Trojan-Proxy.Win32.Saturn.a

Salut,

Désinstalle Search Settings.

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

RSIT Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dieu at 2009-04-03 16:10:58
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 28 GB (69%) free of 40 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:12, on 03/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Dieu\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Anti Virus Malware\RSIT.exe
F:\Anti Virus Malware\Dieu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://lo.st#first
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Dieu\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Dieu\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - ms-its :\Program Files\The Tournament Director 2\TD.lib::/comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{060AA01B-A1B3-412B-9BA6-E0F7CC163692}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{36CF45DA-AE58-4F16-BE01-75B3755CC684}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE6CAB69-44A7-4DF8-B5FC-3056B723ACB4}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{060AA01B-A1B3-412B-9BA6-E0F7CC163692}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{060AA01B-A1B3-412B-9BA6-E0F7CC163692}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSWC Permission Checker (permchk32) - Unknown owner - rundll32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9333 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}]
VMN Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
EoBHO Class - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\System32\xRaidSetup.exe [2007-03-21 1953792]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"EoEngine"=C:\Program Files\EoRezo\EoEngine.exe []
"SoftwareHelper"=C:\Documents and Settings\Dieu\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224]
"au"=C:\Program Files\Dealio\DealioAU.exe [2008-05-26 595296]
"Profiler"=C:\Program Files\Saitek\Software\Profiler.exe [2004-07-26 159744]
"SaiSmart"=C:\Program Files\Saitek\Software\SaiSmart.exe [2004-07-26 98304]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-04-02 206088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"F:\Crysis\Bin32\Crysis.exe"="F:\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"F:\Crysis\Bin32\CrysisDedicatedServer.exe"="F:\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled nkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled nkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"J:\Call of Duty - World at War\CoDWaW.exe"="J:\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"J:\Call of Duty - World at War\CoDWaWmp.exe"="J:\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2009-04-03 16:10:58 ----D---- C:\rsit
2009-04-02 19:05:50 ----D---- C:\Documents and Settings\Dieu\Application Data\Malwarebytes
2009-04-02 19:05:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-02 19:05:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-02 18:45:32 ----D---- C:\Program Files\NOS
2009-04-02 18:45:32 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-04-02 18:26:42 ----D---- C:\Program Files\CCleaner
2009-04-02 04:09:21 ----D---- C:\WINDOWS\system32\appmgmt
2009-04-01 23:58:52 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-04-01 23:06:53 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-01 21:52:00 ----D---- C:\Program Files\Kaspersky Lab
2009-03-16 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-03-15 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-03-15 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-15 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-03-15 03:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-03-13 21:04:48 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-03-13 21:02:56 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-03-13 21:02:55 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-03-13 21:02:40 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-03-13 21:02:36 ----D---- C:\Program Files\Windows Media Connect 2
2009-03-13 21:02:30 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-03-13 21:02:00 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-03-13 21:01:33 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-03-12 03:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-12 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-12 03:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-07 20:06:54 ----A---- C:\WINDOWS\system32\SAIKICK.dll
2009-03-07 20:06:54 ----A---- C:\WINDOWS\system32\SAIHOOK.dll
2009-03-07 20:06:54 ----A---- C:\WINDOWS\system32\SAICFG.dll
2009-03-07 20:06:54 ----A---- C:\WINDOWS\system32\REnum.exe
2009-03-07 20:06:54 ----A---- C:\WINDOWS\system32\PrfAct.exe
2009-03-07 20:06:54 ----A---- C:\WINDOWS\system32\Nx.exe
2009-03-07 20:06:52 ----D---- C:\Program Files\Saitek
2009-03-07 20:06:52 ----A---- C:\WINDOWS\system32\atl70.dll
2009-03-07 19:28:30 ----D---- C:\Program Files\MSXML 4.0
2009-03-06 17:55:19 ----D---- C:\Program Files\Dealio
2009-03-06 17:55:15 ----D---- C:\Documents and Settings\Dieu\Application Data\Dealio
2009-03-06 17:55:01 ----A---- C:\WINDOWS\system32\MSVCRTD.DLL
2009-03-06 17:55:01 ----A---- C:\WINDOWS\system32\MSVCP60D.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\WMAFile.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\TABCTFR.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\Mscc2fr.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\lame_enc.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\inetfr.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudPlayer.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudioVisu.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudioRecord.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudioInfos.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudFile.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudDisplay.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudDesign.dll
2009-03-06 15:33:25 ----D---- C:\Documents and Settings\Dieu\Application Data\WinFF
2009-03-06 14:58:45 ----D---- C:\Documents and Settings\Dieu\Application Data\AccurateRip
2009-03-06 14:58:44 ----D---- C:\Program Files\Illustrate
2009-03-06 14:58:12 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe
2009-03-06 14:56:12 ----D---- C:\Documents and Settings\Dieu\Application Data\AVS4YOU
2009-03-06 14:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-03-06 14:55:40 ----D---- C:\Program Files\Fichiers communs\AVSMedia
2009-03-06 14:55:40 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-03-06 14:55:40 ----A---- C:\WINDOWS\system32\GdiPlus.dll

