[Résolu]Virus TR/Vundo.Gen (t-com, kernel, multimedia, antivir)

Philtidus

17 Mai 2009 08:23:13

Bonjour à tous!
Voilà, je vous explique vite le problème, même si on s'en fout pas mal de ma vie: parti 15 jours de chez moi, en rentrant je retrouve le PC familial dans un état lamentable, ralentissements pas possible et compagnie...apparement mes parents n'auraient pas renouvelé l'anti-virus ou je n'sais quoi.
Donc, ayant un PC portable, j'ai téléchargé l'executable d'Avira, pour le mettre sur le PC de bureau à l'aide d'une clé USB. Et là, Avira à peine installé qu'il m'affiche 3 fenêtres d'alertes, et dès que je fais quelque chose ils me les réaffichent. De plus, ceci apparaît également à l'écran tout les 2 clics:

Evidement, j'annule à chaque fois, mais comme dit la fenêtre revient toujours.
Alors, merci d'avance aux personnes qui se pencheront sur mon cas

Autres pages sur : resolu virus vundo gen

| Etre averti des réponses
| Alerter

Répondre à Philtidus

Destrio5

17 Mai 2009 13:28:03

Bonjour,

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

| Alerter

Répondre à Destrio5

Philtidus

17 Mai 2009 13:41:22

Voilà log.txt:

Citation :

Logfile of random's system information tool 1.06 (written by random/random)
Run by speisser thierry at 2009-05-17 15:32:42
WIN_XP Service Pack 2
System drive C: has 73 GB (26%) free of 279 GB
Total RAM: 1023 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:48, on 17/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\msnmsgrss.exe
C:\WINDOWS\system\service2k.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\speisser thierry\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\speisser thierry.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {a3cf0cd8-bcc6-42f2-bb8b-c70793907364} - C:\WINDOWS\system32\ruwiraje.dll (file missing)
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows UDP Control Center] msnmsgrss.exe
O4 - HKLM\..\Run: [moyeyibidi] Rundll32.exe "C:\WINDOWS\system32\kagavuva.dll",s
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system\service2k.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [CPM87405b7d] Rundll32.exe "c:\windows\system32\haditapo.dll",a
O4 - HKLM\..\Run: [847368e1] rundll32.exe "C:\WINDOWS\system32\gidogudi.dll",b
O4 - HKCU\..\Run: [xrt_Shell] C:\Documents and Settings\speisser thierry\xrt_oxat.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1143313878-1128349487-3228875740-1006\..\Run: [xrt_Shell] C:\Documents and Settings\speisser thierry\xrt_oxat.exe (User '?')
O4 - HKUS\S-1-5-21-1143313878-1128349487-3228875740-1006\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\grooooooosse grosse merde MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\grooooooosse grosse merde MP3 Player Utilities 4.09\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\kakekuze.dll c:\windows\system32\jiweyiyi.dll c:\windows\system32\haditapo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\haditapo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\haditapo.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 11643 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
ContextHelper - C:\Program Files\ContextTool\ContextTool-2.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-07-30 1404928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3cf0cd8-bcc6-42f2-bb8b-c70793907364}]
C:\WINDOWS\system32\ruwiraje.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpySpotter System Defender"=C:\Program Files\SpySpotter3\Defender.exe -startup []
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"Windows UDP Control Center"=C:\WINDOWS\msnmsgrss.exe [2009-05-11 42546]
"moyeyibidi"=C:\WINDOWS\system32\kagavuva.dll,s []
"Services"=C:\WINDOWS\system\service2k.exe [2009-05-14 62514]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"CPM87405b7d"=c:\windows\system32\haditapo.dll [2009-05-17 87552]
"847368e1"=C:\WINDOWS\system32\gidogudi.dll [2009-05-17 78848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"xrt_Shell"=C:\Documents and Settings\speisser thierry\xrt_oxat.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Steam"=C:\Program Files\Steam\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
C:\Program Files\CA\Etrust Antivirus\Register.exe [2005-01-06 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2004-09-17 443904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATOPUSB]
ATOPUSB.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
C:\WINDOWS\system32\carpserv.exe [2003-03-19 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\mHotkey.exe [2003-07-29 526848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [2007-11-06 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe [2006-09-14 5001216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
C:\WINDOWS\CNYHKey.exe [2004-03-03 5576704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe [2003-04-04 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-12-09 1937408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe [2004-12-07 84480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\CyberLink\PowerCinema\PCMService.exe [2005-01-19 110744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-01-19 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2004-06-26 504080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-01-19 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDll]
C:\WINDOWS\system32\rundll.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcdplayx]
C:\WINDOWS\vcdplayx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
C:\Program Files\Micro Application\VirtualDrive\VDTask.exe /AutoRestore []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
C:\WINDOWS\system32\winsys2.exe [2006-04-29 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
C:\PROGRA~1\AOL9~1.0\aoltray.exe [2004-04-14 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [2004-09-24 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
C:\PROGRA~1\CASIO\PHOTOL~1\Plauto.exe [2002-08-22 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^speisser thierry^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.2.lnk]
C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE [2007-02-02 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^speisser thierry^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
C:\Program Files\Xfire\Xfire.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\kakekuze.dll c:\windows\system32\jiweyiyi.dll c:\windows\system32\haditapo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\haditapo.dll [2009-05-17 87552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\haditapo.dll [2009-05-17 87552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\kakekuze.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=FF000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe"="C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled

owerCinema"
"C:\Program Files\CA\Etrust Antivirus\Realmon.exe"="C:\Program Files\CA\Etrust Antivirus\Realmon.exe:*

isabled:Realmon"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled

artage de l'application RTC"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\eDonkey2000\edonkey2000.exe"="C:\Program Files\eDonkey2000\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*

isabled:Microsoft DirectPlay Helper"
"C:\Program Files\MSN Gaming Zone\zclient.exe"="C:\Program Files\MSN Gaming Zone\zclient.exe:*

isabled:Zone Datafile"
"C:\Program Files\The All-Seeing Eye\eye.exe"="C:\Program Files\The All-Seeing Eye\eye.exe:*

isabled:Yahoo! All-Seeing Eye"
"C:\Documents and Settings\speisser thierry\Bureau\edonkey2000.exe"="C:\Documents and Settings\speisser thierry\Bureau\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa Media Desktop"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*

isabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*

isabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*

isabled:AOL 9.0"
"C:\Program Files\Cyanide\Cycling Manager 2\DataCM2\CyclingManager.exe"="C:\Program Files\Cyanide\Cycling Manager 2\DataCM2\CyclingManager.exe:*

isabled:CyclingManager"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\speisser thierry\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\DofusUpdater\DofusUpdater.exe"="C:\Documents and Settings\speisser thierry\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\DofusUpdater\DofusUpdater.exe:*

isabled:Installation de Dofus"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*

isabled:Windows® NetMeeting®"
"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*

