Ordinateur fonctionne que en mode sans echec sinon ecran noir

Bonjour,

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

info.txt logfile of random's system information tool 1.06 2009-05-05 19:08:03

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Alps Pointing-device for VAIO-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Atlantis - Sky Patrol -->C:\Big Fish Games\Atlantis - Sky Patrol\Uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Big Fish Games Sudoku-->C:\Big Fish Games\sudoku\Uninstall.exe
Browser Address Error Redirector-->regsvr32 /u /s "C:\PROGRA~1\GOOGLE~1\BAE.dll"
Centre de Big Fish Games-->C:\Big Fish Games\Uninstall.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Click to Disc Editor-->C:\Program Files\InstallShield Installation Information\{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}\setup.exe -runfromtemp -l0x040c
Click to Disc-->C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x040c -removeonly
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x40c /remove
Creative WebCam Live! Driver (1.01.01.0730)-->C:\Windows\CtDrvIns.exe -uninstall -script Pd0630.uns -unsext NT -plugin P0630Pin.dll -pluginres P0630Pin.crl
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {69ca8988-1c6c-4285-b8af-db780a6e42af}
Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->MsiExec.exe /X{69CA8988-1C6C-4285-B8AF-DB780A6E42AF}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Kaspersky Online Scanner-->C:\Windows\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kaspersky On-line Scanner-->C:\Windows\system32\KASPER~1\KASPER~1\kavuninstall.exe
Mahjong Towers Eternity -->C:\Big Fish Games\Mahjong Towers Eternity\Uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Micromega Software System EasyScan-->"C:\Program Files\EasyScan\Uninstall.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{1F24E48F-7692-4E89-8784-68DD4D2712A0}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{A30179B7-997A-4D47-AA43-57AE59A9C78B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\wmv9vcm.inf, Uninstall
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery Case Files - Prime Suspects -->C:\Big Fish Games\Mystery Case Files - Prime Suspects\Uninstall.exe
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
OpenMG Limited Patch 4.7-07-15-19-01-->c:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-15-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de restauration de données VAIO-->C:\Program Files\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe -runfromtemp -l0x040c -removeonly
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Outil VAIO Media Registration 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x40c UNINSTALL -removeonly
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.0-->MsiExec.exe /X{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Roxio Activation Module-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Easy Media Creator Home-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Setting Utility Series-->"C:\Program Files\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -runfromtemp -l0x040c -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Video Shared Library-->C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x040c -removeonly
UsbFix-->C:\UsbFix\Uninstal.exe
VAIO Content Folder Setting-->"C:\Program Files\InstallShield Installation Information\{23825B69-36DF-4DAD-9CFD-118D11D80F16}\setup.exe" -runfromtemp -l0x040c -removeonly
VAIO Content Metadata Intelligent Analyzing Manager-->C:\Program Files\InstallShield Installation Information\{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO Content Metadata Manager Setting-->C:\Program Files\InstallShield Installation Information\{69351E9E-23ED-41D5-B146-EDBF83C63B66}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO Content Metadata XML Interface Library-->C:\Program Files\InstallShield Installation Information\{B5E2DF30-1061-4DB4-AF28-08996C8E5680}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO Control Center-->"C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -runfromtemp -l0x040c -removeonly
VAIO DVD Menu Data Basic-->C:\Program Files\InstallShield Installation Information\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO Entertainment Platform-->C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO Event Service-->"C:\Program Files\InstallShield Installation Information\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}\setup.exe" -runfromtemp -l0x040c -removeonly
VAIO Launcher-->"C:\Program Files\InstallShield Installation Information\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}\setup.exe" -runfromtemp -l0x040c -removeonly
Vaio Marketing Tools-->C:\Program Files\Sony\Marketing Tools\Uninstaller.exe /bootstrap
VAIO Media 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x40c UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x40c UNINSTALL
VAIO Media Content Collection 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x40c UNINSTALL -removeonly
VAIO Media Integrated Server 6.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x40c UNINSTALL -removeonly
VAIO Media Redistribution 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x40c UNINSTALL -removeonly
VAIO Movie Story Template Data-->C:\Program Files\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO Movie Story-->C:\Program Files\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO MusicBox Sample Music-->"C:\Program Files\InstallShield Installation Information\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}\setup.exe" -runfromtemp -l0x040c -removeonly
VAIO MusicBox-->"C:\Program Files\InstallShield Installation Information\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}\setup.exe" -runfromtemp -l0x040c -removeonly
VAIO Original Function Setting-->"C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -runfromtemp -l0x040c -removeonly
VAIO Power Management-->"C:\Program Files\InstallShield Installation Information\{802889F8-6AF5-45A5-9764-CA5B999E50FC}\setup.exe" -runfromtemp -l0x040c -removeonly
VAIO Smart Network-->"C:\Program Files\InstallShield Installation Information\{3B659FAD-E772-44A3-B7E7-560FF084669F}\setup.exe" -runfromtemp -l0x040c -removeonly
VAIO Update 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x40c -removeonly
VAIO Wallpaper Contents-->"C:\Program Files\InstallShield Installation Information\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}\setup.exe" -runfromtemp -l0x040c -removeonly
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Villagers -->C:\Big Fish Games\Virtual Villagers\Uninstall.exe
Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinDVD for VAIO-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x040c

======Security center information======

AS: Windows Defender (disabled)

