Problème d'ordi (virus et spyware)

Salut,

A faire sur le PC infecté :

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Il va te demander d'installer la console de récupération : accepte.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

J'peux pas télécharger quelque chose, l'Internet marche pas... J'suis pas capable d'embarquer sur aucun site...

Tu n'as pas un deuxième PC pour transférer ?

Oui j'en ai un, sauf qu'il n'est pas configuré dans le Voisinage Réseau, et je ne sais pas comment faire...

Avec une clé USB par exemple.

Tu es sur le PC infecté ?

Non, je suis sur l'autre ordi. Oui, j'ai une clé USB et un port USB sur cette ordi. Sauf que quand je mets la clé USB dans le port, rien ne semble apparaitre sur cette ordi...

Tu as essayé plusieurs ports USB ?

J'en ai juste 1, pis y marche pas pour la clé USB...

Tu peux te connecter sur MSN avec le PC infecté ?

Eum... ouai!

Je t'envoie mon MSN en mp.

J'ai été capable de transférer le fichier

Combo Fix: ...

ComboFix 09-02-27.01 - Enfant Belanger 2009-02-27 16:20:34.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.563 [GMT -5:00]
Lancé depuis: c:\documents and settings\Enfant Belanger\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090227-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-27 au 2009-02-27 ))))))))))))))))))))))))))))))))))))
.

2009-02-26 18:31 . 2009-02-26 18:31 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-26 18:31 . 2009-02-26 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-26 18:30 . 2007-01-18 07:00 3,968 --a------ c:\windows\system32\drivers\AvgArCln.sys
2009-02-26 09:24 . 2009-02-26 18:17 23,040 ---h----- c:\windows\nl09.exe
2009-02-25 11:45 . 2009-02-27 16:10 <DIR> d-------- c:\program files\websrvx
2009-02-25 11:45 . 2009-02-25 11:45 1 ---h----- c:\windows\t55ft3949f44.dat
2009-02-25 08:00 . 2009-02-26 08:00 23,040 ---h----- c:\windows\nl08.exe
2009-02-20 11:10 . 2009-02-20 11:10 0 --a------ c:\windows\system32\nfr.gpref
2009-02-20 10:24 . 2009-02-20 10:24 0 --a------ c:\windows\system32\nfr.mpref
2009-02-20 10:15 . 2009-02-20 10:15 0 --a------ c:\windows\system32\nfr.assembly
2009-02-19 05:56 . 2009-02-19 05:56 <DIR> d-------- c:\program files\webserv
2009-02-19 05:56 . 2009-02-19 05:56 1 ---h----- c:\windows\t55ft3928f44.dat
2009-02-18 22:19 . 2009-02-18 22:19 81 --a------ c:\windows\system32\dmns.cfg
2009-02-18 22:19 . 2009-02-19 19:15 63 --a------ c:\windows\system\cmd
2009-02-18 22:19 . 2009-02-18 22:19 5 --a------ c:\windows\system32\avp.id
2009-02-17 21:50 . 2009-02-17 21:50 0 --a------ c:\windows\system32\drivers\nfr.dll.mpref
2009-02-17 21:06 . 2009-02-17 22:06 607 ---h----- c:\windows\f5678.dat
2009-02-17 21:06 . 2009-02-17 21:06 0 --a------ c:\windows\system32\drivers\nfr.dll.gpref
2009-02-17 21:04 . 2009-02-19 21:36 <DIR> d-------- c:\windows\system32\485594
2009-02-17 21:04 . 2009-02-17 21:04 22,528 ---h----- c:\windows\nl07.exe
2009-02-17 21:04 . 2009-02-17 21:04 1 ---h----- c:\windows\t55ft3531f44.dat
2009-02-17 21:04 . 2009-02-17 21:04 1 ---h----- c:\windows\nlmark2.dat
2009-02-17 21:04 . 2009-02-17 21:04 1 ---h----- c:\windows\f5667t5.dat
2009-02-17 20:55 . 2009-02-17 20:55 <DIR> d-------- c:\documents and settings\Enfant Belanger\Application Data\AVS4YOU
2009-02-17 20:55 . 2009-02-17 20:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-02-17 20:54 . 2009-02-17 22:18 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-02-17 20:54 . 2009-02-17 22:18 <DIR> d-------- c:\program files\AVS4YOU
2009-02-17 20:54 . 2006-03-03 10:02 658,432 --a------ c:\windows\system32\cc3270mt.dll
2009-02-17 20:54 . 2003-05-21 13:50 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-02-17 20:45 . 2000-05-22 16:58 198,848 --a------ c:\windows\system32\MCI32.OCX
2009-02-17 20:45 . 2003-01-04 22:28 140,288 --a------ c:\windows\system32\COMDLG32.OCX
2009-02-14 09:03 . 2009-02-14 09:03 <DIR> d-------- c:\documents and settings\Enfant Belanger\Application Data\EPSON
2009-02-13 19:55 . 2009-02-13 19:55 <DIR> d-------- c:\documents and settings\Enfant Belanger\Application Data\Publish Providers
2009-02-13 19:51 . 2009-02-13 19:51 <DIR> d-------- c:\program files\MSBuild
2009-02-13 19:48 . 2009-02-13 19:48 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-13 19:47 . 2009-02-13 19:47 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-13 19:46 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-12 19:54 . 2009-02-12 19:54 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-10 19:21 . 2009-02-10 19:21 <DIR> d-------- c:\program files\Alwil Software
2009-02-10 19:18 . 2009-02-10 19:18 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-10 19:08 . 2009-02-10 19:08 <DIR> d-------- c:\program files\Windows Resource Kits
2009-02-10 19:07 . 2009-02-10 19:10 13,639,680 --a------ c:\windows\sectest.db
2009-02-10 18:45 . 2009-02-10 18:45 60,757,176 --a------ C:\avg_free_stf_en_8_234a1426.exe
2009-02-10 18:39 . 2008-04-13 13:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-10 18:39 . 2008-04-13 13:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2009-02-10 17:53 . 2009-02-21 20:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 17:53 . 2009-02-10 17:53 <DIR> d-------- c:\documents and settings\Enfant Belanger\Application Data\Malwarebytes
2009-02-10 17:53 . 2009-02-10 17:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-10 17:53 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 17:53 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-10 17:48 . 2009-02-10 17:48 <DIR> d-------- C:\VundoFix Backups
2009-02-10 17:47 . 2009-02-10 17:47 <DIR> d-------- c:\program files\CleanUp!
2009-02-09 16:12 . 2009-02-09 16:12 208 --a------ C:\new.exe
2009-02-09 13:24 . 2009-02-09 13:25 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-07 10:17 . 2009-02-07 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-02 20:29 . 2009-02-02 20:29 <DIR> d-------- c:\documents and settings\Enfant Belanger\Application Data\Yahoo!
2009-02-02 20:19 . 2009-02-09 13:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\YAHOO
2009-02-02 20:18 . 2009-02-02 20:18 <DIR> d-------- c:\windows\Downloaded Installations
2009-01-29 16:15 . 2009-01-29 16:15 <DIR> d-------- c:\program files\Common Files\BOONTY Shared
2009-01-29 16:15 . 2009-01-29 16:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\BOONTY
2009-01-29 16:12 . 2009-02-11 18:33 <DIR> d-------- c:\program files\BoontyGames
2009-01-29 16:12 . 2009-01-29 16:12 <DIR> d-------- c:\program files\Boonty
2009-01-28 07:55 . 2009-01-28 07:55 <DIR> d-------- c:\documents and settings\Enfant Belanger\Application Data\AdobeUM
2009-01-27 18:29 . 2009-02-16 17:24 <DIR> d-------- c:\documents and settings\Enfant Belanger\Application Data\Vso