isabled:WinMX Application"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*

isabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*

isabled:Yahoo! Messenger"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe"="C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Metin2_France\metin2.bin"="C:\Program Files\Metin2_France\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Cyanide\Cycling Manager 4\Cym2004.exe"="C:\Program Files\Cyanide\Cycling Manager 4\Cym2004.exe:*:Enabled:Cycling Manager 4"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Program Files\ChickenInvadersROTYdemo\CI3demo.exe"="C:\Program Files\ChickenInvadersROTYdemo\CI3demo.exe:*:Enabled:Chicken Invaders ROTY"
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"C:\WINDOWS\system\service2k.exe"="C:\WINDOWS\system\service2k.exe:*:Enabled:Microsoft Enabled"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04a33f14-fc24-11dd-99b7-000fea7e6ebb}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76eb4fd1-9927-11db-9088-000fea7e6ebb}]
shell\AutoRun\command - G:\aoesetup.exe /autorun
shell\directx\command - G:\DirectX\dxsetup.exe
shell\dplay\command - G:\DirectX\dplay61a.exe
shell\dxdiag\command - G:\goodies\ar40fra.exe
shell\dxinfo\command - G:\goodies\DirectX\dxinfo.exe
shell\dxtest\command - G:\DirectX\dxdiag.exe
shell\dxtool\command - G:\goodies\DirectX\dxtool.exe
shell\log\command - G:\goodies\machine\machine.exe -l
shell\machine\command - G:\goodies\machine\machine.exe
shell\setup\command - G:\aoesetup.exe /autorun
shell\zone\command - G:\goodies\mszone\zonea600.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf9ec1c1-6a2f-11d9-92be-806d6172696f}]
shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd298b56-26c5-11de-9a68-000fea7e6ebb}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd298b58-26c5-11de-9a68-000fea7e6ebb}]
shell\AutoRun\command - E:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2009-05-17 15:32:42 ----D---- C:\rsit
2009-05-17 09:27:13 ----SH---- C:\WINDOWS\system32\idugodig.ini
2009-05-16 23:12:41 ----D---- C:\Program Files\Avira
2009-05-16 23:12:41 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-05-16 18:16:20 ----SH---- C:\WINDOWS\system32\epepatob.ini
2009-05-15 08:12:20 ----SH---- C:\WINDOWS\system32\afogopey.ini
2009-05-14 12:36:17 ----SH---- C:\WINDOWS\system32\awovetas.ini
2009-05-13 22:58:19 ----A---- C:\GetPaths.vbs
2009-05-13 22:15:03 ----SH---- C:\WINDOWS\system32\irevipos.ini
2009-05-13 17:16:53 ----SHD---- C:\WINDOWS\system32\twain32
2009-05-13 17:16:47 ----A---- C:\podum.exe
2009-05-13 10:19:01 ----A---- C:\sfidex.exe
2009-05-13 10:17:13 ----SH---- C:\WINDOWS\system32\ezikivut.ini
2009-05-13 10:17:02 ----ASH---- C:\WINDOWS\system32\tuvikize.dll
2009-05-13 10:16:42 ----ASH---- C:\WINDOWS\system32\vogekomu.dll
2009-05-13 10:16:42 ----ASH---- C:\WINDOWS\system32\jojekuya.exe
2009-05-13 10:07:55 ----A---- C:\sfide.exe
2009-05-11 20:15:35 ----RSH---- C:\WINDOWS\msnmsgrss.exe
2009-04-29 23:20:20 ----D---- C:\Program Files\Bullfrog
2009-04-22 18:07:25 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-04-22 17:56:46 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-04-22 17:56:45 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-04-22 17:56:45 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-04-22 17:56:45 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-04-22 17:56:44 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-04-21 15:56:25 ----D---- C:\Documents and Settings\speisser thierry\Application Data\vlc
2009-04-20 02:11:40 ----D---- C:\Documents and Settings\speisser thierry\Application Data\Xfire

======List of files/folders modified in the last 1 months======

2009-05-17 10:37:42 ----D---- C:\WINDOWS\Prefetch
2009-05-17 09:48:29 ----AD---- C:\WINDOWS\system32
2009-05-17 09:41:19 ----AD---- C:\WINDOWS\Temp
2009-05-17 09:31:11 ----D---- C:\Program Files\Mozilla Firefox
2009-05-17 09:26:59 ----ASH---- C:\WINDOWS\system32\horozugi.exe
2009-05-17 09:26:58 ----ASH---- C:\WINDOWS\system32\haditapo.dll
2009-05-17 09:26:58 ----ASH---- C:\WINDOWS\system32\gidogudi.dll
2009-05-17 09:14:06 ----SD---- C:\WINDOWS\Tasks
2009-05-17 09:11:24 ----D---- C:\WINDOWS
2009-05-17 09:10:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-17 00:11:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-16 23:12:50 ----D---- C:\WINDOWS\system32\drivers
2009-05-16 23:12:49 ----HD---- C:\WINDOWS\inf
2009-05-16 23:12:41 ----RAD---- C:\Program Files
2009-05-16 23:11:09 ----SHD---- C:\WINDOWS\Installer
2009-05-16 23:11:09 ----SHD---- C:\Config.Msi
2009-05-16 23:11:09 ----D---- C:\WINDOWS\WinSxS
2009-05-16 22:03:25 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-15 08:12:15 ----ASH---- C:\WINDOWS\system32\kakinahu.dll
2009-05-14 19:20:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-14 16:51:36 ----D---- C:\WINDOWS\system
2009-05-14 12:36:41 ----ASH---- C:\WINDOWS\system32\melunule.dll
2009-05-14 12:36:12 ----ASH---- C:\WINDOWS\system32\bowafefi.dll
2009-05-13 22:45:12 ----D---- C:\Documents and Settings\speisser thierry\Application Data\uTorrent
2009-05-13 22:31:56 ----D---- C:\Program Files\Internet Explorer
2009-05-13 22:13:16 ----ASH---- C:\WINDOWS\system32\ledamine.dll
2009-05-13 19:01:20 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-05-13 15:59:47 ----D---- C:\Documents and Settings\speisser thierry\Application Data\LimeWire
2009-05-12 17:34:57 ----D---- C:\Documents and Settings\speisser thierry\Application Data\Skype
2009-05-10 11:56:23 ----D---- C:\Documents and Settings\speisser thierry\Application Data\OpenOffice.org2
2009-05-09 19:15:34 ----D---- C:\Program Files\Windows Live Safety Center
2009-05-07 23:08:39 ----ASH---- C:\boot.ini
2009-05-07 23:08:39 ----A---- C:\WINDOWS\win.ini
2009-05-07 23:08:39 ----A---- C:\WINDOWS\system.ini
2009-05-01 10:36:56 ----D---- C:\Program Files\eMule
2009-04-30 10:30:22 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2009-04-22 17:56:47 ----D---- C:\WINDOWS\system32\DirectX
2009-04-22 17:56:30 ----RSD---- C:\WINDOWS\assembly
2009-04-22 01:37:01 ----D---- C:\Documents and Settings\speisser thierry\Application Data\dvdcss
2009-04-20 06:34:18 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-01-19 8552]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-26 271360]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-26 18048]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-03-19 11044]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-05 88448]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-05 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-05 55936]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2003-03-19 22400]
R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 945152]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2004-09-16 18048]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-06-09 3968]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-03-19 1107072]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-03-19 177024]
R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader; C:\WINDOWS\System32\Drivers\IMT0521.sys [2003-07-11 34825]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-03-19 622592]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-05 17024]
S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-05 38016]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-05 100992]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-05 274944]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-05 18944]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-05 15360]
S3 MSICPL;MSICPL; \??\F:\install4\MSICPL.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-05 10880]
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys []
S3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-09-25 174530]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 QV2KUX;Appareil photo numérique Casio; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-05 59648]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 63608]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-05 11136]
S3 SNDP202;Dual Mode Camera (8008 VGA); C:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-01-16 245120]
S3 SQTECH905C;DaulCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2004-12-08 32123]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-05 15360]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-08-03 237568]
S4 cdawdm;CDAWDM; C:\WINDOWS\system32\DRIVERS\CDAWDM.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-05 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:\WINDOWS\system32\drivers\papycpu2.sys [2001-02-13 2016]
R01000000 papyjoy;papyjoy; C:\WINDOWS\system32\drivers\papyjoy.sys [2001-02-13 1888]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-01-19 172153]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-01-19 110711]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-01-19 24576]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 InoRPC;eTrust Antivirus RPC Server; C:\Program Files\CA\eTrust Antivirus\InoRpc.exe [2004-06-26 139536]
R2 InoRT;eTrust Antivirus Realtime Server; C:\Program Files\CA\eTrust Antivirus\InoRT.exe [2004-06-26 241936]
R2 InoTask;eTrust Antivirus Job Server; C:\Program Files\CA\eTrust Antivirus\InoTask.exe [2004-06-26 254224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-05 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-13 189072]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-06 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

| Alerter

Répondre à Philtidus

Philtidus

17 Mai 2009 13:44:37

Et info.txt:

Citation :

info.txt logfile of random's system information tool 1.06 2009-05-17 15:32:50

======Uninstall list======

--> -c"C:\Program Files\Ulead Systems\Ulead COOL 360\IS32Inst.dll"
-->"C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x040c
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
-->C:\WINDOWS\UNSIPPS.exe /UNINSTALL
-->MsiExec /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
-->MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBBB5EED-CC92-49F2-A276-D5433F39D1EB}\Setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.60 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v6.10.25-->MsiExec.exe /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AOL (France)-->C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
AOL Coach Version 1.0(Build:20040229.1 fr)-->"C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x40c
ArcSoft PhotoBase 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x40c -uninst
ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}\Setup.exe" -l0x40c
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}\setup.exe" -l0x40c -uninst
ArcSoft PhotoStudio 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x40c -uninst
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
Atlantis 2-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Cryo Interactive Entertainment\Atlantis II\Uninst.isu"
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Black Thorn-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Rogue Spear Black Thorn\BTUninst.isu"
CA eTrust Antivirus-->MsiExec.exe /X{6A120E99-3123-4CB2-9A02-D24784F4BC8C}
Call of Duty(R) 4 - Modern Warfare(TM) Demo-->C:\Program Files\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe -runfromtemp -l0x0409
Camgoo TwoPlay-->"C:\Program Files\Camgoo TwoPlay\unins000.exe"
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP610 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series /L0x000c
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CanoScan LiDE20,30 Manual-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}\setup.exe" -l0x40c
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CHIPDRIVE SIM Manager Pro v3.3-->"C:\Program Files\SIM Manager Pro\unins000.exe"
Click'N Design 3D for AfterBurner(tm) (V5)-->C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{17E57E89-DDB3-4f76-9AF1-A8E01CC633E4}
Conflict Desert Storm II-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08F0DDCB-05C1-4A0E-B9E7-9EE077A2EDAD}\setup.exe" -l0x40c
Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
Creative ZEN-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x40c /remove
Crysis(R) SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
Desert Storm-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FB2CE8C-E86C-4368-B3C9-F472898F926E}\setup.exe" -l0x40c
Deus Ex-->C:\DeusEx\System\Setup.exe uninstall "Deus Ex"
DiRT-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}\setup.exe" -l0x40c -removeonly
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Codec-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log
Drome Racers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}\Setup.exe" -l0x40c
Dual Mode Camera (8008 VGA)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E85397AD-D60E-4141-82E6-FAA312A09271}\Setup.exe" -l0x9
Easy CD-DA Extractor 6-->C:\WINDOWS\iun6002.exe "C:\Program Files\Easy CD-DA Extractor 6\irunin.ini"
Ecran de veille AOL Photos-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Encyclopédie Microsoft Encarta 2005-->MsiExec.exe /I{05460044-64A6-4248-A026-9745C1E9E159}
Enregistrement utilisateur de Canon MP610 series-->C:\Program Files\Canon\IJEREG\MP610 series\UNINST.EXE
eTrust Registration-->MsiExec.exe /X{6BFF4534-7608-41F0-85F7-31A0569D8960}
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Far Cry-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l1036
FM-56PCI-HSFi-AB-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F02&SUBSYS_000B1767
Free Notes & Office Ink-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{556F2137-B772-43BB-9A45-E0275234DD16}\Setup.exe"
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
In Memoriam Le Dernier Rituel-->C:\Ubi Soft\dernierrituel\Desinst.exe
In Memoriam-->C:\Ubi Soft\In Memoriam\Desinst.exe
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Jets n Guns-->"C:\Program Files\Gamenext\Jets n Guns\Uninstall.exe" "C:\Program Files\Gamenext\Jets n Guns\install.log"
La nuit des sacrifies-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}\setup.exe" -l0x40c -removeonly
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Maxi Billard 3D-->C:\WINDOWS\unvise32.exe C:\Program Files\Micro Application\Maxi Billard 3D\uninstal.log
Mercenaries 2: World in Flames™ (DEMO)-->MsiExec.exe /X{8D07389B-2C9D-4B9B-BC6A-85BAD8A848A6}
Messager Wanadoo-->C:\PROGRA~1\MESSAG~1\Uninstall.exe
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Micro Application - Etiquettes CD-DVD Edition Spéciale-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9436EEEA-3289-4850-905D-FC86B0D23213}\SETUP.EXE" -l0x40c
Micro Application - PrintPratic 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B056DB05-BF39-49A0-AAB8-C8FA49D9660C}\Setup.exe" -l0x40c
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Age of Empires II : The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft AutoRoute 2005-->MsiExec.exe /I{67E4EE98-59F4-4220-89A6-A20AF5BEC689}
Microsoft Combat Flight Simulator-->"C:\Program Files\Microsoft Games\Combat Flight Simulator\DESINST.EXE" /runtemp
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo Trial-->"C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Halo-->"C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft Photo Premium 10-->"C:\Program Files\Fichiers communs\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mindscape Sudoku Illimité-->"C:\Program Files\Mindscape\Sudoku Illimité\Uninstall.exe" "C:\Program Files\Mindscape\Sudoku Illimité\install.log" -u
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
MOTIX-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\denouvel\Motix\UnInst.log" "/APPNAME=MOTIX"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 4.09-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MP3 Player Utilities-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MP3 Player-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06604771-5346-492A-93C1-486B6CCD10AD}\setup.exe" -l0x40c
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MultiMedia France Toolbar-->C:\PROGRA~1\MULTIM~1\UNWISE.EXE C:\PROGRA~1\MULTIM~1\INSTALL.LOG
NASCAR® Racing 4-->C:\WINDOWS\IsUninst.exe -f"C:\Papyrus\NASCAR Racing 4\Uninst.isu"
Navilog1 3.4.3-->"C:\Program Files\Navilog1\unins000.exe"
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Nikon FotoShare-->C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nikon Message Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 2.2-->MsiExec.exe /I{7FD7F10E-0666-4C9F-A0A8-422EA5E31C4C}
Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
Paint.NET v3.08-->MsiExec.exe /X{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}
Philips Digital Audio Player-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BB66126-E1B5-4DF4-8320-CAC6F8009CFA}\Setup.exe" -l0x40c
Photo Loader 2.1F-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\setup.exe" -uninst
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
Photohands 1.0F-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{544FB392-069D-4BA5-9DC7-FFD47230AEE5}\setup.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PictureProject-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x40c UNINSTALL
Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Pinnacle TRex-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9313E9A6-03DF-11D5-88F8-005004361016}\Setup.exe" -l0x40c UNINSTALL
PIXMA Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
PlayMP3z-->C:\Program Files\PlayMP3z\uninstall.exe
Power Presenter RE II-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Power Presenter RE\Uninst.isu"
PowerCinema 4.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake 3 Arena Demo-->C:\WINDOWS\unvise32.exe c:\Q3Ademo\uninstal.log
Quake Live Mozilla Plugin-->MsiExec.exe /I{0B533F34-22BA-4301-BAF8-EA1CEDB06F9E}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
R.C. Cars-->MsiExec.exe /X{FDACD776-2B0F-427F-95BD-FAF664D75308}
RealPlayer Basic-->C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x40c
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Sélecteur d'installation de Microsoft Works 2005-->C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP e:\
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SigmaTel MSCN Audio Player-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}\setup.exe" -l0x40c -remove
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Card Reader Driver Installation-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9BAA0FD-3D69-43C2-B587-B153E402EFA3}\SETUP.EXE" -l0x9
SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SpeedSim-->C:\Program Files\SpeedSim\uninst.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Studio 9.3 Patch-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x40c UNINSTALL
Studio 9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x40c UNINSTALL
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Theme Park World-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Bullfrog\Theme Park World\Uninst.isu" -c"C:\Program Files\Bullfrog\Theme Park World\uninst.dll" -BFLANG=1036
Thief - Deadly Shadows-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC123EEA-330A-4685-911C-95B8F5E9DE68}\Setup.exe" -l0x40c
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Toca2-->C:\WINDOWS\IsUn040c.exe -fC:\Codemasters\Toca2\Uninst.isu
TrackMania Sunrise Extreme 1.5.0-->"C:\Program Files\TrackMania Sunrise\unins000.exe"
Ulead COOL 360 1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}\setup.exe" -l0x40c -uninst
Ulead Photo Explorer 8.0 SE Basic-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\setup.exe" -l0x40c
USB CASIO Digital Camera Device Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0FE6C844-4243-4F5B-BC5B-E8B4C3450946}\setup.exe" -uninst
USB Wireless Keyboard Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6054F774-FEF0-46C6-9311-EC97FC576FC5}\SETUP.EXE" -l0x40c
VGA USB Camera-->C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
ZENcast Organizer-->"C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x040c

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"AVENGINE"=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
"INOCULAN"=C:\PROGRA~1\CA\ETRUST~1

-----------------EOF-----------------

| Alerter

Répondre à Philtidus

Destrio5

17 Mai 2009 14:07:45

Il est bien infecté le PC.