======System event log======

Computer Name: matth
Event Code: 10005
Message: DCOM a reçu l'erreur "1068" lors de la mise en route du service fdPHost avec les arguments "" pour démarrer le serveur :
{145B4335-FE2A-4927-A040-7C35AD3180EF}
Record Number: 119698
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090505133535.000000-000
Event Type: Erreur
User:

Computer Name: matth
Event Code: 10005
Message: DCOM a reçu l'erreur "1084" lors de la mise en route du service WSearch avec les arguments "" pour démarrer le serveur :
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Record Number: 119700
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090505133537.000000-000
Event Type: Erreur
User:

Computer Name: matth
Event Code: 10005
Message: DCOM a reçu l'erreur "1084" lors de la mise en route du service WSearch avec les arguments "" pour démarrer le serveur :
{9E175B6D-F52A-11D8-B9A5-505054503030}
Record Number: 119701
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090505133540.000000-000
Event Type: Erreur
User:

Computer Name: matth
Event Code: 10005
Message: DCOM a reçu l'erreur "1068" lors de la mise en route du service BITS avec les arguments "" pour démarrer le serveur :
{4991D34B-80A1-4291-83B6-3328366B9097}
Record Number: 119702
Source Name: Microso

Logfile of random's system information tool 1.06 (written by random/random)
Run by Matthieu at 2009-05-05 19:12:15
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 11 GB (11%) free of 98 GB
Total RAM: 2038 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:16, on 5/05/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Matthieu\Downloads\RSIT.exe
C:\Program Files\trend micro\Matthieu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10391 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-11-07 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-07 1006264]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-09-20 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-09-20 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-09-20 137752]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-25 4669440]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-06-10 118784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-09-19 311296]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-12 29744]
"MarketingTools"=C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [2007-11-07 36864]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-06 198160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]
"NSUFloatingUI"=C:\Program Files\Sony\Network Utility\LANUtil.exe [2007-09-20 253952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\Users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-09-20 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-08-14 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\River Past\Cam Do\CamDo.exe"="C:\Program Files\River Past\Cam Do\CamDo.exe:*:Enabled:River Past Cam Do"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cadef9-7f75-11dd-8d02-001a80b88cdf}]
shell\Auto\command - wscript "esta ig.vbs"
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"


======List of files/folders created in the last 1 months======

2009-05-05 19:07:37 ----D---- C:\Program Files\trend micro
2009-05-05 19:07:36 ----D---- C:\rsit
2009-05-05 10:53:43 ----D---- C:\UsbFix
2009-05-05 10:47:13 ----A---- C:\TB.txt
2009-05-05 10:46:33 ----D---- C:\ToolBar SD
2009-05-05 10:43:17 ----SHD---- C:\$RECYCLE.BIN
2009-05-04 12:47:49 ----D---- C:\Users\Matthieu\AppData\Roaming\Malwarebytes
2009-05-04 12:47:44 ----D---- C:\ProgramData\Malwarebytes
2009-05-04 12:47:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-03 20:07:33 ----D---- C:\Windows\system32\Kaspersky Lab
2009-05-03 18:08:16 ----D---- C:\Windows\Registration
2009-05-03 18:08:01 ----A---- C:\Windows\ntbtlog.txt
2009-04-17 00:25:37 ----A---- C:\Windows\system32\winhttp.dll
2009-04-17 00:25:34 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-17 00:25:34 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-17 00:25:23 ----A---- C:\Windows\system32\rpcss.dll
2009-04-17 00:25:20 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-17 00:25:20 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-17 00:25:20 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-17 00:25:19 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-17 00:25:19 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-17 00:25:19 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-17 00:25:19 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-17 00:25:19 ----A---- C:\Windows\system32\iasads.dll
2009-04-17 00:25:12 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-17 00:25:12 ----A---- C:\Windows\system32\kernel32.dll
2009-04-17 00:25:11 ----A---- C:\Windows\system32\secur32.dll
2009-04-17 00:25:11 ----A---- C:\Windows\system32\lsass.exe
2009-04-17 00:25:11 ----A---- C:\Windows\system32\apilogen.dll
2009-04-17 00:25:11 ----A---- C:\Windows\system32\amxread.dll
2009-04-17 00:25:02 ----A---- C:\Windows\system32\mshtml.dll
2009-04-17 00:24:59 ----A---- C:\Windows\system32\ieframe.dll
2009-04-17 00:24:58 ----A---- C:\Windows\system32\urlmon.dll
2009-04-17 00:24:58 ----A---- C:\Windows\system32\iertutil.dll
2009-04-17 00:24:58 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-17 00:24:58 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-17 00:24:57 ----A---- C:\Windows\system32\wininet.dll
2009-04-17 00:24:57 ----A---- C:\Windows\system32\occache.dll
2009-04-17 00:24:57 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-17 00:24:57 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-17 00:24:57 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-17 00:24:56 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-17 00:24:56 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-17 00:24:56 ----A---- C:\Windows\system32\ieencode.dll
2009-04-17 00:24:56 ----A---- C:\Windows\system32\admparse.dll
2009-04-17 00:24:55 ----A---- C:\Windows\system32\mstime.dll
2009-04-17 00:24:55 ----A---- C:\Windows\system32\ieui.dll
2009-04-17 00:24:55 ----A---- C:\Windows\system32\iesetup.dll
2009-04-17 00:24:55 ----A---- C:\Windows\system32\iernonce.dll
2009-04-17 00:24:55 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-17 00:24:55 ----A---- C:\Windows\system32\icardie.dll
2009-04-17 00:24:55 ----A---- C:\Windows\system32\advpack.dll
2009-04-17 00:24:54 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-17 00:24:54 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-17 00:24:54 ----A---- C:\Windows\system32\ieakui.dll
2009-04-17 00:24:53 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-17 00:24:52 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-10 12:31:58 ----D---- C:\Program Files\Securitoo
2009-04-10 12:29:04 ----D---- C:\Program Files\Common Files\France Telecom