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 21:12 --------- d-----w c:\documents and settings\Enfant Belanger\Application Data\LimeWire
2009-02-25 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-18 03:22 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-02-18 03:21 --------- d-----w c:\program files\Sony
2009-02-18 02:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-14 03:46 --------- d-----w c:\documents and settings\Enfant Belanger\Application Data\Sony
2009-02-14 03:44 --------- d-----w c:\program files\Sony Setup
2009-02-14 00:44 --------- d-----w c:\documents and settings\Enfant Belanger\Application Data\Sony Setup
2009-02-11 23:35 --------- d-----w c:\program files\GetData
2009-02-10 22:46 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 18:51 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-09 18:31 --------- d-----w c:\program files\Bonjour
2009-02-09 18:08 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-02-08 15:21 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-08 15:17 --------- d-----w c:\program files\EA GAMES
2009-01-23 14:48 --------- d-----w c:\program files\Windows Live
2009-01-23 14:48 --------- d-----w c:\program files\Microsoft Sync Framework
2009-01-23 14:48 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-01-23 14:45 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-23 14:45 --------- d-----w c:\program files\Microsoft
2009-01-23 14:39 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-23 02:53 --------- d-----w c:\program files\VirtualDub
2009-01-23 01:24 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-22 21:38 --------- d-----w c:\program files\Fun Web Products
2009-01-22 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-01-22 21:00 --------- d-----w c:\program files\Belle`s Beauty Boutique
2009-01-22 20:59 --------- d-----w c:\program files\bfgclient
2009-01-21 00:19 --------- d-----w c:\program files\BellesBeautyBoutique_at
2009-01-20 03:06 --------- d-----w c:\program files\DVDFab Platinum 3
2009-01-20 02:58 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2009-01-17 22:28 --------- d-----w c:\documents and settings\Enfant Belanger\Application Data\HPQ
2009-01-16 16:24 3,596,288 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 22:02 --------- d-----w c:\program files\LimeWire
2009-01-12 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-01-09 02:34 3,100,003 ----a-w c:\windows\system32\Super Mario World.scr
2009-01-09 02:34 --------- d-----w c:\program files\V2W
2009-01-08 02:44 10,309,467 ----a-w c:\windows\system32\Super Mario Bros..scr
2009-01-08 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-01-07 17:02 --------- d-----w c:\program files\MétéoMédia
2009-01-07 02:51 --------- d-----w c:\program files\File Recover
2009-01-06 18:17 --------- d-----w c:\program files\HP
2009-01-06 16:38 --------- d-----w c:\program files\Hewlett-Packard
2009-01-06 16:34 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-01-03 14:44 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-03 14:10 --------- d-----w c:\program files\Common Files\Nero
2009-01-03 13:51 --------- d-----w c:\program files\Nero
2009-01-03 13:49 --------- d-----w c:\program files\Windows Sidebar
2009-01-03 13:43 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-01-03 13:35 --------- d---a-w c:\program files\Common Files\LightScribe
2009-01-03 13:28 400,569,600 ---ha-w c:\program files\Nero-9.2.6.0_trial.exe
2009-01-02 19:19 251 ---ha-w c:\program files\wt3d.ini
2009-01-01 15:14 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-01 08:07 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-31 19:29 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-31 19:29 --------- d-----w c:\program files\Java
2008-12-31 10:44 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-31 02:52 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-31 02:41 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-31 01:18 --------- d-----w c:\program files\Drive Rescue
2008-12-31 01:15 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-31 01:15 --------- d-----w c:\program files\Adobe Media Player
2008-12-30 20:07 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-30 16:14 --------- d-----w c:\program files\MSXML 4.0
2008-12-29 23:00 --------- d-----w c:\program files\Recuva
2008-12-29 22:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-29 20:39 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2008-12-29 20:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-29 20:19 --------- d-----w c:\program files\EPSON
2008-12-29 17:42 --------- d-----w c:\documents and settings\Enfant Belanger\Application Data\Apple Computer
2008-12-29 16:45 --------- d-----w c:\program files\iTunes
2008-12-29 16:42 --------- d-----w c:\program files\iPod
2008-12-29 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-29 16:41 --------- d-----w c:\program files\QuickTime
2008-12-29 16:41 --------- d-----w c:\program files\Apple Software Update
2008-12-29 16:41 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-29 16:40 --------- d-----w c:\program files\Common Files\Apple
2008-12-29 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-12-29 15:47 --------- d-----w c:\program files\AVG
2008-12-29 15:08 1,905 --sha-r c:\windows\system32\drivers\103C_HP_CPC_EX272AA-ABA a1520n_YC_0Pavi_QCN5623_E63NAemMPA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64 X2 Dual Core_92_#081229_N_Z11C10620_G10DE0241.MRK
2008-12-20 23:56 827,904 ----a-w c:\windows\system32\wininet.dll
2008-12-20 23:56 827,904 ------w c:\windows\system32\dllcache\wininet.dll
2008-12-19 09:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:41 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:24 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-12 17:27 3,067,392 ----a-w c:\windows\system32\SET412.tmp
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-01-22 21:12 6,243,168 ---ha-w c:\program files\DVDFabPlatinum3162.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-02-26_18.19.45.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-01-31 13:33:46 5,632 ----a-w c:\windows\system32\drivers\avgarkt.sys
+ 2009-02-27 21:11:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_18c.dat
+ 2009-02-27 13:26:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4fc.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"nfr"="nfr.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-26 180269]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 169984]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-24 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-10-26 36903]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-08 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
-ra------ 2006-03-16 04:12 1077248 c:\program files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
-ra------ 2009-02-06 18:08 454000 c:\program files\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysnltray2]
---h----- 2009-02-17 21:04 22528 c:\windows\nl07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\webserv\\webserv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:nfra
"7070:TCP"= 7070:TCP:nfra