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Il va te demander d'installer la console de récupération : accepte.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

| Alerter

Répondre à Destrio5

Philtidus

17 Mai 2009 16:12:00

Citation :

ComboFix 09-05-16.05 - speisser thierry 17/05/2009 17:43.1 - NTFSx86
Lancé depuis: c:\documents and settings\speisser thierry\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\windows\system32\kakekuze.dll
c:\windows\system32\haditapo.dll

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\PlayMP3z
c:\program files\PlayMP3z\uninstall.exe
c:\windows\dialerexe.ini
c:\windows\msnmsgrss.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\afogopey.ini
c:\windows\system32\awovetas.ini
c:\windows\system32\bowafefi.dll
c:\windows\system32\epepatob.ini
c:\windows\system32\ezikivut.ini
c:\windows\system32\gidogudi.dll
c:\windows\system32\horozugi.exe
c:\windows\system32\idugodig.ini
c:\windows\system32\irevipos.ini
c:\windows\system32\kakinahu.dll
c:\windows\system32\ledamine.dll
c:\windows\system32\melunule.dll
c:\windows\system32\rnaph.dll
c:\windows\system32\tuvikize.dll
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twain32\user.ds.lll
c:\windows\system32\twex.exe
c:\windows\system32\vafubamu.dll
c:\windows\system32\vogekomu.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-17 au 2009-05-17 ))))))))))))))))))))))))))))))))))))
.

2009-05-17 13:32 . 2009-05-17 13:32 -------- d-----w C:\rsit
2009-05-16 21:12 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-16 21:12 . 2009-05-16 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-16 21:12 . 2009-05-16 21:12 -------- d-----w c:\program files\Avira
2009-05-14 14:51 . 2009-05-14 14:51 62514 --sh--r c:\windows\system\service2k.exe
2009-05-13 20:58 . 2009-05-13 20:58 4410 ----a-w C:\GetPaths.vbs
2009-05-13 15:16 . 2009-05-14 07:03 120836 ----a-w C:\podum.exe
2009-05-13 08:19 . 2009-05-13 08:29 108544 ----a-w C:\sfidex.exe
2009-05-13 08:16 . 2009-05-13 08:16 51712 --sha-w c:\windows\system32\jojekuya.exe
2009-05-13 08:07 . 2009-05-14 22:01 108544 ----a-w C:\sfide.exe
2009-04-29 21:20 . 2009-04-29 21:20 -------- d-----w c:\program files\Bullfrog
2009-04-22 16:07 . 2009-04-22 16:07 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-22 15:56 . 2007-10-22 01:39 267272 ----a-w c:\windows\system32\xactengine2_10.dll
2009-04-22 15:56 . 2007-10-02 07:56 444776 ----a-w c:\windows\system32\d3dx10_36.dll
2009-04-22 15:56 . 2007-10-12 13:14 1374232 ----a-w c:\windows\system32\D3DCompiler_36.dll
2009-04-22 15:56 . 2007-10-12 13:14 3734536 ----a-w c:\windows\system32\d3dx9_36.dll
2009-04-22 15:56 . 2007-07-19 22:57 267112 ----a-w c:\windows\system32\xactengine2_9.dll
2009-04-21 13:56 . 2009-04-21 13:56 -------- d-----w c:\documents and settings\speisser thierry\Application Data\vlc
2009-04-20 06:26 . 2009-04-20 06:26 -------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
2009-04-20 04:34 . 2009-04-20 04:34 -------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2009-04-20 00:11 . 2009-04-20 17:41 -------- d-----w c:\documents and settings\speisser thierry\Application Data\Xfire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 07:26 . 2009-02-17 07:26 87552 ----a-w c:\windows\system32\haditapo.dll.vir
2009-05-14 14:37 . 2008-07-25 18:31 29079 ----a-w c:\documents and settings\speisser thierry\xrt_log.dat
2009-05-13 17:01 . 2008-12-31 21:35 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-13 16:08 . 2008-12-31 21:35 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-09 17:15 . 2007-05-23 19:29 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-01 08:36 . 2006-09-17 13:38 -------- d-----w c:\program files\eMule
2009-04-20 04:34 . 2005-01-19 15:10 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 23:24 . 2009-04-10 23:24 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-03-22 02:00 . 2009-03-22 01:39 -------- d-----w c:\program files\AssaultCube_v1.0
2009-03-22 01:40 . 2009-03-22 01:39 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-22 01:40 . 2009-03-22 01:39 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-22 01:39 . 2009-03-22 01:39 -------- d-----w c:\program files\OpenAL
2009-03-05 13:19 . 2008-12-31 17:57 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-05 01:30 . 2009-03-05 01:27 22328 ----a-w c:\documents and settings\speisser thierry\Application Data\PnkBstrK.sys
2009-03-05 01:29 . 2009-03-05 01:27 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-03-01 08:27 . 2005-06-02 20:30 109024 ----a-w c:\documents and settings\speisser thierry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-09-21 07:54 . 2007-09-21 07:54 3380048 ----a-w c:\program files\LimeWireWin.exe
2007-02-28 22:34 . 2007-02-28 22:34 54021624 ----a-w c:\program files\Paint.exe
2006-04-30 21:58 . 2006-04-30 21:58 774144 ----a-w c:\program files\RngInterstitial.dll
2005-06-04 13:13 . 2005-06-04 13:13 7412936 ----a-w c:\program files\INSTALL_MSN_MESSENGER_DL.EXE
2003-01-13 09:55 . 2005-01-19 20:06 282624 ----a-w c:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 15:00 . 2005-01-19 20:06 98304 ----a-w c:\program files\internet explorer\plugins\UPjpeg.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\haditapo.dll,c:\windows\system32\kakekuze.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Supervision de Photo Loader.lnk
backup=c:\windows\pss\Supervision de Photo Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^speisser thierry^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\speisser thierry\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^speisser thierry^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=c:\documents and settings\speisser thierry\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CA\\Etrust Antivirus\\Realmon.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\speisser thierry\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\DofusUpdater\\DofusUpdater.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\WINDOWS\\system\\service2k.exe"=

R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2004-10-06 945152]
R3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33X2K.sys [2003-12-03 63608]
R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
R3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
R3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
R3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
R3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
R3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
R3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
R3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [x]
R3 SNDP202;Dual Mode Camera (8008 VGA);c:\windows\system32\DRIVERS\sndp202.sys [2003-01-16 245120]
R4 cdawdm;cdawdm;c:\windows\system32\DRIVERS\CDAWDM.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;c:\windows\system32\Drivers\IMT0521.sys [2003-07-11 34825]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - AFD
*Deregistered* - AntiVirSchedulerService
*Deregistered* - AntiVirService
*Deregistered* - ASCTRM
*Deregistered* - atksgt
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVG Anti-Spyware Driver
*Deregistered* - AVG Anti-Spyware Guard
*Deregistered* - AvgAsCln
*Deregistered* - avgio
*Deregistered* - avgntflt
*Deregistered* - avipbb
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - BthServ
*Deregistered* - Cdfs
*Deregistered* - CLCapSvc
*Deregistered* - CLSched
*Deregistered* - Creative Service for CDROM Access
*Deregistered* - CryptSvc
*Deregistered* - CyberLink Media Library Service
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ElbyCDIO
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - FTRTSVC
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - IJPLMSVC
*Deregistered* - ImapiService
*Deregistered* - INO_FLPY
*Deregistered* - INO_FLTR
*Deregistered* - InoRPC
*Deregistered* - InoRT
*Deregistered* - InoTask
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - Kbdclass
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - lirsgt
*Deregistered* - LmHosts
*Deregistered* - mdmxsdk
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - NwlnkIpx
*Deregistered* - NwlnkNb
*Deregistered* - NwlnkSpx
*Deregistered* - PCLEPCI
*Deregistered* - PnkBstrA
*Deregistered* - PnkBstrB
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - PQNTDrv
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCardSvr
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfdrv01
*Deregistered* - sfhlp02
*Deregistered* - sfsync02
*Deregistered* - sfvfs02
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - ssmdrv
*Deregistered* - stisvc
*Deregistered* - StreamDispatcher
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - upnphost
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - WinDefend
*Deregistered* - WMPNetworkSvc
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
.
Contenu du dossier 'Tâches planifiées'