======List of files/folders modified in the last 1 months======

2009-05-05 19:07:37 ----RD---- C:\Program Files
2009-05-05 19:06:57 ----D---- C:\Program Files\Mozilla Firefox
2009-05-05 16:00:17 ----D---- C:\Windows\Temp
2009-05-05 13:42:43 ----D---- C:\Windows\System32
2009-05-05 13:42:42 ----D---- C:\Windows\inf
2009-05-05 13:42:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-04 12:47:47 ----D---- C:\Windows\system32\drivers
2009-05-04 12:47:44 ----HD---- C:\ProgramData
2009-05-04 12:03:31 ----D---- C:\Windows\Prefetch
2009-05-04 12:02:42 ----D---- C:\Windows\system32\LogFiles
2009-05-03 20:07:34 ----SD---- C:\Windows\Downloaded Program Files
2009-05-03 18:08:42 ----D---- C:\Windows\system32\wbem
2009-05-03 18:08:16 ----D---- C:\Windows
2009-05-03 18:04:48 ----D---- C:\Windows\system32\config
2009-05-03 18:04:38 ----D---- C:\Windows\Tasks
2009-05-03 18:04:38 ----D---- C:\Windows\system32\spool
2009-05-03 18:04:38 ----D---- C:\Windows\system32\catroot2
2009-05-03 18:02:25 ----SHD---- C:\System Volume Information
2009-04-30 09:53:26 ----SHD---- C:\Windows\Installer
2009-04-27 14:46:33 ----D---- C:\Users\Matthieu\AppData\Roaming\Skype
2009-04-27 12:26:43 ----D---- C:\Users\Matthieu\AppData\Roaming\skypePM
2009-04-23 12:35:40 ----D---- C:\Users\Matthieu\AppData\Roaming\Sony Corporation
2009-04-17 19:07:37 ----D---- C:\Windows\winsxs
2009-04-17 19:07:27 ----D---- C:\Windows\system32\catroot
2009-04-17 19:04:26 ----D---- C:\Program Files\Windows Mail
2009-04-17 19:04:25 ----D---- C:\Windows\system32\manifeststore
2009-04-17 19:04:25 ----D---- C:\Windows\AppPatch
2009-04-17 19:04:24 ----D---- C:\Windows\system32\migration
2009-04-17 19:04:24 ----D---- C:\Program Files\Internet Explorer
2009-04-10 12:34:44 ----SD---- C:\Users\Matthieu\AppData\Roaming\Microsoft
2009-04-10 12:29:04 ----D---- C:\Program Files\Common Files
2009-04-08 22:08:56 ----D---- C:\Users\Matthieu\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-26 23152]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-26 50864]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-10 140800]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-10-25 776704]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-20 246784]
S1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-26 111184]
S1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-09-19 10216]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-09-20 12672]
S2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-09-20 8192]
S3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-05-29 14208]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-09-20 985600]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-09-20 207360]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-20 1776128]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-25 1841312]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 P0630VID;Creative WebCam Live!; C:\Windows\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
S3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]
S3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-02-13 128104]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-09-20 659968]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
S2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S2 NSUService;NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [2007-09-20 204800]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
S2 SQLWriter;Enregistreur VSS SQL Server; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
S2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-08-14 182392]
S2 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2007-06-20 2523136]
S2 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S2 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S2 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S2 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S2 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2007-08-28 192512]
S2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2007-08-28 131072]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-09-20 386560]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-15 72704]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-12 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-07 138168]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2007-06-28 73728]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-06-20 499712]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136]
S3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2007-06-28 274432]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

Désactive l'UAC le temps de la désinfection.

Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.

Lance l'installation avec les paramètres par défaut.

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Clique droit sur le raccourci UsbFix sur ton Bureau et choisis Exécuter en tant qu'administrateur.

Choisis l'option 1 (Recherche).

Laisse travailler l'outil.

Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

bon alors je ne sais pas si ca peut servir apres avoir desactivé l'UAC l'ordinateur à redémarrer en mode normal et j'ai pu lancer usb fix en mode normal, mais la connexion à internet etait impossible.

voici le rapport:


############################## [ UsbFix V3.016 # Scan ]

# User : Matthieu (Administrateurs) # MATTH
# Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 20:15:58 | 5/05/2009

# Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
# Internet Explorer 7.0.6000.16830
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 95,28 Go (8,58 Go free) # NTFS
# D:\ # Disque amovible
# E:\ # Disque amovible
# F:\ # Disque CD-ROM
# G:\ # Disque fixe local # 46,33 Go (15,36 Go free) [DONNEES] # NTFS
# H:\ # Disque amovible # 1,91 Go (570,89 Mo free) [CLÉ MATTH] # FAT32