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-10 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-23 55136]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2006-03-24 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2006-09-29 500480]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
HKCU-Run-nfra - c:\windows\nfra.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; InfoPath.1; .NET
MSConfigStartUp-nfra - c:\windows\nfra.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://sympatico.msn.ca/defaultf.aspx?lang=fr-ca
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=localhost:7070
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Search
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 16:23:43
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-02-27 16:25:09
ComboFix-quarantined-files.txt 2009-02-27 21:25:06
ComboFix2.txt 2009-02-26 23:20:39

Avant-CF: 201 203 539 968 bytes free
Après-CF: 201,203,838,976 bytes free

299 --- E O F --- 2009-02-26 08:01:04

Tu as retrouvé ta connexion ?

Seulement pour 2 jours, j'viens de la reperdre...

Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.

Double-clique sur le fichier téléchargé pour lancer le processus d'installation.

Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.

Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.

Sélectionne Exécuter un examen rapide.

Clique sur Rechercher.

L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Ferme tes navigateurs.

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

J'ai déjà installer Malwarebytes' Anti-Malware. J'suis déjà en train de faire un test complet...

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1807
Windows 5.1.2600 Service Pack 3

2009-02-27 18:56:57
mbam-log-2009-02-27 (18-56-57).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 211370
Temps écoulé: 1 hour(s), 48 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Désinstalle Avast.

Installe Antivir et mets-le à jour.

Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

Dans Antivir, choisis Outils puis Configuration.

Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

Fais un scan complet et poste le rapport.

Pourquoi désinstaller Avast?

Antivir est plus efficace.

Comment j'fais un scan avec Antivir?

http://www.libellules.ch/tuto_antivir.php#onglet_scanne...