2009-05-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{a3cf0cd8-bcc6-42f2-bb8b-c70793907364} - c:\windows\system32\ruwiraje.dll
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
HKLM-Run-SpySpotter System Defender - c:\program files\SpySpotter3\Defender.exe
HKLM-Run-moyeyibidi - c:\windows\system32\kagavuva.dll
HKLM-Run-CPM87405b7d - c:\windows\system32\haditapo.dll

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.orange.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to AMV Converter... - c:\program files\grooooooosse grosse merde MP3 Player Utilities 4.09\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: MediaManager tool grab multimedia file - c:\program files\grooooooosse grosse merde MP3 Player Utilities 4.09\MediaManager\grab.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
FF - ProfilePath - c:\documents and settings\speisser thierry\Application Data\Mozilla\Firefox\Profiles\olyhi2xd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\speisser thierry\Application Data\Mozilla\Firefox\Profiles\olyhi2xd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- PARAMETRES FIREFOX ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 17:50
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,15,87,0a,0d,98,
f5,a8,a9,e2,63,26,f1,3f,c8,ff,68,10,83,ec,3b,17,35,66,21,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,87,44,e7,30,5d,
63,b0,ca,6a,9c,d6,61,af,45,84,18,2b,13,a9,ea,56,18,3e,a9,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,3b,62,5a,05,3a,
4b,c0,1b,ff,7c,85,e0,43,d4,0e,fe,56,fd,7a,34,47,32,09,01,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,a3,d3,10,95,26,
f9,fc,37,86,8c,21,01,be,91,eb,e7,eb,ad,aa,14,4d,b2,27,6a,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,23,4a,3e,70,62,
29,8a,b7,f5,1d,4d,73,a8,13,5c,05,d4,5f,61,b9,d6,16,f3,08,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,18,e9,ef,6d,9c,
9d,96,c9,df,20,58,62,78,6b,cf,c8,86,c6,71,76,c9,2c,95,bc,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,6a,c3,98,4e,f1,
4e,7f,ae,fb,a7,78,e6,12,2f,9a,ea,0f,f6,8e,c3,8b,86,82,dd,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,87,c3,4f,8b,6a,
80,c4,ce,01,3a,48,fc,e8,04,4a,f1,1a,da,d2,e4,7d,48,73,8e,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,ad,9b,c5,6f,4c,
6b,91,3e,f6,0f,4e,58,98,5b,89,c9,07,ac,3d,64,e6,b2,b3,53,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,b4,42,c6,99,8b,
1c,f9,3b,3d,ce,ea,26,2d,45,aa,78,68,3d,b4,34,96,a7,c8,ea,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,8f,b7,9c,67,bc,
36,74,34,2a,b7,cc,b5,b9,7f,41,e7,70,c7,19,44,c3,d8,ef,69,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,56,e0,11,76,e0,
a2,1d,57,6c,43,2d,1e,aa,22,2f,9c,9d,62,85,32,ca,bf,b4,2e,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(252)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\CA\Etrust Antivirus\InoRpc.exe
c:\program files\CA\Etrust Antivirus\InoRT.exe
c:\program files\CA\Etrust Antivirus\InoTask.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\progra~1\CA\SHARED~1\SCANEN~1\Inodist.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2009-05-17 17:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-17 15:53

Avant-CF: 76 445 675 520 octets libres
Après-CF: 80 787 238 912 octets libres

444 --- E O F --- 2007-12-12 22:32

| Alerter

Répondre à Philtidus

Destrio5

17 Mai 2009 16:22:27

/!\ Seul Philtidus peut suivre cette procédure /!\

Désactive toute protection résidente (Antivirus...) !

---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

KillAll::

File::
c:\windows\system\service2k.exe
C:\GetPaths.vbs
C:\podum.exe
C:\sfidex.exe
c:\windows\system32\jojekuya.exe
C:\sfide.exe
c:\windows\system32\haditapo.dll.vir

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes

- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.

---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

Cela va relancer Combofix : au message qui apparaît, accepte.

Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.

Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

| Alerter

Répondre à Destrio5

Philtidus

17 Mai 2009 16:45:26

Citation :

ComboFix 09-05-16.05 - speisser thierry 17/05/2009 18:33.2 - NTFSx86
Lancé depuis: c:\documents and settings\speisser thierry\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\speisser thierry\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\GetPaths.vbs
C:\podum.exe
C:\sfide.exe
C:\sfidex.exe
c:\windows\system\service2k.exe
c:\windows\system32\haditapo.dll.vir
c:\windows\system32\jojekuya.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\GetPaths.vbs
C:\podum.exe
C:\sfide.exe
C:\sfidex.exe
c:\windows\system\service2k.exe
c:\windows\system32\jojekuya.exe
c:\windows\system32\kakekuze.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-17 au 2009-05-17 ))))))))))))))))))))))))))))))))))))
.

2009-05-17 13:32 . 2009-05-17 13:32 -------- d-----w C:\rsit
2009-05-16 21:12 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-16 21:12 . 2009-05-16 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-16 21:12 . 2009-05-16 21:12 -------- d-----w c:\program files\Avira
2009-04-29 21:20 . 2009-04-29 21:20 -------- d-----w c:\program files\Bullfrog
2009-04-22 16:07 . 2009-04-22 16:07 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-22 15:56 . 2007-10-22 01:39 267272 ----a-w c:\windows\system32\xactengine2_10.dll
2009-04-22 15:56 . 2007-10-02 07:56 444776 ----a-w c:\windows\system32\d3dx10_36.dll
2009-04-22 15:56 . 2007-10-12 13:14 1374232 ----a-w c:\windows\system32\D3DCompiler_36.dll
2009-04-22 15:56 . 2007-10-12 13:14 3734536 ----a-w c:\windows\system32\d3dx9_36.dll
2009-04-22 15:56 . 2007-07-19 22:57 267112 ----a-w c:\windows\system32\xactengine2_9.dll
2009-04-21 13:56 . 2009-04-21 13:56 -------- d-----w c:\documents and settings\speisser thierry\Application Data\vlc
2009-04-20 06:26 . 2009-04-20 06:26 -------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
2009-04-20 04:34 . 2009-04-20 04:34 -------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2009-04-20 00:11 . 2009-04-20 17:41 -------- d-----w c:\documents and settings\speisser thierry\Application Data\Xfire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 14:37 . 2008-07-25 18:31 29079 ----a-w c:\documents and settings\speisser thierry\xrt_log.dat
2009-05-13 17:01 . 2008-12-31 21:35 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-13 16:08 . 2008-12-31 21:35 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-09 17:15 . 2007-05-23 19:29 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-01 08:36 . 2006-09-17 13:38 -------- d-----w c:\program files\eMule
2009-04-20 04:34 . 2005-01-19 15:10 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 23:24 . 2009-04-10 23:24 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-03-22 02:00 . 2009-03-22 01:39 -------- d-----w c:\program files\AssaultCube_v1.0
2009-03-22 01:40 . 2009-03-22 01:39 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-22 01:40 . 2009-03-22 01:39 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-22 01:39 . 2009-03-22 01:39 -------- d-----w c:\program files\OpenAL
2009-03-05 13:19 . 2008-12-31 17:57 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-05 01:30 . 2009-03-05 01:27 22328 ----a-w c:\documents and settings\speisser thierry\Application Data\PnkBstrK.sys
2009-03-05 01:29 . 2009-03-05 01:27 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-03-01 08:27 . 2005-06-02 20:30 109024 ----a-w c:\documents and settings\speisser thierry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-09-21 07:54 . 2007-09-21 07:54 3380048 ----a-w c:\program files\LimeWireWin.exe
2007-02-28 22:34 . 2007-02-28 22:34 54021624 ----a-w c:\program files\Paint.exe
2006-04-30 21:58 . 2006-04-30 21:58 774144 ----a-w c:\program files\RngInterstitial.dll
2005-06-04 13:13 . 2005-06-04 13:13 7412936 ----a-w c:\program files\INSTALL_MSN_MESSENGER_DL.EXE
2003-01-13 09:55 . 2005-01-19 20:06 282624 ----a-w c:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 15:00 . 2005-01-19 20:06 98304 ----a-w c:\program files\internet explorer\plugins\UPjpeg.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a3cf0cd8-bcc6-42f2-bb8b-c70793907364}]
c:\windows\system32\ruwiraje.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"moyeyibidi"="c:\windows\system32\kagavuva.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Supervision de Photo Loader.lnk
backup=c:\windows\pss\Supervision de Photo Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^speisser thierry^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\speisser thierry\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^speisser thierry^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=c:\documents and settings\speisser thierry\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CA\\Etrust Antivirus\\Realmon.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\speisser thierry\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\DofusUpdater\\DofusUpdater.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=

