-02-22 12:32 . 2009-02-22 12:32 <REP> d-------- c:\documents and settings\Toms\Application Data\CyberLink
2009-02-22 12:29 . 2009-02-22 13:46 <REP> d-------- c:\program files\CyberLink
2009-02-22 12:29 . 2009-02-22 12:28 29,480 --a------ c:\windows\system32\msxml3a.dll
2009-02-22 12:28 . 2009-02-22 12:28 204,800 --a------ c:\windows\system32\x5.exe
2009-02-22 00:17 . 2009-02-22 00:17 <REP> d-------- c:\documents and settings\Toms\Application Data\vlc
2009-02-22 00:15 . 2009-02-22 00:15 <REP> d-------- c:\program files\VideoLAN
2009-02-21 23:42 . 2009-02-21 23:42 5 --a------ C:\chkit
2009-02-21 23:40 . 2009-02-21 23:40 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-02-21 23:37 . 2009-02-21 23:48 24,576 --a------ c:\documents and settings\Toms\Application Data\uninstall.exe
2009-02-21 23:14 . 2009-02-21 23:14 <REP> d-------- c:\documents and settings\All Users\Application Data\DVD X Studios
2009-02-21 23:14 . 2009-02-21 23:14 14 --a------ c:\windows\system32\SystemInfo32.sys
2009-02-20 16:28 . 2008-12-04 09:31 53,248 --a------ c:\windows\system32\CSVer.dll
2009-02-20 16:16 . 2009-02-20 16:16 <REP> d-------- c:\program files\ma-config.com
2009-02-20 16:16 . 2009-02-20 16:16 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2009-02-15 16:10 . 2009-02-15 16:10 <REP> d-------- c:\program files\Lavalys
2009-02-15 14:53 . 2009-02-15 14:53 <REP> d-------- c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2009-02-15 14:31 . 2009-02-15 14:47 <REP> d-------- c:\program files\DAEMON Tools Pro
2009-02-09 22:13 . 2009-02-09 13:18 211,189 --a------ c:\windows\system32\nvapps.nvb
2009-02-09 13:18 . 2009-02-09 13:18 401,408 --a------ c:\windows\system32\nvcuvid.dll
2009-02-05 15:27 . 2009-02-05 15:47 <REP> d-------- c:\program files\The Witcher Enhanced Edition
2009-02-01 12:20 . 2009-02-22 16:57 <REP> d-------- c:\program files\Everest Casino
2009-01-22 18:58 . 2009-01-22 18:57 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 16:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-22 15:17 --------- d-----w c:\program files\PokerStars
2009-02-22 13:02 --------- d-----w c:\documents and settings\Toms\Application Data\Microgaming
2009-02-22 13:00 --------- d-----w c:\program files\Everest Poker
2009-02-22 11:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 02:04 --------- d-----w c:\documents and settings\Toms\Application Data\Azureus
2009-02-20 15:34 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-20 15:33 --------- d-----w c:\program files\AGEIA Technologies
2009-02-15 13:52 --------- d-----w c:\program files\Ubisoft
2009-02-09 12:18 6,307,328 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-05 14:44 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-02-05 14:44 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-02-04 18:07 --------- d-----w c:\documents and settings\Toms\Application Data\U3
2009-01-28 10:25 --------- d-----w c:\program files\Azureus
2009-01-22 17:57 --------- d-----w c:\program files\Java
2009-01-18 11:31 --------- d-----w c:\program files\EA Games
2009-01-13 17:24 --------- d-----w c:\documents and settings\Toms\Application Data\Uniblue
2009-01-03 11:50 --------- d-----w c:\documents and settings\Toms\Application Data\Apple Computer
2009-01-03 11:49 --------- d-----w c:\program files\QuickTime
2009-01-03 11:49 --------- d-----w c:\program files\Bonjour
2009-01-03 11:49 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-03 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-05-08 09:53 22,328 -c--a-w c:\documents and settings\Toms\Application Data\PnkBstrK.sys
2008-04-15 15:46 1 -c--a-w c:\documents and settings\Toms\SI.bin
2008-09-07 13:40 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090720080908\index.dat
.

------- Sigcheck -------

2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-20 00:09 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-22 136600]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Toms\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-19 184320]
Lancement rapide d'Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2008-05-22 25214]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]
Wireless Configuration Utility HW.14.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-09 634880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 20560]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-01-18 38656]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-07-29 517632]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-25 126472]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2008-04-14 215040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ada51f1-c5fd-11dc-b712-001d606d102c}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cdc4820-34e0-11dd-b78b-0014d142f8b1}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aad1346-8993-11dd-b7d1-001cdf911245}]
\Shell\AutoRun\command - J:\EmDesk.exe
\Shell\EmDesk\command - J:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dd81fa1-fb67-11dd-b8a2-001cdf911245}]
\Shell\AutoRun\command - E:\OblivionLauncher.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{BA73C439-6044-4B1A-95E7-451532457107} - c:\windows\system32\efcARhHY.dll
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-Power2GoExpress - c:\program files\CyberLink\Power2Go\Power2GoExpress.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Convertir en Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_1_0.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Toms\Application Data\Mozilla\Firefox\Profiles\ds0p3ura.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 21:08:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1343024091-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *L*e*s* *g*u*e*r*r*e*s* *d*u* *T*i*b*e*r*i*u*m*"!\Assistance]
"Order"=hex:08,00,00,00,02,00,00,00,ce,02,00,00,01,00,00,00,04,00,00,00,92,00,
00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\

[HKEY_USERS\S-1-5-21-1343024091-413027322-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4d,b5,e1,56,61,92,1d,98,45,e8,33,7a,04,6a,4f,cb,cd,c5,ea,92,09,49,bb,
44,38,75,ef,63,bc,ec,5d,02,e2,60,04,c2,72,3f,f2,17,a6,6e,e5,f9,58,e2,ea,0c,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1343024091-413027322-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:89,a5,ec,c3,f0,2d,2c,e2,c4,78,69,2e,5b,9f,66,b6,55,30,62,a9,f1,
30,96,a5,97,7d,c5,8d,f9,b8,27,91,bd,d3,d1,d7,83,6e,6e,e0,e8,de,f2,29,d3,6a,\
"rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\scecli.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Heure de fin: 2009-02-22 21:13:59 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-22 20:13:57

Avant-CF: 53 437 321 216 octets libres
Après-CF: 54,236,303,360 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
257 --- E O F --- 2009-02-12 00:37:39

Toms

Répondre à Toms30

Tu auras certainement remarqué que je me suis trompé dans la procédure, mais enfin, tu t'en es sorti
Refais un quand même un scan combofix juste en double-cliquant dessus.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Salut,

J'ai fait un nouveau scan. Et combofix a suprimé un autre fichier, qui avait été déjà suprimé au préxédent scan "m" bizard...

Mais le problème a l'air d'être résolu ! [:187] [:187] [:187]

Merci

Répondre à Toms30

Ok si tu le dis

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Créer un nouveau sujet Répondre

Tom's Guide > Forum > Sécurité - Virus > Infection PC

Aller à :

Aide |
Règles du forum

Il y a 1755 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Page générée en 0,447 secondes

Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler

Liens