Avira AntiVir Personal
Date de création du fichier de rapport : 2009-02-27 20:59

La recherche porte sur 1038808 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows XP
Version de Windows  Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : Enfant Belanger
Nom de l'ordinateur :YOUR-4DACD0EA75

Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 2008-12-02 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 14:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 2008-07-21 19:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 2008-07-04 13:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 17:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 2008-11-09 22:57:13
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 2008-11-16 22:16:47
ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 2008-11-17 22:38:59
Version du moteur: 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 16:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 2008-11-11 20:00:07
AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-07 21:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-04 19:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-11 15:41:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 2008-11-07 21:06:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 2008-11-07 21:06:41
AEHELP.DLL : 8.1.1.3 119157 Bytes 2008-11-07 21:06:41
AEGEN.DLL : 8.1.1.0 319859 Bytes 2008-11-07 21:06:41
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 16:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 2008-11-07 21:06:41
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 18:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-07-04 13:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 2008-07-17 16:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Lecteurs locaux
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\alldrives.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, D:, F:, G:, H:, I:, E:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: marche
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : 2009-02-27 20:59

La recherche d'objets cachés commence.
'55626' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wlcomm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpsysdrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'kbd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ehmsas.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WZQKPICK.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'hpqtra08.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LightScribeControlPanel.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ashDisp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpwuSchd2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DMAScheduler.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RTHDCPL.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'ehtray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dllhost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ashWebSv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ashMaiSv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SeaPort.exe' - '1' module(s) sont contrôlés
Processus de recherche 'HPZIPM12.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NBService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MDM.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'fsssvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'E_S40RP7.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'ehSched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ehrecvr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
Processus de recherche 'arservice.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ashServ.exe' - '1' module(s) sont contrôlés
Processus de recherche 'aswUpdSv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'58' processus ont été contrôlés avec '58' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
[AVERTISSEMENT] Erreur système [21]: The device is not ready.
Secteur d'amorçage maître HD2
[INFO] Aucun virus trouvé !
[AVERTISSEMENT] Erreur système [21]: The device is not ready.
Secteur d'amorçage maître HD3
[INFO] Aucun virus trouvé !
[AVERTISSEMENT] Erreur système [21]: The device is not ready.
Secteur d'amorçage maître HD4
[INFO] Aucun virus trouvé !
[AVERTISSEMENT] Erreur système [21]: The device is not ready.

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'F:\'
[INFO] Aucun support de données inséré dans le lecteur 'F:\' !
Secteur d'amorçage 'G:\'
[INFO] Aucun support de données inséré dans le lecteur 'G:\' !
Secteur d'amorçage 'H:\'
[INFO] Aucun support de données inséré dans le lecteur 'H:\' !
Secteur d'amorçage 'I:\'
[INFO] Aucun support de données inséré dans le lecteur 'I:\' !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '72' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\015e905895cd12105430\mrt.exe
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\015e905895cd12105430\mrtstub.exe
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\Program Files\MétéoMédia\MétéoÉclair\MMTWNLiveUpdate.exe
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
Recherche débutant dans 'D:\' <HP_RECOVERY>
Recherche débutant dans 'F:\'
Impossible d'ouvrir le chemin à contrôler F:\ !
Erreur système [21]: The device is not ready.
Recherche débutant dans 'G:\'
Impossible d'ouvrir le chemin à contrôler G:\ !
Erreur système [21]: The device is not ready.
Recherche débutant dans 'H:\'
Impossible d'ouvrir le chemin à contrôler H:\ !
Erreur système [21]: The device is not ready.
Recherche débutant dans 'I:\'
Impossible d'ouvrir le chemin à contrôler I:\ !
Erreur système [21]: The device is not ready.
Recherche débutant dans 'E:\'
Impossible d'ouvrir le chemin à contrôler E:\ !
Erreur système [21]: The device is not ready.


Fin de la recherche : 2009-02-27 21:43
Temps nécessaire: 44:40 Minute(s)

La recherche a été effectuée intégralement

11504 Les répertoires ont été contrôlés
685785 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
6 Impossible de contrôler des fichiers
685779 Fichiers non infectés
18592 Les archives ont été contrôlées
10 Avertissements
0 Consignes
55626 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

Double-clique sur OTMoveIt3.exe afin de le lancer.

Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
c:\windows\nl09.exe
c:\program files\websrvx
c:\windows\t55ft3949f44.dat
c:\windows\nl08.exe
c:\windows\system32\nfr.gpref
c:\windows\system32\nfr.mpref
c:\windows\system32\nfr.assembly
c:\program files\webserv
c:\windows\t55ft3928f44.dat
c:\windows\system32\dmns.cfg
c:\windows\system\cmd
c:\windows\system32\avp.id
c:\windows\system32\drivers\nfr.dll.mpref
c:\windows\f5678.dat
c:\windows\system32\drivers\nfr.dll.gpref
c:\windows\system32\485594
c:\windows\nl07.exe
c:\windows\t55ft3531f44.dat
c:\windows\nlmark2.dat
c:\windows\f5667t5.dat
C:\new.exe

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysnltray2]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\webserv\\webserv.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log