R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2004-10-06 945152]
R3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33X2K.sys [2003-12-03 63608]
R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
R3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
R3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
R3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
R3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
R3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
R3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
R3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [x]
R3 SNDP202;Dual Mode Camera (8008 VGA);c:\windows\system32\DRIVERS\sndp202.sys [2003-01-16 245120]
R4 cdawdm;cdawdm;c:\windows\system32\DRIVERS\CDAWDM.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;c:\windows\system32\Drivers\IMT0521.sys [2003-07-11 34825]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - AFD
*Deregistered* - AntiVirSchedulerService
*Deregistered* - AntiVirService
*Deregistered* - ASCTRM
*Deregistered* - atksgt
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVG Anti-Spyware Driver
*Deregistered* - AVG Anti-Spyware Guard
*Deregistered* - AvgAsCln
*Deregistered* - avgio
*Deregistered* - avgntflt
*Deregistered* - avipbb
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - BthServ
*Deregistered* - Cdfs
*Deregistered* - CLCapSvc
*Deregistered* - CLSched
*Deregistered* - Creative Service for CDROM Access
*Deregistered* - CryptSvc
*Deregistered* - CyberLink Media Library Service
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ElbyCDIO
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - FTRTSVC
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - IJPLMSVC
*Deregistered* - ImapiService
*Deregistered* - INO_FLPY
*Deregistered* - INO_FLTR
*Deregistered* - InoRPC
*Deregistered* - InoRT
*Deregistered* - InoTask
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - Kbdclass
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - lirsgt
*Deregistered* - LmHosts
*Deregistered* - mdmxsdk
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - NwlnkIpx
*Deregistered* - NwlnkNb
*Deregistered* - NwlnkSpx
*Deregistered* - PCLEPCI
*Deregistered* - PnkBstrA
*Deregistered* - PnkBstrB
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - PQNTDrv
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCardSvr
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfdrv01
*Deregistered* - sfhlp02
*Deregistered* - sfsync02
*Deregistered* - sfvfs02
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - ssmdrv
*Deregistered* - stisvc
*Deregistered* - StreamDispatcher
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - upnphost
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - WinDefend
*Deregistered* - WMPNetworkSvc
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
.
Contenu du dossier 'Tâches planifiées'

2009-05-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.orange.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to AMV Converter... - c:\program files\grooooooosse grosse merde MP3 Player Utilities 4.09\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: MediaManager tool grab multimedia file - c:\program files\grooooooosse grosse merde MP3 Player Utilities 4.09\MediaManager\grab.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
FF - ProfilePath - c:\documents and settings\speisser thierry\Application Data\Mozilla\Firefox\Profiles\olyhi2xd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\speisser thierry\Application Data\Mozilla\Firefox\Profiles\olyhi2xd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- PARAMETRES FIREFOX ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 18:38
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,15,87,0a,0d,98,
f5,a8,a9,e2,63,26,f1,3f,c8,ff,68,10,83,ec,3b,17,35,66,21,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,87,44,e7,30,5d,
63,b0,ca,6a,9c,d6,61,af,45,84,18,2b,13,a9,ea,56,18,3e,a9,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,3b,62,5a,05,3a,
4b,c0,1b,ff,7c,85,e0,43,d4,0e,fe,56,fd,7a,34,47,32,09,01,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,a3,d3,10,95,26,
f9,fc,37,86,8c,21,01,be,91,eb,e7,eb,ad,aa,14,4d,b2,27,6a,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,23,4a,3e,70,62,
29,8a,b7,f5,1d,4d,73,a8,13,5c,05,d4,5f,61,b9,d6,16,f3,08,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,18,e9,ef,6d,9c,
9d,96,c9,df,20,58,62,78,6b,cf,c8,86,c6,71,76,c9,2c,95,bc,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,6a,c3,98,4e,f1,
4e,7f,ae,fb,a7,78,e6,12,2f,9a,ea,0f,f6,8e,c3,8b,86,82,dd,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,87,c3,4f,8b,6a,
80,c4,ce,01,3a,48,fc,e8,04,4a,f1,1a,da,d2,e4,7d,48,73,8e,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,ad,9b,c5,6f,4c,
6b,91,3e,f6,0f,4e,58,98,5b,89,c9,07,ac,3d,64,e6,b2,b3,53,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,b4,42,c6,99,8b,
1c,f9,3b,3d,ce,ea,26,2d,45,aa,78,68,3d,b4,34,96,a7,c8,ea,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,8f,b7,9c,67,bc,
36,74,34,2a,b7,cc,b5,b9,7f,41,e7,70,c7,19,44,c3,d8,ef,69,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,56,e0,11,76,e0,
a2,1d,57,6c,43,2d,1e,aa,22,2f,9c,9d,62,85,32,ca,bf,b4,2e,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3936)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\CA\Etrust Antivirus\InoRpc.exe
c:\program files\CA\Etrust Antivirus\InoRT.exe
c:\program files\CA\Etrust Antivirus\InoTask.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\CA\SHARED~1\SCANEN~1\Inodist.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2009-05-17 18:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-17 16:41
ComboFix2.txt 2009-05-17 15:54

Avant-CF: 80 786 808 832 octets libres
Après-CF: 80 774 721 536 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

424 --- E O F --- 2007-12-12 22:32

| Alerter

Répondre à Philtidus

Destrio5

17 Mai 2009 16:55:28

Menu Démarrer > Exécuter > Tape combofix /u et valide.

Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.

Double-clique sur le fichier téléchargé pour lancer le processus d'installation.

Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.

Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.

Sélectionne Exécuter un examen rapide.

Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Ferme tes navigateurs.

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

| Alerter

Répondre à Destrio5

Philtidus

17 Mai 2009 17:11:03

Citation :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2145
Windows 5.1.2600 Service Pack 2

17/05/2009 19:07:51
mbam-log-2009-05-17 (19-07-51).txt

Type de recherche: Examen rapide
Eléments examinés: 81664
Temps écoulé: 5 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3cf0cd8-bcc6-42f2-bb8b-c70793907364} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3cf0cd8-bcc6-42f2-bb8b-c70793907364} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Adsl Software Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\moyeyibidi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_control_crc (Backdoor.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

| Alerter

Répondre à Philtidus

Destrio5

17 Mai 2009 17:18:40

Relance MBAM, va dans Quarantaine et supprime tout.

Désinstalle les programmes suivants :
- J2SE Runtime Environment 5.0 Update 10
- Java 6 Update 2

Mets à jour Java.

Mets à jour Adobe Reader.