======List of files/folders modified in the last 1 months======

2009-04-03 16:10:25 ----D---- C:\WINDOWS\Temp
2009-04-03 16:10:05 ----D---- C:\Program Files\Mozilla Firefox
2009-04-03 16:09:53 ----SHD---- C:\WINDOWS\Installer
2009-04-03 16:09:53 ----RD---- C:\Program Files
2009-04-03 15:46:03 ----D---- C:\WINDOWS
2009-04-03 15:45:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-03 15:44:14 ----D---- C:\WINDOWS\system32\drivers
2009-04-03 15:44:14 ----D---- C:\WINDOWS\system32\config
2009-04-03 15:00:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-04-02 19:24:40 ----D---- C:\WINDOWS\system32
2009-04-02 19:20:51 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-02 19:17:01 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-02 19:15:36 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-04-02 19:14:59 ----D---- C:\Program Files\Adobe
2009-04-02 19:14:52 ----D---- C:\WINDOWS\WinSxS
2009-04-02 19:13:56 ----D---- C:\WINDOWS\Prefetch
2009-04-02 18:53:52 ----D---- C:\Documents and Settings\Dieu\Application Data\EoRezo
2009-04-02 18:35:32 ----D---- C:\WINDOWS\Minidump
2009-04-02 18:35:32 ----D---- C:\WINDOWS\Debug
2009-04-01 23:59:16 ----HD---- C:\WINDOWS\inf
2009-04-01 22:06:29 ----D---- C:\Program Files\vmntoolbar
2009-04-01 21:52:24 ----D---- C:\Documents and Settings\Dieu\Application Data\BitTorrent
2009-04-01 21:48:20 ----D---- C:\Documents and Settings\Dieu\Application Data\vmntoolbar
2009-03-29 20:11:51 ----D---- C:\Documents and Settings\Dieu\Application Data\FileZilla
2009-03-16 03:00:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-15 03:01:28 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-13 21:15:03 ----D---- C:\WINDOWS\system32\LogFiles
2009-03-13 21:02:41 ----A---- C:\WINDOWS\win.ini
2009-03-13 21:02:36 ----D---- C:\Program Files\Windows Media Player
2009-03-13 21:02:35 ----D---- C:\WINDOWS\Help
2009-03-11 16:28:18 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-07 20:06:52 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-07 20:03:27 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-07 19:28:28 ----D---- C:\WINDOWS\system32\DirectX
2009-03-07 19:28:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-07 19:13:52 ----RSD---- C:\WINDOWS\Fonts
2009-03-07 19:13:40 ----SD---- C:\Documents and Settings\Dieu\Application Data\Microsoft
2009-03-07 19:02:10 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-03-06 14:55:40 ----D---- C:\Program Files\Fichiers communs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-04-02 226832]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-09-02 15781]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-06-03 3100160]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 SaiH0006;SaiH0006; C:\WINDOWS\system32\DRIVERS\SaiH0006.sys [2004-07-26 56576]
R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2004-07-26 15616]
R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2004-07-26 26752]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 asc3550p;asc3550p; C:\WINDOWS\system32\drivers\asc3550p.sys []
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 LycoFltr;Lycosa Keyboard; C:\WINDOWS\System32\Drivers\Lycosa.sys []
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-11-18 379456]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-03 552960]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-04-02 206088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-14 66872]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S2 permchk32;MSWC Permission Checker; C:\WINDOWS\system32\permchk32.dll,itob []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------




RSIT Info.txt


info.txt logfile of random's system information tool 1.06 2009-04-03 16:11:14

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ASUSUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x40c
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class ISPLAY -clean
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\System32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\System32\Attansic\L1 x86 1969 1048 L1
Call of Duty(R) - World at War(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Canon MP180-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180 /L0x000c
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
dBpowerAMP FLAC Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
Dealio Toolbar 3.4-->MsiExec.exe /X{6105648C-0C3C-481D-8C11-1F4952D6FB53}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter Mobile-->C:\Program Files\DivX\DivXConverterMeUninstall.exe /CONVERTERME
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
eoEngine 9.1-->"C:\Program Files\EoRezo\unins000.exe"
FileZilla Client 3.1.5.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Free Mp3 Wma Converter V 1.8.0-->"d:\Program Files\Free Audio Pack\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
Gif Movie Gear 4-->"C:\Program Files\Visicom Media\GifMovieGear 4\uninst-gmg.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"F:\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F535B2CF-C9BB-4162-B03A-02D6971F32CC}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe
Nero Suite-->C:\Program Files\Fichiers communs\Ahead\Uninstall\Setup.exe /uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Radeon Omega Drivers v3.8.421 Setup Files and Tools-->"C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v3.8.421\Omega Uninstall.xml"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SoftwareUpdate 1.0-->"C:\Documents and Settings\Dieu\Application Data\eoRezo\SoftwareUpdate\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SST Programming Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03ADCA1C-BCF0-4B12-AFCF-8EBF2CB3AB07}\setup.exe" AddRem
The Tournament Director 2-->D:\Program Files\The Tournament Director 2.5.8\Uninstall.exe
Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker.exe" /uninstall
Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E691604-B328-4B4A-8F17-C9D6395075C5}\Setup.exe" -l0x40c
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VMN Toolbar-->C:\Program Files\vmntoolbar\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe"