{\rtf1\ansi\ansicpg1252\deff0\deflang3084{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 ========== PROCESSES ==========\par
Process explorer.exe killed successfully.\par
========== FILES ==========\par
c:\\windows\\nl09.exe moved successfully.\par
c:\\program files\\websrvx moved successfully.\par
c:\\windows\\t55ft3949f44.dat moved successfully.\par
c:\\windows\\nl08.exe moved successfully.\par
c:\\windows\\system32\\nfr.gpref moved successfully.\par
c:\\windows\\system32\\nfr.mpref moved successfully.\par
c:\\windows\\system32\\nfr.assembly moved successfully.\par
c:\\program files\\webserv moved successfully.\par
c:\\windows\\t55ft3928f44.dat moved successfully.\par
c:\\windows\\system32\\dmns.cfg moved successfully.\par
c:\\windows\\system\\cmd moved successfully.\par
c:\\windows\\system32\\avp.id moved successfully.\par
c:\\windows\\system32\\drivers\\nfr.dll.mpref moved successfully.\par
c:\\windows\\f5678.dat moved successfully.\par
c:\\windows\\system32\\drivers\\nfr.dll.gpref moved successfully.\par
c:\\windows\\system32\\485594 moved successfully.\par
File/Folder c:\\windows\\nl07.exe not found.\par
c:\\windows\\t55ft3531f44.dat moved successfully.\par
c:\\windows\\nlmark2.dat moved successfully.\par
c:\\windows\\f5667t5.dat moved successfully.\par
C:\\new.exe moved successfully.\par
========== REGISTRY ==========\par
Registry key HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\sysnltray2\\\\ deleted successfully.\par
Registry key HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List not found.\par
Registry key HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\D\\\\ deleted successfully.\par
========== COMMANDS ==========\par
File delete failed. C:\\DOCUME~1\\ENFANT~1\\LOCALS~1\\Temp\\hpodvd09.log scheduled to be deleted on reboot.\par
File delete failed. C:\\DOCUME~1\\ENFANT~1\\LOCALS~1\\Temp\\_hphtra07.log scheduled to be deleted on reboot.\par
File delete failed. C:\\DOCUME~1\\ENFANT~1\\LOCALS~1\\Temp\\~DFC194.tmp scheduled to be deleted on reboot.\par
File delete failed. C:\\DOCUME~1\\ENFANT~1\\LOCALS~1\\Temp\\~DFC792.tmp scheduled to be deleted on reboot.\par
User's Temp folder emptied.\par
User's Temporary Internet Files folder emptied.\par
User's Internet Explorer cache folder emptied.\par
File delete failed. C:\\Documents and Settings\\LocalService\\Local Settings\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat scheduled to be deleted on reboot.\par
File delete failed. C:\\Documents and Settings\\LocalService\\Local Settings\\Temp\\History\\History.IE5\\index.dat scheduled to be deleted on reboot.\par
File delete failed. C:\\Documents and Settings\\LocalService\\Local Settings\\Temp\\Cookies\\index.dat scheduled to be deleted on reboot.\par
Local Service Temp folder emptied.\par
File delete failed. C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat scheduled to be deleted on reboot.\par
Local Service Temporary Internet Files folder emptied.\par
File delete failed. C:\\WINDOWS\\temp\\_avast4_\\Webshlock.txt scheduled to be deleted on reboot.\par
File delete failed. C:\\WINDOWS\\temp\\Perflib_Perfdata_4b4.dat scheduled to be deleted on reboot.\par
File delete failed. C:\\WINDOWS\\temp\\Perflib_Perfdata_c0.dat scheduled to be deleted on reboot.\par
Windows Temp folder emptied.\par
Java cache emptied.\par
Temp folders emptied.\par
\par
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02272009_224521\par
\par
Files moved on Reboot...\par
C:\\DOCUME~1\\ENFANT~1\\LOCALS~1\\Temp\\hpodvd09.log moved successfully.\par
C:\\DOCUME~1\\ENFANT~1\\LOCALS~1\\Temp\\_hphtra07.log moved successfully.\par
File C:\\DOCUME~1\\ENFANT~1\\LOCALS~1\\Temp\\~DFC194.tmp not found!\par
File C:\\DOCUME~1\\ENFANT~1\\LOCALS~1\\Temp\\~DFC792.tmp not found!\par
File move failed. C:\\Documents and Settings\\LocalService\\Local Settings\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat scheduled to be moved on reboot.\par
File move failed. C:\\Documents and Settings\\LocalService\\Local Settings\\Temp\\History\\History.IE5\\index.dat scheduled to be moved on reboot.\par
File move failed. C:\\Documents and Settings\\LocalService\\Local Settings\\Temp\\Cookies\\index.dat scheduled to be moved on reboot.\par
File move failed. C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat scheduled to be moved on reboot.\par
File move failed. C:\\WINDOWS\\temp\\_avast4_\\Webshlock.txt scheduled to be moved on reboot.\par
C:\\WINDOWS\\temp\\Perflib_Perfdata_4b4.dat moved successfully.\par
File C:\\WINDOWS\\temp\\Perflib_Perfdata_c0.dat not found!\par
}

Il est bizarre le rapport.

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

Double-clique sur RSIT.exe afin de lancer le programme.

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit\.