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.google.com"
HKCU_Main: "Start Page"="http://www.club-vaio.com"
HKCU_Main: "Secondary Start Pages"=hex(7):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,70,00,\
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM_Run: IgfxTray=C:\Windows\system32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\Windows\system32\hkcmd.exe
HKLM_Run: Persistence=C:\Windows\system32\igfxpers.exe
HKLM_Run: RtHDVCpl=RtHDVCpl.exe
HKLM_Run: Apoint=C:\Program Files\Apoint\Apoint.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: ISBMgr.exe="C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
HKLM_Run: Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM_Run: MarketingTools=C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: {0228e555-4f9c-4e35-a3ec-b109a192b4c2}=C:\Program Files\Google\Gmail Notifier\gnotify.exe
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: Picasa Media Detector=C:\Program Files\Picasa2\PicasaMediaDetector.exe
HKCU_Run: NSUFloatingUI="C:\Program Files\Sony\Network Utility\LANUtil.exe"
HKCU_Run: WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

################## [ Informations ]


################## [ Fichiers # Dossiers infectieux ]

Found ! H:\ravmone.exe
Found ! H:\msvcr71.dll

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{f5cadef9-7f75-11dd-8d02-001a80b88cdf}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{f5cadef9-7f75-11dd-8d02-001a80b88cdf}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.016 ! ]

Le disque amovible CLÉ MATTH est infecté.

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Clique droit sur le raccourci UsbFix présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.

Choisis l'option 2 (Suppression).

Ton Bureau disparaîtra et le PC redémarrera.

Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

bon ca ne marche pas.

en effet en mode normal je lance usb fix normalement sans probleme il redemarre, mais lorsqu'il se relance il se bloque sur un ecran noir avec la fenetre usb fix qui s'affiche et qui dit qu'il va se lancer mais meme au bout de 15 min, rien ...
lorsque je le ferme le bureau s'affiche a nouveau, en cherchant le rapport usb fix il y en a un sur le disque dur mais il n'y a rien dessus ...

On va faire sans UsbFix.

Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.

Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
H:\ravmone.exe
H:\msvcr71.dll

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cadef9-7f75-11dd-8d02-001a80b88cdf}]

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder H:\ravmone.exe not found.
File/Folder H:\msvcr71.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cadef9-7f75-11dd-8d02-001a80b88cdf}\\ not found.
========== COMMANDS ==========
File delete failed. C:\Users\Matthieu\AppData\Local\Temp\etilqs_MpMyqWeUkXOzyz3KcDxT scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05052009_213014

Files moved on Reboot...
File C:\Users\Matthieu\AppData\Local\Temp\etilqs_MpMyqWeUkXOzyz3KcDxT not found!
C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\urlclassifier3.sqlite moved successfully.
C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\XUL.mfl moved successfully.

Refais l'option 1 d'UsbFix.

############################## [ UsbFix V3.016 # Scan ]

# User : Matthieu (Administrateurs) # MATTH
# Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:45:45 | 5/05/2009

# Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
# Internet Explorer 7.0.6000.16830
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 95,28 Go (11,61 Go free) # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque fixe local # 46,33 Go (16,04 Go free) [DONNEES] # NTFS
# H:\ # Disque amovible # 1,91 Go (574,57 Mo free) [CLÉ MATTH] # FAT32

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.google.com"
HKCU_Main: "Start Page"="http://www.club-vaio.com"
HKCU_Main: "Secondary Start Pages"=hex(7):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,70,00,\
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM_Run: IgfxTray=C:\Windows\system32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\Windows\system32\hkcmd.exe
HKLM_Run: Persistence=C:\Windows\system32\igfxpers.exe
HKLM_Run: RtHDVCpl=RtHDVCpl.exe
HKLM_Run: Apoint=C:\Program Files\Apoint\Apoint.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: ISBMgr.exe="C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
HKLM_Run: Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM_Run: MarketingTools=C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: {0228e555-4f9c-4e35-a3ec-b109a192b4c2}=C:\Program Files\Google\Gmail Notifier\gnotify.exe
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: Picasa Media Detector=C:\Program Files\Picasa2\PicasaMediaDetector.exe
HKCU_Run: NSUFloatingUI="C:\Program Files\Sony\Network Utility\LANUtil.exe"
HKCU_Run: WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

################## [ Informations ]


################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

################## [ Registre # Mountpoints2 ]

# -> Not Found !

################## [ ! Fin du rapport # UsbFix V3.016 ! ]

Il faut que tu installes le SP1 de Vista.

c'est à dire?

peux tu préciser ...
merci

http://www.microsoft.com/downloads/details.aspx?FamilyI...

mais il dise qu'il faut au moins 12Go de libre sur certains site alors que je n'ai pas ca de disponible...
y'a pas moyen de faire autrement ???

Il est impératif d'avoir le SP1.

Le SP1 ne prend pas 12Go.

sur le site il parle de faire la mise à jour avec windows update si l'on a qu'un seul ordinateur.
est ce possible en mode sans echec ???

---> Oui mais ça fonctionne aussi avec le lien que je t'ai donné (testé par moi-même).


---> Aucune idée.

bon alors j'ai fait l'installation, je crois que ca a marché.
mais lorsque j'ouvre mon bureau normalement, aucun connexion à internet n'est possible, je peux ouvrir des programmes mais ca bug au bout de 30s et je suis obligé de redémarrer.
et ca ne marche toujours qu'en mode sans echec

Ton problème est apparu comment ?

mon probleme du debut est apparu quand j'ai voulu le redemarrer un matin apres l'avoir utilisé le soir sans aucun souci et sans rien telechargé...