======Security center information======

AV: Kaspersky Anti-Virus

======System event log======

Computer Name: DEMETRA
Event Code: 62486
Message: Invalid parameters

Record Number: 64628
Source Name: ati2mtag
Time Written: 20090325045322.000000+060
Event Type: Informations
User:

Computer Name: DEMETRA
Event Code: 62486
Message: Invalid parameters

Record Number: 64627
Source Name: ati2mtag
Time Written: 20090325045322.000000+060
Event Type: Informations
User:

Computer Name: DEMETRA
Event Code: 62486
Message: Invalid parameters

Record Number: 64626
Source Name: ati2mtag
Time Written: 20090325045322.000000+060
Event Type: Informations
User:

Computer Name: DEMETRA
Event Code: 62486
Message: Invalid parameters

Record Number: 64625
Source Name: ati2mtag
Time Written: 20090325045322.000000+060
Event Type: Informations
User:

Computer Name: DEMETRA
Event Code: 62486
Message: Invalid parameters

Record Number: 64624
Source Name: ati2mtag
Time Written: 20090325045322.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: DEMETRA
Event Code: 1000
Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20080818184712.000000+120
Event Type: Informations
User:

Computer Name: DEMETRA
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20080818184709.000000+120
Event Type: Informations
User:

Computer Name: DEMETRA
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20080818184457.000000+120
Event Type: Informations
User:

Computer Name: DEMETRA
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20080818184433.000000+120
Event Type: Informations
User:

Computer Name: DEMETRA
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20080818184432.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

Double-clique sur OTMoveIt3.exe afin de le lancer.

Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:services
asc3550p
permchk32

:files
C:\WINDOWS\tasks\At??.job
C:\WINDOWS\system32\drivers\asc3550p.sys
C:\WINDOWS\system32\permchk32.dll

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log

Log de OTMoveIT


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver asc3550p not found.
Service\Driver key asc3550p deleted successfully.
Service\Driver asc3550p not found.
Service\Driver permchk32 deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
File/Folder C:\WINDOWS\system32\drivers\asc3550p.sys not found.
File/Folder C:\WINDOWS\system32\permchk32.dll not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Dieu\LOCALS~1\Temp\etilqs_ig6dmT9VqOr1XRj8g7o4 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Dieu\LOCALS~1\Temp\fla69.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\cch~68b9a38098.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~68b9ac2320.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~6e30f048a0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~6e30fa7e84.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_838.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04032009_162826

Files moved on Reboot...
File C:\DOCUME~1\Dieu\LOCALS~1\Temp\etilqs_ig6dmT9VqOr1XRj8g7o4 not found!
File C:\DOCUME~1\Dieu\LOCALS~1\Temp\fla69.tmp not found!
File C:\WINDOWS\temp\cch~68b9a38098.htp not found!
File C:\WINDOWS\temp\cch~68b9ac2320.htp not found!
File C:\WINDOWS\temp\cch~6e30f048a0.htp not found!
File C:\WINDOWS\temp\cch~6e30fa7e84.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_838.dat not found!
C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\XUL.mfl moved successfully.

Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).

Double-clique sur le raccourci d'Ad-Remover situé sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)

Au menu principal, choisis l'option A.

Poste le rapport qui apparaît à la fin (C:\Ad-Report-Scan-(date).log).

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

Voici le log :



------- LOGFILE OF AD-REMOVER 1.1.2.5 | ONLY XP/VISTA -------

Updated by C_XX on 01/04/2009 at 20:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

Start at: 19:14:31, Ven 03/04/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: DEMETRA
Current User: Dieu - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: NTFS)
- F:\ (File System: NTFS)
- I:\ (File System: NTFS)
- J:\ (File System: NTFS)
- K:\ (File System: NTFS)
- L:\ (File System: FAT32)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 42

+-----------------| Boonty/Boonty Games Elements Found:

.
.