Info:

info.txt logfile of random's system information tool 1.05 2009-02-28 09:46:55

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->MsiExec.exe /X{9455959E-D588-EFAE-329C-F66CC797F32A}
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
Alien Outbreak 2-->"C:\Program Files\HP Games\Alien Outbreak 2\Uninstall.exe"
Ancient Sudoku-->"C:\Program Files\HP Games\Ancient Sudoku\Uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bejeweled 2 Deluxe-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
Belle`s Beauty Boutique-->"C:\Program Files\Belle`s Beauty Boutique\Uninstall.exe"
Belle's Beauty Boutique Free Trial-->"C:\Program Files\BellesBeautyBoutique_at\unins000.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Big Kahuna Reef-->"C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe"
Blackhawk Striker 2-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Remix-->"C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
Blasterball 2 Revolution-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bookworm Deluxe-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
Bounce Symphony-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Chuzzle Deluxe-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Creative Live! Cam Video IM Pro Driver (1.01.03.0928)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0230.uns -unsext NT -plugin V0230Pin.dll -pluginres CtCamPin.crl
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Diner Dash-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
DISCover-->"C:\Program Files\DISC\uninstall.exe"
Drive Rescue 1.9-->"C:\Program Files\Drive Rescue\unins000.exe"
DVDFab Platinum 3.1.6.2 Ghosthunter release-->"C:\Program Files\DVDFab Platinum 3\unins000.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\Setup.exe" -l0x40c -anything
Fairies-->"C:\Program Files\HP Games\Fairies\Uninstall.exe"
Family Feud-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
FATE-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
File Recover 7.0-->"C:\Program Files\File Recover\unins000.exe"
Flip Words-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\HP_Administrator\Desktop\Réparation\pcfix2\pc fix\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console-->"C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0-->C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
Insaniquarium Deluxe-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Jewel Quest-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Les Sims 2 : Nuits de Folie-->C:\Program Files\EA GAMES\Les Sims 2 Nuits de Folie\EAUninstall.exe
Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Les Sims™ 2 Animaux & Cie-->C:\Program Files\EA GAMES\Les Sims 2 Animaux & Cie\EAUninstall.exe
Les Sims™ 2 La Vie en Appartement-->C:\Program Files\EA GAMES\Les Sims 2 La Vie en Appartement\EAUninstall.exe
Les Sims™ 2 Au fil des saisons-->C:\Program Files\EA GAMES\Les Sims 2 Au fil des saisons\EAUninstall.exe
Les Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\Les Sims 2 Bon Voyage\EAUninstall.exe
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Mah Jong Quest-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
Mystery Case Files-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-20CX-4294-TL10-U4U0-UKE2-MMT7-AHWX"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Poker Superstars-->"C:\Program Files\HP Games\Poker Superstars\Uninstall.exe"
Polar Bowler-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Ricochet Lost Worlds-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
SCRABBLE-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Slingo Deluxe-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
Snowy The Bears Adventure-->"C:\Program Files\HP Games\Snowy The Bears Adventure\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Media Manager 2.2-->MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}
Sony Noise Reduction Plug-In 2.0h-->MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Granny-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
Tennis Titans-->"C:\Program Files\HP Games\Tennis Titans\Uninstall.exe"
Tornado Jockey-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
Tradewinds-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VirtualDub 1.8.8 Fr-->"C:\Program Files\VirtualDub\unins000.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: avast! antivirus 4.8.1335 [VPS 090227-0]

System event log

Computer Name: YOUR-4DACD0EA75
Event Code: 54
Message:
Record Number: 5215
Source Name: AvgTdiX
Time Written: 20090209140813.000000-300
Event Type: warning
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 54
Message:
Record Number: 5214
Source Name: AvgTdiX
Time Written: 20090209140813.000000-300
Event Type: warning
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 54
Message:
Record Number: 5213
Source Name: AvgTdiX
Time Written: 20090209140813.000000-300
Event Type: warning
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 54
Message:
Record Number: 5212
Source Name: AvgTdiX
Time Written: 20090209140813.000000-300
Event Type: warning
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 54
Message:
Record Number: 5211
Source Name: AvgTdiX
Time Written: 20090209140813.000000-300
Event Type: warning
User:

Application event log

Computer Name: YOUR-4DACD0EA75
Event Code: 19011
Message:
Record Number: 5
Source Name: MSSQL$SONY_MEDIAMGR
Time Written: 20090209151535.000000-300
Event Type: warning
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 0
Message:
Record Number: 4
Source Name: SeaPort
Time Written: 20090209151529.000000-300
Event Type: information
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 3
Source Name: LightScribeService
Time Written: 20090209151524.000000-300
Event Type: information
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 1
Message:
Record Number: 2
Source Name: Bonjour Service
Time Written: 20090209151524.000000-300
Event Type: information
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 105
Message: The service was started.