Essaie une restauration système avant ce problème.

deja fait mais ca n'a rien donné

Télécharge Dr.Web CureIt! sur ton Bureau.

Double-clique sur drweb-cureit.exe et clique sur Commencer le scan.

Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, clique sur le bouton Oui pour Tout à l'invite.

Lorsque le scan rapide est terminé, clique sur Options > Changer la configuration.

Choisis l'onglet Scanner, et décoche Analyse heuristique.

De retour à la fenêtre principale : choisis Analyse complète.

Clique la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, ferme-la.

Clique Oui pour Tout si un fichier est détecté.

A la fin du scan, si des infections sont trouvées, clique sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, clique sur Quarantaine.

Au menu principal de l'outil, en haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport.

Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv.

Ferme Dr.Web CureIt!

Redémarre ton ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.

Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.

NB : Dr.Web en version gratuite est un scanner à la demande et n'entre pas en conflit avec ton antivirus résident. Tu pourras finalement supprimer Dr.Web à la fin des manipulations.

voici le rapport de dr web

UsbFix.exe\data013 C:\Documents and Settings\Matthieu\Downloads\UsbFix.exe Tool.Prockill
UsbFix.exe C:\Documents and Settings\Matthieu\Downloads Conteneur comporte des objets infectés Supprimé.
UsbFix.exe\data013 C:\Users\Matthieu\Downloads\UsbFix.exe Tool.Prockill
UsbFix.exe C:\Users\Matthieu\Downloads Conteneur comporte des objets infectés Chemin invalide pour le fichier
RavMonE.exe C:\_OTMoveIt\MovedFiles\05052009_212541 Win32.HLLW.Peerav Supprimé.

je n'ai toujours pas pu me connecter à internet et mes programmes bloquent ...  

Supprime les traces de Norton avec ceci.

voila c'est fait mais rien de nouveau ...

Vérifie que ton disque dur n'est pas passé en mode PIO :
http://kerio.probb.fr/maitriser-windows-f4/windows-deve...

bon mon disque dur n'est apparament pas en mode IPO
par contre j'ai reussi à démarrer le gestionnaire de périphérique en mode normal et j'ai vu ceci:

dans appareil mobile, il y avait un triangle jaune devant :

"pilote de volume de systeme de fichiers microsoft WPD"

est ce que ca peut etre ca ?
si oui que faire.

merci

Ça ne me dit rien.

c'est peut etre plus un probleme windows, non ?

Je pense aussi.

je vais refaire un post dans windows ...

merci pour tout

Tiens-moi au courant.

bon j'ai du nouveau.

apres avoir fait une derniere detection de virus avec combo fix

j'ai reussi a me reconnecter mais ca bloquait encore pour certains programme

après j'ai fait un nettoyage de disque et fait supprimer tout ce qu'il me disait de supprimer...

j'ai redémarrer mon ordinateur en mode normal et tout à l'air normal...

à n'y rien comprendre.

du coup je ne sais pas trop ce que c'etait surement un virus qd meme?

en tout cas merci pour tout

Tu as le rapport de ComboFix ?

bon ca ne marche pas encore terrible, en mode normal la connexion marche une fois sur deux, et des fois les programmes bloquent...

a mon avis il s'agit bien d'un virus.
j'ai le nouveau rapport combofix :
ComboFix 09-05-07.06 - Matthieu 08/05/2009 12:23.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2038.1500 [GMT 2:00]
Lancé depuis: c:\users\Matthieu\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-08 au 2009-05-08 ))))))))))))))))))))))))))))))))))))
.