+-----------------| Eorezo Elements Found:

HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\Software\Classes\AppID\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
.
C:\Documents and Settings\Dieu\Application Data\EoRezo
C:\Documents and Settings\Dieu\Cookies\dieu@eorezo[1].txt

+-----------------| Infected Poker Softwares Elements Found:

HKCU\Software\Titan Poker
HKLM\Software\Titan Poker
HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker
HKU\S-1-5-21-602162358-1004336348-682003330-1003\Software\Titan Poker
.
C:\Poker\Titan Poker
C:\Documents and Settings\Dieu\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
C:\Documents and Settings\All Users\Menudm~1\Titan Poker.lnk

+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

============ Other Adwares Found ============

.
.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.8 ----

ProfilePath: jskaw343.default (Dieu)
.
.
.
.
(Invalidprefs.js) FOUND: user_pref("print.printer_Canon_MP180_Printer.prœuser_pref("browser.startup.homepage", "http://y.lo.st");
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://y.lo.st
First Home Page: hxxp://lo.st#first

+-[HKEY_USERS\S-1-5-21-602162358-1004336348-682003330-1003\..\Internet Explorer\Main]

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://y.lo.st
First Home Page: hxxp://lo.st#first

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp:\Documents and Settings\Dieu\Application Data\VMNTOOLBAR\tabwelcome_en.html

+---------------------------------------------------------------------------+

4125 Byte(s) - C:\Ad-Report-Scan-03.04.2009.log

0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 19:36:22 | 03/04/2009
.
+-----------------| E.O.F - 95 Lines
.

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

Double-clique sur le raccourci d'Ad-Remover pour le lancer.
(Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)

Au menu principal, choisis l'option B.

Coche Suppression Eorezo à l'écran de sélection :

Puis choisis S, le programme va travailler.

Poste le rapport qui apparaît à la fin (C:\Ad-Report-Clean-(date).log).

/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide /!\

Fait.
Mais a la fin de l'analyse, il était marqué "Analyse Complémentaire" et c'est resté bloqué toute la nuit dessus.

Log du Clean :


------- LOGFILE OF AD-REMOVER 1.1.2.5 | ONLY XP/VISTA -------

Updated by C_XX on 01/04/2009 at 20:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

**** LIMITED TO ****

Eorezo

********************

Start at: 4:30:50, Sam 04/04/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: DEMETRA
Current User: Dieu - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: NTFS)
- F:\ (File System: NTFS)
- I:\ (File System: NTFS)
- J:\ (File System: NTFS)
- K:\ (File System: NTFS)
- L:\ (File System: FAT32)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 40

(!) ---- IE start pages/Tabs reset

+-----------------| Eorezo Elements Deleted :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
.
C:\Documents and Settings\Dieu\Application Data\EoRezo
C:\Documents and Settings\Dieu\Cookies\dieu@eorezo[1].txt

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+-----------------| Added Scan :

---- Mozilla FireFox Version 3.0.8 ----

ProfilePath: jskaw343.default (Dieu)
.
.
.
.


Donc j'ai arrête AD-Remover et lancé une analyse à part.

Log de cette analyse.



------- LOGFILE OF AD-REMOVER 1.1.2.5 | ONLY XP/VISTA -------

Updated by C_XX on 01/04/2009 at 20:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

Start at: 16:11:08, Sam 04/04/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: DEMETRA
Current User: Dieu - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: NTFS)
- F:\ (File System: NTFS)
- I:\ (File System: NTFS)
- J:\ (File System: NTFS)
- K:\ (File System: NTFS)
- L:\ (File System: FAT32)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 39

+-----------------| Boonty/Boonty Games Elements Found:

.
.

+-----------------| Eorezo Elements Found:

.

+-----------------| Infected Poker Softwares Elements Found:

HKCU\Software\Titan Poker
HKLM\Software\Titan Poker
HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker
HKU\S-1-5-21-602162358-1004336348-682003330-1003\Software\Titan Poker
.
C:\Poker\Titan Poker
C:\Documents and Settings\Dieu\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
C:\Documents and Settings\All Users\Menudm~1\Titan Poker.lnk

+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

============ Other Adwares Found ============

.
.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.8 ----

ProfilePath: jskaw343.default (Dieu)
.
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

+-[HKEY_USERS\S-1-5-21-602162358-1004336348-682003330-1003\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

1980 Byte(s) - C:\Ad-Report-Clean-04.04.2009.log
4365 Byte(s) - C:\Ad-Report-Scan-03.04.2009.log
3483 Byte(s) - C:\Ad-Report-Scan-04.04.2009.log

3 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
1 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 16:33:40 | 04/04/2009
.
+-----------------| E.O.F - 78 Lines
.

Désinstalle Ad-Remover, VMN Toolbar et Dealio Toolbar 3.4.

Télécharge Toolbar S&D (Team IDN) sur ton Bureau.

Lance l'installation du programme en exécutant le fichier téléchargé.

Double-clique maintenant sur le raccourci de Toolbar S&D.
(Sous Vista, il faut cliquer droit sur le raccourci de Toolbar S&D et choisir Exécuter en tant qu'administrateur)

Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

Poste le rapport généré. (C:\TB.txt)

Mon Dieu que c'est compliqué de désinfecter un ordi !!!! Ca aurait été plus rapide de tout ré-installer !!!!