Record Number: 1
Source Name: ARSVC
Time Written: 20090209151524.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

Log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Enfant Belanger at 2009-02-28 09:46:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 192 GB (84%) free of 229 GB
Total RAM: 958 MB (50% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-10-26 1191424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-10-26 1191424]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"nwiz"=nwiz.exe /install []
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-31 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-10-26 180269]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe [2006-03-16 1077248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:* isabled ISCover Drop & Play System"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:* isabled ISCover FTP"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:* isabled ISCover Stream Hub"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:* isabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:* isabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:* isabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:* isabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:* isabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:* isabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:* isabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:* isabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:* isabled:hpqnrs08.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:* isabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:* isabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:* isabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:* isabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:* isabled:hpzwiz01.exe"
"C:\Program Files\webserv\webserv.exe"="C:\Program Files\webserv\webserv.exe:* isabled:webserv"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-02-28 09:46:50 ----D---- C:\Program Files\trend micro
2009-02-28 09:46:49 ----D---- C:\rsit
2009-02-27 22:45:21 ----D---- C:\_OTMoveIt
2009-02-27 20:34:58 ----D---- C:\Program Files\Avira
2009-02-27 20:34:58 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-02-27 20:06:48 ----SHD---- C:\RECYCLER
2009-02-27 19:42:47 ----A---- C:\ComboFix.txt
2009-02-27 19:37:05 ----D---- C:\ComboFix
2009-02-27 19:37:05 ----A---- C:\WINDOWS\system32\CF31841.exe
2009-02-27 19:36:14 ----A---- C:\WINDOWS\system32\CF31664.exe
2009-02-27 16:19:47 ----A---- C:\WINDOWS\zip.exe
2009-02-27 16:19:47 ----A---- C:\WINDOWS\VFIND.exe
2009-02-27 16:19:47 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-27 16:19:47 ----A---- C:\WINDOWS\SWSC.exe
2009-02-27 16:19:47 ----A---- C:\WINDOWS\SWREG.exe
2009-02-27 16:19:47 ----A---- C:\WINDOWS\sed.exe
2009-02-27 16:19:47 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-27 16:19:47 ----A---- C:\WINDOWS\grep.exe
2009-02-27 16:19:47 ----A---- C:\WINDOWS\fdsv.exe
2009-02-26 18:31:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-26 18:31:09 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-26 18:30:56 ----D---- C:\Program Files\GRISOFT
2009-02-26 18:26:41 ----A---- C:\WINDOWS\msnfix.txt
2009-02-26 18:22:10 ----D---- C:\WINDOWS\pss
2009-02-26 03:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-21 22:05:51 ----A---- C:\EmergencyErrorLog.20090221.txt
2009-02-17 20:55:13 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-02-17 20:55:12 ----D---- C:\Documents and Settings\Enfant Belanger\Application Data\AVS4YOU
2009-02-17 20:54:54 ----D---- C:\Program Files\Common Files\AVSMedia
2009-02-17 20:54:54 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-02-17 20:54:54 ----A---- C:\WINDOWS\system32\cc3270mt.dll
2009-02-17 20:54:53 ----D---- C:\Program Files\AVS4YOU
2009-02-14 09:03:42 ----D---- C:\Documents and Settings\Enfant Belanger\Application Data\EPSON
2009-02-13 19:55:59 ----D---- C:\Documents and Settings\Enfant Belanger\Application Data\Publish Providers
2009-02-13 19:51:15 ----D---- C:\Program Files\MSBuild
2009-02-13 19:48:18 ----D---- C:\WINDOWS\system32\XPSViewer
2009-02-13 19:47:31 ----D---- C:\Program Files\Reference Assemblies
2009-02-13 19:46:28 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-02-12 19:54:49 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-12 19:54:25 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-11 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-10 19:21:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-10 19:21:09 ----D---- C:\Program Files\Alwil Software
2009-02-10 19:18:00 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-02-10 19:08:05 ----D---- C:\Program Files\Windows Resource Kits
2009-02-10 18:45:44 ----A---- C:\avg_free_stf_en_8_234a1426.exe
2009-02-10 18:23:29 ----A---- C:\WINDOWS\resetlog.txt
2009-02-10 18:10:04 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-02-10 17:59:41 ----D---- C:\WINDOWS\ERDNT
2009-02-10 17:59:41 ----D---- C:\Qoobox
2009-02-10 17:53:59 ----D---- C:\Documents and Settings\Enfant Belanger\Application Data\Malwarebytes
2009-02-10 17:53:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-10 17:53:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-10 17:51:35 ----D---- C:\WINDOWS\CSC
2009-02-10 17:51:28 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-10 17:48:23 ----D---- C:\VundoFix Backups
2009-02-10 17:48:23 ----A---- C:\VundoFix.txt
2009-02-10 17:47:04 ----D---- C:\Program Files\CleanUp!
2009-02-09 13:24:55 ----D---- C:\WINDOWS\system32\NtmsData
2009-02-09 12:12:40 ----A---- C:\WINDOWS\nigzss.txt
2009-02-07 10:17:57 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-02-06 18:52:40 ----A---- C:\WINDOWS\system32\sirenacm.dll
2009-02-02 20:29:43 ----D---- C:\Documents and Settings\Enfant Belanger\Application Data\Yahoo!
2009-02-02 20:21:05 ----A---- C:\YServer.txt
2009-02-02 20:19:30 ----D---- C:\Documents and Settings\All Users\Application Data\YAHOO
2009-02-02 20:18:56 ----D---- C:\WINDOWS\Downloaded Installations
2009-01-29 16:15:23 ----D---- C:\Documents and Settings\All Users\Application Data\BOONTY
2009-01-29 16:15:20 ----D---- C:\Program Files\Common Files\BOONTY Shared
2009-01-29 16:12:34 ----D---- C:\Program Files\BoontyGames
2009-01-29 16:12:33 ----D---- C:\Program Files\Boonty