2009-05-08 09:55 . 2009-05-08 09:55 -------- d-----w c:\users\Matthieu\AppData\Roaming\AVG8
2009-05-08 09:43 . 2009-05-08 09:43 -------- d-----w c:\program files\CCleaner
2009-05-08 09:37 . 2009-05-08 09:37 -------- d-----w c:\program files\ewido anti-spyware 4.0
2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w C:\3753da3a9fb808f25d0f4b4ce3a922c5
2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w C:\e45cdfa8ba675f105765a170b3
2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\programdata\NortonInstaller
2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\users\All Users\NortonInstaller
2009-05-06 19:16 . 2009-05-07 08:26 -------- d-----w c:\users\Matthieu\DoctorWeb
2009-05-05 21:27 . 2009-05-05 21:10 47560 ----a-w c:\windows\system32\SPReview.exe
2009-05-05 21:27 . 2009-05-05 21:10 152576 ----a-w c:\windows\system32\SPWizUI.dll
2009-05-05 20:55 . 2008-01-18 21:33 44032 ----a-w c:\windows\system32\cbsra.exe
2009-05-05 20:55 . 2009-05-05 20:56 -------- d-----w C:\ebb871ffd74f4ef90e8f8e4f
2009-05-05 20:55 . 2009-05-05 20:55 -------- d-----w C:\491adcfcf13b00baed30
2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w C:\_OTMoveIt
2009-05-05 17:07 . 2009-05-05 17:12 -------- d-----w c:\program files\trend micro
2009-05-05 17:07 . 2009-05-05 17:08 -------- d-----w C:\rsit
2009-05-05 08:53 . 2009-05-05 20:10 -------- d-----w C:\UsbFix
2009-05-05 08:46 . 2009-05-05 08:48 -------- d-----w C:\ToolBar SD
2009-05-05 08:43 . 2009-05-05 08:43 -------- d-sh--w C:\$RECYCLE.BIN
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\Matthieu\AppData\Roaming\Malwarebytes
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\programdata\Malwarebytes
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-03 18:07 . 2009-05-03 18:07 -------- d-----w c:\windows\system32\Kaspersky Lab
2009-04-10 10:33 . 2006-11-28 18:46 28224 ----a-w c:\windows\system32\drivers\PCAMp50.sys
2009-04-10 10:33 . 2006-11-28 18:46 27072 ----a-w c:\windows\system32\drivers\PCASp50.sys
2009-04-10 10:31 . 2009-04-10 10:31 -------- d-----w c:\program files\Securitoo
2009-04-10 10:29 . 2009-04-10 10:29 -------- d-----w c:\program files\Common Files\France Telecom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 09:42 . 2006-11-02 15:48 745318 ----a-w c:\windows\system32\perfh00C.dat
2009-05-08 09:42 . 2006-11-02 15:48 140414 ----a-w c:\windows\system32\perfc00C.dat
2009-05-07 19:30 . 2008-05-27 09:53 1356 ----a-w c:\users\Matthieu\AppData\Local\d3d9caps.dat
2009-05-07 13:43 . 2008-05-24 13:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-05 19:35 . 2008-05-27 09:53 106640 ----a-w c:\users\Matthieu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 17:04 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-02 11:42 . 2009-04-02 11:42 -------- d-----w c:\program files\WMV9_VCM
2009-03-21 14:22 . 2009-03-21 14:20 -------- d-----w c:\program files\PDFCreator
2009-03-21 14:21 . 2009-03-21 14:21 -------- d-----w c:\program files\pdfforge Toolbar
2009-03-19 10:59 . 2007-11-07 13:17 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-18 08:45 . 2007-11-07 13:21 -------- d-----w c:\program files\DivX
2009-03-17 03:16 . 2009-04-16 22:25 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 22:25 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:24 . 2009-04-16 22:25 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-16 22:25 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-16 22:24 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-16 22:25 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 22:25 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 22:25 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 22:24 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 22:25 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 22:25 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 22:25 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 22:24 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-16 22:24 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-16 22:25 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-16 22:24 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-16 22:24 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-02-13 07:26 . 2009-04-16 22:25 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 07:26 . 2009-04-16 22:25 1233408 ----a-w c:\windows\system32\lsasrv.dll
2009-02-13 07:26 . 2009-04-16 22:25 7680 ----a-w c:\windows\system32\lsass.exe
2009-02-09 01:59 . 2009-03-11 10:38 2028032 ----a-w c:\windows\system32\win32k.sys
2008-12-13 10:14 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-05-07_19.15.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-27 09:54 . 2009-05-08 10:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-27 09:54 . 2009-05-08 10:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:33 . 2009-05-08 09:42 656850 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-07 18:39 656850 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-07 18:39 121446 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-08 09:42 121446 c:\windows\System32\perfc009.dat
+ 2008-05-27 09:54 . 2009-05-08 10:06 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 14:12 650752 ----a-w c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-12 29744]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-07 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-06 198160]
"!ewido"="c:\program files\ewido anti-spyware 4.0\ewido.exe" [2006-06-16 6283264]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-25 4669440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{58CDA8C9-C883-4B6E-A05F-1BDA9371B7B1}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{4C6F3B17-7AED-4F83-B7CF-9B48FB0C959E}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B89EE9B4-9094-45F4-96C5-D9044E7A060C}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{D5013AE2-391B-48AD-A951-920057EB211E}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{B2A37831-7599-4AFA-99FE-5F86422B719F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{7BBEA102-9ADE-4DDB-AF20-6297F3379B6F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{6382DFC2-D235-4AB3-9FD6-8A155051BC86}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{74215158-21E9-4E59-B4B1-C9E24F84DE7F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{A5EA9615-FC11-4743-9E59-AE88B162B30F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{50AE8A22-E75C-4BAC-83FC-6BE90F00BFA6}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{C6DCBD39-F4F5-4766-A546-DD9BEF7A1A30}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{51DCB9B6-46E2-4125-B0B3-9DCA6BCD5DED}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{C45425B5-A9EC-47E7-8351-402ED05C12EF}"= Disabled:UDP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
"{4E05C8D9-3871-49E5-B258-5106909751C1}"= Disabled:TCP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
"{F2B0AFA5-6697-4B0E-9C42-470937F48683}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C2F9105B-B21F-40A0-B843-61073D1799DB}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{106BCE31-D7ED-4FC3-9739-EAF80124595A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{9A9B623C-E030-44F2-BF8C-AEB564907D22}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{871864FE-8DCB-4B0C-88A9-97B2423B59AD}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{D08A613D-F523-4AEF-B88C-EA7FDB1EFC9F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{85717844-719B-46F7-970A-221F04D76271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F1E56A31-0088-47A8-8A55-E32FACF629A8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{13D526A5-0CD0-4B54-9D9A-68FD6EAE6659}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{0B6C8167-8EFD-46C5-9420-63C61FA909E2}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{69F583CE-CF88-4A53-927B-B4810B6EBE17}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{1EAFE4A3-5434-4CF8-A670-46E8F8DCD1F9}"= UDP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool
"{D21DFE5B-B05B-4682-8D74-BB872522801E}"= TCP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\River Past\\Cam Do\\CamDo.exe"= c:\program files\River Past\Cam Do\CamDo.exe:*:Enabled:River Past Cam Do