Log :

ect
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz )
BIOS : BIOS Date: 07/03/07 10:01:10 Ver: 08.00.12
USER : Dieu ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:28 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:7 Go)
E:\ (Local Disk) - NTFS - Total:49 Go (Free:38 Go)
F:\ (Local Disk) - NTFS - Total:61 Go (Free:37 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (Local Disk) - NTFS - Total:97 Go (Free:26 Go)
J:\ (Local Disk) - NTFS - Total:63 Go (Free:56 Go)
K:\ (Local Disk) - NTFS - Total:71 Go (Free:3 Go)
L:\ (USB) - FAT32 - Total:3874 Mo (Free:3 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 04/04/2009|16:52 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\---Yahoo.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\01net.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\1px_dark.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\1px_green.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\1px_white.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\a.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\amazon.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\an.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\arrowB.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\arrowT.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\arrow_down.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\arrow_red.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\arrow_red2.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\arrow_up.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\autofill.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\avstate.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\b.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\background2.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bgmeteo_results.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bg_pub.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bg_ttl.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bottom.png
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bottom_left.png
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bottom_right.png
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\btn_close.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\btn_minus.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\btn_moreforecast.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\c.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\canalblog.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\cn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\d.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\dictionary2.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\dn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\downfile
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\DownloadCOM.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\dropdown.css
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\ErrorLog.txt
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\f.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_argentine.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_australia.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_brazil.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_canada.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_china.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_france.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_germany.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_greece.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_hongkong.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_india.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_indonesia.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_italy.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_japan.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_korea.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_mexico.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_netherlands.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_spain.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_sweeden.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_taiwan.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_uk.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_usa.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\fn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\g.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\gaming.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\gn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\gograph.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred0.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred0_5.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred1.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred1_5.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred2.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred2_5.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred3.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred3_5.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred4.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred4_5.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred5.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\help.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\hideremove.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\highlight.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\hn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_aquarius.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_aries.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_cancer.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_capricorn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_gemini.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_leo.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_libra.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_pisces.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_sagittarius.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_scorpio.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_taurus.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_virgo.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\i.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\IEtab1_7d.zip
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\in.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\ipsearch.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\j.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\jn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\k.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\kn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\l.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\left.png
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\ln.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\loading.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\login.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\logo.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\n.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\New York_NY_weather.txt
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\new02.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\NewCfg
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\news.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\news.html
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\nn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\o.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\on.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\p.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\pestscanimg.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\pixsy.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\pn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\popup_off.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\popup_on.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\popup_ona.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\p_yahoo.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\q.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\qn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\r.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\relatedlinks.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\report.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\right.png
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\rn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\rss.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\rss.xsl
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\rss1.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\rsslib.js
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\s.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\search.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\search_fr.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\security.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\sinfo.txt
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\sinfo.txt47011031
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\siteinfo.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\slider.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\sn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\spacer.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\stars-red1.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\stars-red2.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\stars-red3.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\stars-red4.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\stars-red5.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\storage.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\t.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tabdataV3.js
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tablib.js
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tabwelcome_en.html
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tabwelcome_fr.html
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tab_icon.png
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\technorati.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\thes_search.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tools.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\top.png
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\top_left.png
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\top_right.png
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\translate.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\u.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\un.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\utf8.js
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\v.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\vmlib.js
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\vn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\w.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\web.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\web_fr.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\wikipedia.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\wn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\x.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\xp_close_small.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\yahoo.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\yahoo_search.gif
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\YouTube.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\z.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\zn.bmp
C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\zoom.bmp

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
"Search bar"="http://go.microsoft.com/fwlink/?linkid=54896"
"Window Title"="http://go.microsoft.com/fwlink/?linkid=54896"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
"Start Page"="http://fr.msn.com/"
"Search bar"="http://search.msn.com/spbasic.htm"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 04/04/2009|16:52 - Option : [1]

-----------\\ Fin du rapport a 16:52:59,39

---> Tu peux toujours le faire si tu le souhaites, ça ne me dérange pas.

Fais l'option 2 de Toolbar S&D et poste le rapport.

Fait :

Fini ?