======List of files/folders modified in the last 1 months======

2009-02-28 09:46:50 ----D---- C:\Program Files
2009-02-28 09:46:20 ----D---- C:\WINDOWS\Prefetch
2009-02-28 09:11:45 ----D---- C:\WINDOWS\Temp
2009-02-27 22:50:27 ----AD---- C:\WINDOWS
2009-02-27 22:50:13 ----D---- C:\WINDOWS\system32\Lang
2009-02-27 22:47:15 ----D---- C:\WINDOWS\Registration
2009-02-27 22:45:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-27 22:45:22 ----D---- C:\WINDOWS\system32\drivers
2009-02-27 22:45:22 ----D---- C:\WINDOWS\system32
2009-02-27 22:45:22 ----D---- C:\WINDOWS\system
2009-02-27 19:55:21 ----D---- C:\WINDOWS\system32\config
2009-02-27 19:54:49 ----D---- C:\WINDOWS\system32\wbem
2009-02-27 19:54:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-27 19:41:09 ----A---- C:\WINDOWS\system.ini
2009-02-27 19:40:30 ----D---- C:\WINDOWS\AppPatch
2009-02-27 19:40:24 ----D---- C:\Program Files\Common Files
2009-02-27 16:12:36 ----D---- C:\Documents and Settings\Enfant Belanger\Application Data\LimeWire
2009-02-27 16:11:43 ----RASH---- C:\boot.ini
2009-02-27 16:11:42 ----A---- C:\WINDOWS\win.ini
2009-02-26 18:56:59 ----A---- C:\WINDOWS\WININIT.INI
2009-02-26 18:56:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-26 18:10:20 ----D---- C:\Program Files\Common Files\System
2009-02-26 13:39:27 ----RSD---- C:\WINDOWS\Fonts
2009-02-26 09:47:30 ----SD---- C:\Documents and Settings\Enfant Belanger\Application Data\Microsoft
2009-02-26 03:01:03 ----SHD---- C:\WINDOWS\Installer
2009-02-26 03:01:03 ----SHD---- C:\Config.Msi
2009-02-26 03:00:54 ----HD---- C:\WINDOWS\inf
2009-02-26 03:00:49 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-02-25 15:21:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-25 03:34:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-24 18:42:40 ----D---- C:\WINDOWS\network diagnostic
2009-02-22 16:34:58 ----A---- C:\WINDOWS\imsins.BAK
2009-02-22 09:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2009-02-21 09:11:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-21 09:10:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-20 22:59:00 ----SHD---- C:\System Volume Information
2009-02-20 22:59:00 ----D---- C:\WINDOWS\system32\Restore
2009-02-17 22:22:55 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2009-02-17 22:22:03 ----RSD---- C:\WINDOWS\assembly
2009-02-17 22:21:40 ----D---- C:\Program Files\Sony
2009-02-17 21:39:08 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-16 17:24:55 ----D---- C:\Documents and Settings\Enfant Belanger\Application Data\Vso
2009-02-13 22:46:27 ----D---- C:\Documents and Settings\Enfant Belanger\Application Data\Sony
2009-02-13 22:44:28 ----D---- C:\Program Files\Sony Setup
2009-02-13 20:07:31 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-13 19:51:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-13 19:48:17 ----D---- C:\WINDOWS\system32\en-US
2009-02-13 19:47:11 ----D---- C:\WINDOWS\system32\spool
2009-02-13 19:44:02 ----D---- C:\Documents and Settings\Enfant Belanger\Application Data\Sony Setup
2009-02-12 19:54:37 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-11 18:35:00 ----D---- C:\Program Files\GetData
2009-02-11 03:00:55 ----D---- C:\Program Files\Internet Explorer
2009-02-11 03:00:46 ----D---- C:\WINDOWS\ie7updates
2009-02-10 19:18:05 ----D---- C:\WINDOWS\security
2009-02-10 17:46:46 ----D---- C:\Program Files\Common Files\InstallShield
2009-02-09 13:51:02 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-09 13:31:34 ----D---- C:\Program Files\Bonjour
2009-02-09 13:15:15 ----SD---- C:\WINDOWS\Tasks
2009-02-09 13:08:01 ----D---- C:\Program Files\Common Files\SureThing Shared
2009-02-08 10:21:57 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-02-08 10:17:55 ----D---- C:\Program Files\EA GAMES
2009-02-03 18:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-02 20:19:34 ----D---- C:\WINDOWS\WinSxS
2009-01-31 09:21:11 ----D---- C:\Documents and Settings\Enfant Belanger\Application Data\Real
2009-01-29 19:25:08 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-03 47360]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 V0230Vfx;V0230Vfx; C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-24 6272]
R3 V0230VID;Live! Cam Video IM Pro; C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-09-29 500480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2006-12-15 113664]
R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-31 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-09 19456]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Menu Démarrer > Exécuter > Tape combofix /u et valide.

Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).

Double-clique sur l'icône AD-Remover située sur ton Bureau.

Au menu principal, choisis l'option A.

Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

D'ailleurs, j'ai remarqué que je peux aller sur Internet avec n'importe quel autre compte (sous Windows XP)

Au juste, pourquoi tout ces téléchargements?

Pour supprimer tes infections.