R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [7/11/2007 20:42 9344]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/05/2008 12:13 111184]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/05/2008 12:13 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/05/2008 12:13 51792]
S2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16/01/2008 9:46 30312]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [24/05/2008 16:11 204800]
S2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032]
S2 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [24/05/2008 15:52 745472]
S2 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [24/05/2008 15:52 397312]
S2 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [24/05/2008 15:52 1089536]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/11/2007 15:21 29744]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
S3 P0630VID;Creative WebCam Live!;c:\windows\System32\drivers\P0630Vid.sys [3/06/2008 16:30 91830]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [10/04/2009 12:33 28224]
S3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [7/11/2007 20:42 812544]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [24/05/2008 16:01 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [24/05/2008 16:02 79136]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.club-vaio.com
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\users\Matthieu\AppData\Roaming\Mozilla\Firefox\Profiles\3jp21u1r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 12:26
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
Heure de fin: 2009-05-08 12:27
ComboFix-quarantined-files.txt 2009-05-08 10:27
ComboFix2.txt 2009-05-07 19:17

Avant-CF: 31.632.535.552 octets libres
Après-CF: 31.892.486.144 octets libres

229 --- E O F --- 2009-04-28 07:28

Rien de supprimer par ComboFix.

est ce que je peux lancer autre chose ???

Je n'ai plus rien à te donner.

dans le gestionnaire de peripherique j'ai :
autre peripherique
- peripherique inconnu ( avce un triangle jaune...)

je n'ai rien brancher de nouveau pourtant.

je sais pas si ca peut aider

recherche de rootkit avec Gmer voici le rapport(si ca peut donner d'autre piste...):

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-08 19:05:32
Windows 6.0.6000


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x8C8BC00A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x8C8BBF4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x8C8BBFAE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\Windows\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2924] kernel32.dll!ExitProcess 7674D84E 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2924] USER32.dll!MessageBoxA 75E656DF 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2924] USER32.dll!MessageBoxW 75E9FBED 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00200002
IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00200000

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Rien de particulier.

une autre analyse combo fix (au cas ou) :
ComboFix 09-05-07.06 - Matthieu 08/05/2009 21:17.4 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2038.1619 [GMT 2:00]
Lancé depuis: c:\users\Matthieu\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\Matthieu\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090502-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-08 au 2009-05-08 ))))))))))))))))))))))))))))))))))))
.