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz )
BIOS : BIOS Date: 07/03/07 10:01:10 Ver: 08.00.12
USER : Dieu ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:28 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:7 Go)
E:\ (Local Disk) - NTFS - Total:49 Go (Free:38 Go)
F:\ (Local Disk) - NTFS - Total:61 Go (Free:37 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (Local Disk) - NTFS - Total:97 Go (Free:26 Go)
J:\ (Local Disk) - NTFS - Total:63 Go (Free:56 Go)
K:\ (Local Disk) - NTFS - Total:71 Go (Free:3 Go)
L:\ (USB) - FAT32 - Total:3874 Mo (Free:3 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 04/04/2009|16:55 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\---Yahoo.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\01net.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\1px_dark.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\1px_green.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\1px_white.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\a.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\amazon.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\an.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\arrowB.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\arrowT.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\arrow_down.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\arrow_red.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\arrow_red2.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\arrow_up.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\autofill.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\avstate.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\b.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\background2.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bgmeteo_results.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bg_pub.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bg_ttl.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bottom.png
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bottom_left.png
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\bottom_right.png
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\btn_close.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\btn_minus.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\btn_moreforecast.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\c.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\canalblog.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\cn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\d.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\dictionary2.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\dn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\downfile
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\DownloadCOM.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\dropdown.css
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\ErrorLog.txt
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\f.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_argentine.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_australia.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_brazil.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_canada.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_china.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_france.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_germany.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_greece.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_hongkong.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_india.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_indonesia.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_italy.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_japan.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_korea.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_mexico.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_netherlands.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_spain.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_sweeden.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_taiwan.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_uk.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\flag_usa.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\fn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\g.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\gaming.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\gn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\gograph.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred0.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred0_5.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred1.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred1_5.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred2.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred2_5.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred3.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred3_5.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred4.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred4_5.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\graphred5.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\help.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\hideremove.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\highlight.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\hn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_aquarius.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_aries.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_cancer.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_capricorn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_gemini.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_leo.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_libra.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_pisces.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_sagittarius.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_scorpio.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_taurus.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\h_virgo.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\i.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\IEtab1_7d.zip
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\in.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\ipsearch.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\j.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\jn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\k.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\kn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\l.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\left.png
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\ln.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\loading.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\login.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\logo.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\n.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\New York_NY_weather.txt
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\new02.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\NewCfg
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\news.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\news.html
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\nn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\o.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\on.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\p.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\pestscanimg.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\pixsy.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\pn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\popup_off.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\popup_on.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\popup_ona.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\p_yahoo.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\q.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\qn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\r.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\relatedlinks.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\report.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\right.png
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\rn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\rss.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\rss.xsl
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\rss1.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\rsslib.js
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\s.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\search.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\search_fr.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\security.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\sinfo.txt
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\sinfo.txt47011031
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\siteinfo.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\slider.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\sn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\spacer.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\stars-red1.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\stars-red2.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\stars-red3.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\stars-red4.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\stars-red5.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\storage.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\t.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tabdataV3.js
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tablib.js
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tabwelcome_en.html
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tabwelcome_fr.html
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tab_icon.png
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\technorati.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\thes_search.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\tools.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\top.png
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\top_left.png
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\top_right.png
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\translate.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\u.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\un.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\utf8.js
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\v.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\vmlib.js
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\vn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\w.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\web.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\web_fr.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\wikipedia.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\wn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\x.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\xp_close_small.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\yahoo.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\yahoo_search.gif
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\YouTube.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\z.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\zn.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar\zoom.bmp
Supprime! - C:\DOCUME~1\Dieu\APPLIC~1\VMNToolbar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
"Search bar"="http://go.microsoft.com/fwlink/?linkid=54896"
"Window Title"="http://go.microsoft.com/fwlink/?linkid=54896"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
"Start Page"="http://www.msn.com/"
"Search bar"="http://search.msn.com/spbasic.htm"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 04/04/2009|16:52 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 04/04/2009|16:56 - Option : [2]

-----------\\ Fin du rapport a 16:56:31,45

Refais un scan RSIT et poste le rapport log pour que je vérifie.