Refais un scan RSIT et poste le rapport log.

| Alerter

Répondre à Destrio5

Philtidus

17 Mai 2009 17:51:20

Citation :

Logfile of random's system information tool 1.06 (written by random/random)
Run by speisser thierry at 2009-05-17 19:48:15
WIN_XP Service Pack 2
System drive C: has 77 GB (28%) free of 279 GB
Total RAM: 1023 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:21, on 17/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\speisser thierry\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\speisser thierry.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-1143313878-1128349487-3228875740-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1143313878-1128349487-3228875740-1006\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\grooooooosse grosse merde MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\grooooooosse grosse merde MP3 Player Utilities 4.09\MediaManager\grab.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10415 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-07-30 1404928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-17 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-17 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-17 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
C:\Program Files\CA\Etrust Antivirus\Register.exe [2005-01-06 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2004-09-17 443904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATOPUSB]
ATOPUSB.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
C:\WINDOWS\system32\carpserv.exe [2003-03-19 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\mHotkey.exe [2003-07-29 526848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [2007-11-06 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe [2006-09-14 5001216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
C:\WINDOWS\CNYHKey.exe [2004-03-03 5576704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe [2003-04-04 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-12-09 1937408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe [2004-12-07 84480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\CyberLink\PowerCinema\PCMService.exe [2005-01-19 110744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-01-19 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2004-06-26 504080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-01-19 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDll]
C:\WINDOWS\system32\rundll.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcdplayx]
C:\WINDOWS\vcdplayx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
C:\Program Files\Micro Application\VirtualDrive\VDTask.exe /AutoRestore []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
C:\WINDOWS\system32\winsys2.exe [2006-04-29 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
C:\PROGRA~1\AOL9~1.0\aoltray.exe [2004-04-14 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [2004-09-24 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
C:\PROGRA~1\CASIO\PHOTOL~1\Plauto.exe [2002-08-22 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^speisser thierry^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.2.lnk]
C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE [2007-02-02 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^speisser thierry^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
C:\Program Files\Xfire\Xfire.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe"="C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled

owerCinema"
"C:\Program Files\CA\Etrust Antivirus\Realmon.exe"="C:\Program Files\CA\Etrust Antivirus\Realmon.exe:*

isabled:Realmon"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled

artage de l'application RTC"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*

isabled:Microsoft DirectPlay Helper"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*

isabled:AOL 9.0"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\speisser thierry\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\DofusUpdater\DofusUpdater.exe"="C:\Documents and Settings\speisser thierry\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\DofusUpdater\DofusUpdater.exe:*

isabled:Installation de Dofus"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*

isabled:Windows® NetMeeting®"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe"="C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-05-17 19:45:25 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-17 19:39:54 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-17 19:39:54 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-17 19:39:54 ----A---- C:\WINDOWS\system32\java.exe
2009-05-17 19:39:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-17 19:39:36 ----D---- C:\Program Files\Java
2009-05-17 19:00:08 ----D---- C:\Documents and Settings\speisser thierry\Application Data\Malwarebytes
2009-05-17 19:00:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-17 19:00:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-17 18:41:40 ----D---- C:\WINDOWS\temp
2009-05-17 18:41:38 ----A---- C:\ComboFix.txt
2009-05-17 18:31:44 ----A---- C:\Boot.bak
2009-05-17 18:31:39 ----RASHD---- C:\cmdcons
2009-05-17 17:37:08 ----D---- C:\WINDOWS\ERDNT
2009-05-17 15:32:42 ----D---- C:\rsit
2009-05-16 23:12:41 ----D---- C:\Program Files\Avira
2009-05-16 23:12:41 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-04-29 23:20:20 ----D---- C:\Program Files\Bullfrog
2009-04-22 18:07:25 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-04-22 17:56:46 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-04-22 17:56:45 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-04-22 17:56:45 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-04-22 17:56:45 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-04-22 17:56:44 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-04-21 15:56:25 ----D---- C:\Documents and Settings\speisser thierry\Application Data\vlc
2009-04-20 02:11:40 ----D---- C:\Documents and Settings\speisser thierry\Application Data\Xfire

======List of files/folders modified in the last 1 months======

2009-05-17 19:47:06 ----SHD---- C:\WINDOWS\Installer
2009-05-17 19:47:00 ----SHD---- C:\Config.Msi
2009-05-17 19:46:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-17 19:45:42 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-05-17 19:45:01 ----D---- C:\Program Files\Adobe
2009-05-17 19:44:18 ----AD---- C:\WINDOWS\system32
2009-05-17 19:40:54 ----D---- C:\WINDOWS\Prefetch
2009-05-17 19:39:36 ----RAD---- C:\Program Files
2009-05-17 19:37:25 ----D---- C:\Program Files\Mozilla Firefox
2009-05-17 19:36:27 ----D---- C:\Program Files\Fichiers communs
2009-05-17 19:13:21 ----SD---- C:\WINDOWS\Tasks
2009-05-17 19:10:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-17 19:09:52 ----D---- C:\WINDOWS\system32\drivers
2009-05-17 19:09:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-17 18:59:06 ----D---- C:\WINDOWS
2009-05-17 18:38:03 ----A---- C:\WINDOWS\system.ini
2009-05-17 18:35:09 ----D---- C:\WINDOWS\system32\config
2009-05-17 18:34:19 ----D---- C:\WINDOWS\AppPatch
2009-05-17 18:33:32 ----D---- C:\WINDOWS\system
2009-05-17 18:31:44 ----RASH---- C:\boot.ini
2009-05-17 17:41:12 ----SHD---- C:\System Volume Information
2009-05-17 17:41:12 ----D---- C:\WINDOWS\system32\Restore
2009-05-16 23:12:49 ----HD---- C:\WINDOWS\inf
2009-05-16 23:11:09 ----D---- C:\WINDOWS\WinSxS
2009-05-16 22:03:25 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-13 22:45:12 ----D---- C:\Documents and Settings\speisser thierry\Application Data\uTorrent
2009-05-13 22:31:56 ----D---- C:\Program Files\Internet Explorer
2009-05-13 19:01:20 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-05-13 15:59:47 ----D---- C:\Documents and Settings\speisser thierry\Application Data\LimeWire
2009-05-12 17:34:57 ----D---- C:\Documents and Settings\speisser thierry\Application Data\Skype
2009-05-10 11:56:23 ----D---- C:\Documents and Settings\speisser thierry\Application Data\OpenOffice.org2
2009-05-09 19:15:34 ----D---- C:\Program Files\Windows Live Safety Center
2009-05-07 23:08:39 ----A---- C:\WINDOWS\win.ini
2009-05-01 10:36:56 ----D---- C:\Program Files\eMule
2009-04-30 10:30:22 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2009-04-22 17:56:47 ----D---- C:\WINDOWS\system32\DirectX
2009-04-22 17:56:30 ----RSD---- C:\WINDOWS\assembly
2009-04-22 01:37:01 ----D---- C:\Documents and Settings\speisser thierry\Application Data\dvdcss
2009-04-20 06:34:18 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-01-19 8552]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-26 271360]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-26 18048]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-03-19 11044]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-05 88448]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-05 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-05 55936]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2003-03-19 22400]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2004-09-16 18048]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-06-09 3968]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader; C:\WINDOWS\System32\Drivers\IMT0521.sys [2003-07-11 34825]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 945152]
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-05 17024]
S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-05 38016]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-05 100992]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-05 274944]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-05 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\SPEISS~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-03-19 1107072]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-03-19 177024]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-05 15360]
S3 MSICPL;MSICPL; \??\F:\install4\MSICPL.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-05 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys []
S3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-09-25 174530]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 QV2KUX;Appareil photo numérique Casio; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-05 59648]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 63608]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-05 11136]
S3 SNDP202;Dual Mode Camera (8008 VGA); C:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-01-16 245120]
S3 SQTECH905C;DaulCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2004-12-08 32123]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-05 15360]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-03-19 622592]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-08-03 237568]
S4 cdawdm;CDAWDM; C:\WINDOWS\system32\DRIVERS\CDAWDM.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:\WINDOWS\system32\drivers\papycpu2.sys [2001-02-13 2016]
R01000000 papyjoy;papyjoy; C:\WINDOWS\system32\drivers\papyjoy.sys [2001-02-13 1888]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-01-19 172153]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-01-19 110711]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-01-19 24576]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 InoRPC;eTrust Antivirus RPC Server; C:\Program Files\CA\eTrust Antivirus\InoRpc.exe [2004-06-26 139536]
R2 InoRT;eTrust Antivirus Realtime Server; C:\Program Files\CA\eTrust Antivirus\InoRT.exe [2004-06-26 241936]
R2 InoTask;eTrust Antivirus Job Server; C:\Program Files\CA\eTrust Antivirus\InoTask.exe [2004-06-26 254224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-17 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-05 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-13 189072]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-06 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

| Alerter

Répondre à Philtidus

Destrio5

17 Mai 2009 18:03:49

Tu as deux antivirus, il faut en retirer un.