2009-05-08 09:55 . 2009-05-08 09:55 -------- d-----w c:\users\Matthieu\AppData\Roaming\AVG8
2009-05-08 09:43 . 2009-05-08 09:43 -------- d-----w c:\program files\CCleaner
2009-05-08 09:37 . 2009-05-08 11:22 -------- d-----w c:\program files\ewido anti-spyware 4.0
2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w C:\e45cdfa8ba675f105765a170b3
2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\programdata\NortonInstaller
2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\users\All Users\NortonInstaller
2009-05-06 19:16 . 2009-05-07 08:26 -------- d-----w c:\users\Matthieu\DoctorWeb
2009-05-05 21:27 . 2009-05-05 21:10 47560 ----a-w c:\windows\system32\SPReview.exe
2009-05-05 21:27 . 2009-05-05 21:10 152576 ----a-w c:\windows\system32\SPWizUI.dll
2009-05-05 20:55 . 2008-01-18 21:33 44032 ----a-w c:\windows\system32\cbsra.exe
2009-05-05 20:55 . 2009-05-05 20:56 -------- d-----w C:\ebb871ffd74f4ef90e8f8e4f
2009-05-05 20:55 . 2009-05-05 20:55 -------- d-----w C:\491adcfcf13b00baed30
2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w C:\_OTMoveIt
2009-05-05 17:07 . 2009-05-05 17:12 -------- d-----w c:\program files\trend micro
2009-05-05 17:07 . 2009-05-05 17:08 -------- d-----w C:\rsit
2009-05-05 08:53 . 2009-05-05 20:10 -------- d-----w C:\UsbFix
2009-05-05 08:46 . 2009-05-05 08:48 -------- d-----w C:\ToolBar SD
2009-05-05 08:43 . 2009-05-05 08:43 -------- d-sh--w C:\$RECYCLE.BIN
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\Matthieu\AppData\Roaming\Malwarebytes
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\programdata\Malwarebytes
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-03 18:07 . 2009-05-03 18:07 -------- d-----w c:\windows\system32\Kaspersky Lab
2009-04-10 10:33 . 2006-11-28 18:46 28224 ----a-w c:\windows\system32\drivers\PCAMp50.sys
2009-04-10 10:33 . 2006-11-28 18:46 27072 ----a-w c:\windows\system32\drivers\PCASp50.sys
2009-04-10 10:31 . 2009-04-10 10:31 -------- d-----w c:\program files\Securitoo
2009-04-10 10:29 . 2009-04-10 10:29 -------- d-----w c:\program files\Common Files\France Telecom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 19:13 . 2006-11-02 15:48 745318 ----a-w c:\windows\system32\perfh00C.dat
2009-05-08 19:13 . 2006-11-02 15:48 140414 ----a-w c:\windows\system32\perfc00C.dat
2009-05-08 17:47 . 2008-05-27 09:53 1356 ----a-w c:\users\Matthieu\AppData\Local\d3d9caps.dat
2009-05-07 13:43 . 2008-05-24 13:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-05 19:35 . 2008-05-27 09:53 106640 ----a-w c:\users\Matthieu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 17:04 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-02 11:42 . 2009-04-02 11:42 -------- d-----w c:\program files\WMV9_VCM
2009-03-21 14:22 . 2009-03-21 14:20 -------- d-----w c:\program files\PDFCreator
2009-03-21 14:21 . 2009-03-21 14:21 -------- d-----w c:\program files\pdfforge Toolbar
2009-03-19 10:59 . 2007-11-07 13:17 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-18 08:45 . 2007-11-07 13:21 -------- d-----w c:\program files\DivX
2009-03-17 03:16 . 2009-04-16 22:25 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 22:25 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:24 . 2009-04-16 22:25 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-16 22:25 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-16 22:24 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-16 22:25 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 22:25 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 22:25 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 22:24 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 22:25 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 22:25 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 22:25 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 22:24 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-16 22:24 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-16 22:25 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-16 22:24 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-16 22:24 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-02-13 07:26 . 2009-04-16 22:25 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 07:26 . 2009-04-16 22:25 1233408 ----a-w c:\windows\system32\lsasrv.dll
2009-02-13 07:26 . 2009-04-16 22:25 7680 ----a-w c:\windows\system32\lsass.exe
2009-02-09 01:59 . 2009-03-11 10:38 2028032 ----a-w c:\windows\system32\win32k.sys
2008-12-13 10:14 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-05-07_19.15.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-27 09:54 . 2009-05-08 19:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-27 09:54 . 2009-05-08 19:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:33 . 2009-05-08 19:13 656850 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-07 18:39 656850 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-07 18:39 121446 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-08 19:13 121446 c:\windows\System32\perfc009.dat
+ 2008-05-27 09:54 . 2009-05-08 19:06 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 14:12 650752 ----a-w c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-12 29744]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-07 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-06 198160]
"!ewido"="c:\program files\ewido anti-spyware 4.0\ewido.exe" [2006-06-16 6283264]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-25 4669440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{58CDA8C9-C883-4B6E-A05F-1BDA9371B7B1}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{4C6F3B17-7AED-4F83-B7CF-9B48FB0C959E}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B89EE9B4-9094-45F4-96C5-D9044E7A060C}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{D5013AE2-391B-48AD-A951-920057EB211E}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{B2A37831-7599-4AFA-99FE-5F86422B719F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{7BBEA102-9ADE-4DDB-AF20-6297F3379B6F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{6382DFC2-D235-4AB3-9FD6-8A155051BC86}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{74215158-21E9-4E59-B4B1-C9E24F84DE7F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{A5EA9615-FC11-4743-9E59-AE88B162B30F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{50AE8A22-E75C-4BAC-83FC-6BE90F00BFA6}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{C6DCBD39-F4F5-4766-A546-DD9BEF7A1A30}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{51DCB9B6-46E2-4125-B0B3-9DCA6BCD5DED}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{C45425B5-A9EC-47E7-8351-402ED05C12EF}"= Disabled:UDP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
"{4E05C8D9-3871-49E5-B258-5106909751C1}"= Disabled:TCP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
"{F2B0AFA5-6697-4B0E-9C42-470937F48683}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C2F9105B-B21F-40A0-B843-61073D1799DB}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{106BCE31-D7ED-4FC3-9739-EAF80124595A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{9A9B623C-E030-44F2-BF8C-AEB564907D22}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{871864FE-8DCB-4B0C-88A9-97B2423B59AD}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{D08A613D-F523-4AEF-B88C-EA7FDB1EFC9F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{85717844-719B-46F7-970A-221F04D76271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F1E56A31-0088-47A8-8A55-E32FACF629A8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{13D526A5-0CD0-4B54-9D9A-68FD6EAE6659}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{0B6C8167-8EFD-46C5-9420-63C61FA909E2}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{69F583CE-CF88-4A53-927B-B4810B6EBE17}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{1EAFE4A3-5434-4CF8-A670-46E8F8DCD1F9}"= UDP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool
"{D21DFE5B-B05B-4682-8D74-BB872522801E}"= TCP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\River Past\\Cam Do\\CamDo.exe"= c:\program files\River Past\Cam Do\CamDo.exe:*:Enabled:River Past Cam Do

R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [7/11/2007 20:42 9344]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/05/2008 12:13 111184]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/05/2008 12:13 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/05/2008 12:13 51792]
S2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16/01/2008 9:46 30312]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [24/05/2008 16:11 204800]
S2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032]
S2 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [24/05/2008 15:52 745472]
S2 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [24/05/2008 15:52 397312]
S2 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [24/05/2008 15:52 1089536]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/11/2007 15:21 29744]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
S3 P0630VID;Creative WebCam Live!;c:\windows\System32\drivers\P0630Vid.sys [3/06/2008 16:30 91830]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [10/04/2009 12:33 28224]
S3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [7/11/2007 20:42 812544]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [24/05/2008 16:01 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [24/05/2008 16:02 79136]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.club-vaio.com
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\users\Matthieu\AppData\Roaming\Mozilla\Firefox\Profiles\3jp21u1r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 21:20
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-05-08 21:21
ComboFix-quarantined-files.txt 2009-05-08 19:21
ComboFix2.txt 2009-05-08 10:27
ComboFix3.txt 2009-05-07 19:17

Avant-CF: 31.505.498.112 octets libres
Après-CF: 31.397.584.896 octets libres

223 --- E O F --- 2009-04-28 07:28