Log


Logfile of random's system information tool 1.06 (written by random/random)
Run by Dieu at 2009-04-04 19:08:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 29 GB (74%) free of 40 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:23, on 04/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Anti Virus Malware\RSIT.exe
F:\Anti Virus Malware\Dieu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - ms-its :\Program Files\The Tournament Director 2\TD.lib::/comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{060AA01B-A1B3-412B-9BA6-E0F7CC163692}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{36CF45DA-AE58-4F16-BE01-75B3755CC684}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE6CAB69-44A7-4DF8-B5FC-3056B723ACB4}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{060AA01B-A1B3-412B-9BA6-E0F7CC163692}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{060AA01B-A1B3-412B-9BA6-E0F7CC163692}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7446 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\System32\xRaidSetup.exe [2007-03-21 1953792]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"Profiler"=C:\Program Files\Saitek\Software\Profiler.exe [2004-07-26 159744]
"SaiSmart"=C:\Program Files\Saitek\Software\SaiSmart.exe [2004-07-26 98304]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-04-02 206088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"F:\Crysis\Bin32\Crysis.exe"="F:\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"F:\Crysis\Bin32\CrysisDedicatedServer.exe"="F:\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled nkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled nkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"J:\Call of Duty - World at War\CoDWaW.exe"="J:\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"J:\Call of Duty - World at War\CoDWaWmp.exe"="J:\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2009-04-04 16:52:24 ----A---- C:\TB.txt
2009-04-04 16:52:06 ----D---- C:\ToolBar SD
2009-04-03 19:08:57 ----D---- C:\Program Files\Ad-remover
2009-04-03 16:10:58 ----D---- C:\rsit
2009-04-02 19:05:50 ----D---- C:\Documents and Settings\Dieu\Application Data\Malwarebytes
2009-04-02 19:05:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-02 19:05:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-02 18:45:32 ----D---- C:\Program Files\NOS
2009-04-02 18:45:32 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-04-02 18:26:42 ----D---- C:\Program Files\CCleaner
2009-04-02 04:09:21 ----D---- C:\WINDOWS\system32\appmgmt
2009-04-01 23:58:52 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-04-01 23:06:53 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-01 21:52:00 ----D---- C:\Program Files\Kaspersky Lab
2009-03-16 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-03-15 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-03-15 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-15 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-03-15 03:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-03-13 21:04:48 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-03-13 21:02:56 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-03-13 21:02:55 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-03-13 21:02:40 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-03-13 21:02:36 ----D---- C:\Program Files\Windows Media Connect 2
2009-03-13 21:02:30 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-03-13 21:02:00 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-03-13 21:01:33 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-03-12 03:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-12 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-12 03:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-07 20:06:54 ----A---- C:\WINDOWS\system32\SAIKICK.dll
2009-03-07 20:06:54 ----A---- C:\WINDOWS\system32\SAIHOOK.dll
2009-03-07 20:06:54 ----A---- C:\WINDOWS\system32\SAICFG.dll
2009-03-07 20:06:54 ----A---- C:\WINDOWS\system32\REnum.exe
2009-03-07 20:06:54 ----A---- C:\WINDOWS\system32\PrfAct.exe
2009-03-07 20:06:54 ----A---- C:\WINDOWS\system32\Nx.exe
2009-03-07 20:06:52 ----D---- C:\Program Files\Saitek
2009-03-07 20:06:52 ----A---- C:\WINDOWS\system32\atl70.dll
2009-03-07 19:28:30 ----D---- C:\Program Files\MSXML 4.0
2009-03-06 17:55:01 ----A---- C:\WINDOWS\system32\MSVCRTD.DLL
2009-03-06 17:55:01 ----A---- C:\WINDOWS\system32\MSVCP60D.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\WMAFile.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\TABCTFR.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\Mscc2fr.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\lame_enc.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\inetfr.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudPlayer.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudioVisu.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudioRecord.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudioInfos.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudFile.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudDisplay.dll
2009-03-06 17:55:00 ----A---- C:\WINDOWS\system32\AudDesign.dll
2009-03-06 15:33:25 ----D---- C:\Documents and Settings\Dieu\Application Data\WinFF
2009-03-06 14:58:45 ----D---- C:\Documents and Settings\Dieu\Application Data\AccurateRip
2009-03-06 14:58:44 ----D---- C:\Program Files\Illustrate
2009-03-06 14:58:12 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe
2009-03-06 14:56:12 ----D---- C:\Documents and Settings\Dieu\Application Data\AVS4YOU
2009-03-06 14:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-03-06 14:55:40 ----D---- C:\Program Files\Fichiers communs\AVSMedia
2009-03-06 14:55:40 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-03-06 14:55:40 ----A---- C:\WINDOWS\system32\GdiPlus.dll

======List of files/folders modified in the last 1 months======

2009-04-04 19:08:01 ----D---- C:\WINDOWS\Temp
2009-04-04 19:06:42 ----D---- C:\Program Files\Mozilla Firefox
2009-04-04 17:10:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-04 17:08:41 ----D---- C:\WINDOWS\system32\drivers
2009-04-04 17:08:41 ----D---- C:\WINDOWS\system32\config
2009-04-04 17:07:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-04 16:55:34 ----D---- C:\WINDOWS\Prefetch
2009-04-04 16:51:12 ----RD---- C:\Program Files
2009-04-04 16:50:45 ----SHD---- C:\WINDOWS\Installer
2009-04-04 04:31:01 ----D---- C:\WINDOWS
2009-04-03 16:28:29 ----SD---- C:\WINDOWS\Tasks
2009-04-02 19:24:40 ----D---- C:\WINDOWS\system32
2009-04-02 19:20:51 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-02 19:17:01 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-02 19:15:36 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-04-02 19:14:59 ----D---- C:\Program Files\Adobe
2009-04-02 19:14:52 ----D---- C:\WINDOWS\WinSxS
2009-04-02 18:35:32 ----D---- C:\WINDOWS\Minidump
2009-04-02 18:35:32 ----D---- C:\WINDOWS\Debug
2009-04-01 23:59:16 ----HD---- C:\WINDOWS\inf
2009-04-01 21:52:24 ----D---- C:\Documents and Settings\Dieu\Application Data\BitTorrent
2009-03-29 20:11:51 ----D---- C:\Documents and Settings\Dieu\Application Data\FileZilla
2009-03-16 03:00:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-15 03:01:28 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-13 21:15:03 ----D---- C:\WINDOWS\system32\LogFiles
2009-03-13 21:02:41 ----A---- C:\WINDOWS\win.ini
2009-03-13 21:02:36 ----D---- C:\Program Files\Windows Media Player
2009-03-13 21:02:35 ----D---- C:\WINDOWS\Help
2009-03-11 16:28:18 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-07 20:06:52 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-07 20:03:27 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-07 19:28:28 ----D---- C:\WINDOWS\system32\DirectX
2009-03-07 19:28:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-07 19:13:52 ----RSD---- C:\WINDOWS\Fonts
2009-03-07 19:13:40 ----SD---- C:\Documents and Settings\Dieu\Application Data\Microsoft
2009-03-07 19:02:10 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-03-06 14:55:40 ----D---- C:\Program Files\Fichiers communs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-04-02 226832]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-09-02 15781]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-06-03 3100160]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 SaiH0006;SaiH0006; C:\WINDOWS\system32\DRIVERS\SaiH0006.sys [2004-07-26 56576]
R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2004-07-26 15616]
R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2004-07-26 26752]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 asc3550p;asc3550p; C:\WINDOWS\system32\drivers\asc3550p.sys []
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 LycoFltr;Lycosa Keyboard; C:\WINDOWS\System32\Drivers\Lycosa.sys []
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-11-18 379456]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-03 552960]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-04-02 206088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-14 66872]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

1/

Cherche ce fichier : F:\Anti Virus Malware\Dieu.exe

Double-clique sur ce fichier.

Choisis Do a system scan only.

Coche la case qui est devant la ligne suivante :

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - ms-its:d:\Program Files\The Tournament Director 2\TD.lib::/comdlg32.cab

Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

Ferme HijackThis.


2/

Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

Double-clique sur OTMoveIt3.exe pour le lancer.

Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:services
asc3550p

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver asc3550p not found.
Service\Driver key asc3550p deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Dieu\LOCALS~1\Temp\etilqs_FSniXVKPKKNxMD4rfNSR scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\cch~1b912ece6bc.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1b912f45e88.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1b937039b84.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1b9371e6338.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1b95d2d4f68.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1b95d34c3b0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1bb0fa1d2bc.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1bb0fccd738.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1bb712fd4c4.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1bb7136f344.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1bb7823e72c.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1bb782b1c80.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1bbe7ccd4ec.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~1bbe7d4fbc0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~477d146024.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~477d1aa1d0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~5432f11bcc.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~5432f7fb7c.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_804.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04042009_192708

Files moved on Reboot...
File C:\DOCUME~1\Dieu\LOCALS~1\Temp\etilqs_FSniXVKPKKNxMD4rfNSR not found!
File C:\WINDOWS\temp\cch~1b912ece6bc.htp not found!
File C:\WINDOWS\temp\cch~1b912f45e88.htp not found!
File C:\WINDOWS\temp\cch~1b937039b84.htp not found!
File C:\WINDOWS\temp\cch~1b9371e6338.htp not found!
File C:\WINDOWS\temp\cch~1b95d2d4f68.htp not found!
File C:\WINDOWS\temp\cch~1b95d34c3b0.htp not found!
File C:\WINDOWS\temp\cch~1bb0fa1d2bc.htp not found!
File C:\WINDOWS\temp\cch~1bb0fccd738.htp not found!
File C:\WINDOWS\temp\cch~1bb712fd4c4.htp not found!
File C:\WINDOWS\temp\cch~1bb7136f344.htp not found!
File C:\WINDOWS\temp\cch~1bb7823e72c.htp not found!
File C:\WINDOWS\temp\cch~1bb782b1c80.htp not found!
File C:\WINDOWS\temp\cch~1bbe7ccd4ec.htp not found!
File C:\WINDOWS\temp\cch~1bbe7d4fbc0.htp not found!
File C:\WINDOWS\temp\cch~477d146024.htp not found!
File C:\WINDOWS\temp\cch~477d1aa1d0.htp not found!
File C:\WINDOWS\temp\cch~5432f11bcc.htp not found!
File C:\WINDOWS\temp\cch~5432f7fb7c.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_804.dat not found!
C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Dieu\Local Settings\Application Data\Mozilla\Firefox\Profiles\jskaw343.default\XUL.mfl moved successfully.

Ton PC va bien ?

Oui, ça va.

Pas de fenêtre pop-up intempestive.
Mon Anti-virus reste calme....

Une sacrée saloperie ces virus. Une plaie à enlever !!!

Merci beaucoup de ton aide.

Un jour faudra que tu m'expliques le cheminement, ce que tu cherches dans les log....
Et comment tu fais pour savoir que certains fichiers sont à supprimer....

Penses-tu que mon anti-virus suffit ?
Ou dois-je me procurer d'autres moyens de défenses ?

En tout cas merci encore !!!!

1/

Désinstalle HijackThis.

Télécharge ToolsCleaner2 sur ton Bureau.

Double-clique sur ToolsCleaner2.exe pour le lancer.

Clique sur Recherche et laisse le scan agir.

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options Facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

Télécharge et installe CCleaner Slim.

Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....

Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.

Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.


==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


==Problème résolu ?==

Si tu estimes que ton problème est résolu :

---> Ajoute maintenant [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer .

Rajoute la mention [Résolu] devant le titre.

Clique ensuite sur Valider votre message.


Sois plus vigilant(e) sur Internet