| Alerter

Répondre à Destrio5

Philtidus

17 Mai 2009 18:57:43

J'ai donc installé Avira hier, l'autre doit être la version d'essai de l'antivirus fourni avec le PC (eTrust). Cependant, nous n'avons pas reconduit ce 2è antivirus, mais impossible de le supprimer complètement. Je désinstalle Avira? En sachant que je devrais de toute façon le réinstaller plus tard, n'ayant plus d'autre antivirus actif...

| Alerter

Répondre à Philtidus

Philtidus

17 Mai 2009 20:23:26

J'ai télécharger Windows Install Clean Up, et j'ai viré eTrust ainsi que eTrust Registration, mais je n'sais pas si ça a changé grand chose?

| Alerter

Répondre à Philtidus

Destrio5

17 Mai 2009 20:28:09

Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

Double-clique sur OTMoveIt3.exe afin de le lancer.

Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:services
InoRPC
InoRT
InoTask

:files
C:\Program Files\CA\eTrust Antivirus

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATOPUSB]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDll]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcdplayx]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^speisser thierry^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log

| Alerter

Répondre à Destrio5

Philtidus

17 Mai 2009 20:47:33

Citation :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver InoRPC stopped successfully.
Service\Driver InoRPC deleted successfully.
Service\Driver InoRT stopped successfully.
Service\Driver InoRT deleted successfully.
Service\Driver InoTask stopped successfully.
Service\Driver InoTask deleted successfully.
========== FILES ==========
C:\Program Files\CA\Etrust Antivirus\RPCMtDB moved successfully.
C:\Program Files\CA\Etrust Antivirus\Move moved successfully.
C:\Program Files\CA\Etrust Antivirus\Lang\French\Help\inocit moved successfully.
C:\Program Files\CA\Etrust Antivirus\Lang\French\Help moved successfully.
C:\Program Files\CA\Etrust Antivirus\Lang\French moved successfully.
C:\Program Files\CA\Etrust Antivirus\Lang moved successfully.
C:\Program Files\CA\Etrust Antivirus\DB moved successfully.
C:\Program Files\CA\Etrust Antivirus\backup moved successfully.
C:\Program Files\CA\Etrust Antivirus\ArcTemp moved successfully.
C:\Program Files\CA\Etrust Antivirus\00000002.QSD moved successfully.
C:\Program Files\CA\Etrust Antivirus\00000001.QSD moved successfully.
Folder move failed. C:\Program Files\CA\Etrust Antivirus scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATOPUSB\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDll\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcdplayx\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^speisser thierry^Menu Démarrer^Programmes^Démarrage^Xfire.lnk\\ deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\speisser thierry\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_76c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05172009_223814

Files moved on Reboot...
C:\Program Files\CA\Etrust Antivirus moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_76c.dat moved successfully.

| Alerter

Répondre à Philtidus

Destrio5

17 Mai 2009 21:00:04

Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

Dans Antivir, choisis Outils puis Configuration.

Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

Fais un scan complet et poste le rapport.

Tutoriel : Scanner le(s) disque(s) dur(s)

| Alerter

Répondre à Destrio5

Philtidus

17 Mai 2009 22:49:06

Citation :

Avira AntiVir Personal
Date de création du fichier de rapport : dimanche 17 mai 2009 23:11

La recherche porte sur 1396800 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 2) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : BIBI

Informations de version :
BUILD.DAT : 9.0.0.65 17959 Bytes 22/04/2009 12:06:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 21/04/2009 12:20:54
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:33:26
ANTIVIR2.VDF : 7.1.3.185 2010112 Bytes 12/05/2009 16:46:42
ANTIVIR3.VDF : 7.1.3.216 129536 Bytes 16/05/2009 16:46:43
Version du moteur : 8.2.0.168
AEVDF.DLL : 8.1.1.1 106868 Bytes 17/05/2009 16:46:45
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 17/05/2009 16:46:45
AESCN.DLL : 8.1.2.3 127347 Bytes 17/05/2009 16:46:44
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 17:24:41
AEPACK.DLL : 8.1.3.16 397686 Bytes 17/05/2009 16:46:44
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 19:01:56
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 17/05/2009 16:46:44
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 19:01:56
AEGEN.DLL : 8.1.1.44 348532 Bytes 17/05/2009 16:46:43
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 17/05/2009 16:46:43
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 17/02/2009 12:49:32
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, D:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen

Début de la recherche : dimanche 17 mai 2009 23:11

La recherche d'objets cachés commence.
'92196' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'usnsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnetwk.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PnkBstrB.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés
Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ijplmsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'FTRTSVC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLMLService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLMLServer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CTSVCCDA.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'CLSched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLCapSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'guard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgas.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'scardsvr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MsMpEng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'41' processus ont été contrôlés avec '41' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD2
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD3
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD4
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '50' fichiers).

La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet1.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet2.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet3.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet4.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet5.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet6.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
C:\Documents and Settings\speisser thierry\Mes documents\LimeWire Downloads\20 ans mauss live at private party.mp3
[RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
C:\Documents and Settings\speisser thierry\Mes documents\LimeWire Downloads\black sabbath - high quality.mp3
[RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
C:\Documents and Settings\speisser thierry\Mes documents\LimeWire Downloads\Calvin Russell - My love is so.mp3
[RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
C:\Documents and Settings\speisser thierry\Mes documents\LimeWire Downloads\Total Guitar - OZZY OSBOURNE - Miracle Man - Full track.mp3
[RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
C:\Documents and Settings\speisser thierry\Mes documents\thierry.speisser\eTrustAntivirus7.1_EN.exe
[0] Type d'archive: CAB SFX (self extracting)
--> \eTrustAntivirusOEM\Bin\eAV_S.Win\webpkg.exe
[1] Type d'archive: RSRC
--> Object
[2] Type d'archive: CAB (Microsoft)
--> inoweb.exe
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe
[RESULTAT] Contient le modèle de détection du dropper DR/Shopper.L.8
--> [PluginsDir]/InstallerHelperPlugin.dll
[RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/MartSho.dll.2
--> ProgramFilesDir/Installer.exe
[RESULTAT] Contient le modèle de détection du dropper DR/Shopper.L.12
--> [PluginsDir]/InstallerHelperPlugin.dll
[RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/MartSho.dll.2
--> ProgramFilesDir/ShoppingReport.dll
[RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/MartSho.dll.3
--> ProgramFilesDir/[PluginsDir]/InstallerHelperPlugin.dll
[RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/MartSho.dll.2
--> ProgramFilesDir/[TempDir]/ShoppingReport.dll
[RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/MartSho.dll.3
C:\Program Files\Navilog1\gnc.exe
[RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen
C:\Program Files\Navilog1\Backupnavi\kbmsnovqj.exe
[RESULTAT] Contient le cheval de Troie TR/Obfuscated.aqn.106
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000014.exe
[RESULTAT] Contient le modèle de détection du ver WORM/IrcBot.42546
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000016.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.ZBot.utx
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000027.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000030.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000033.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000034.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000035.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000036.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000037.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000038.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000039.exe
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000132.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000133.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000134.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000136.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000322.exe
[RESULTAT] Contient le modèle de détection d'un programme de numérotation générant des coûts DIAL/170048.A (dialer)
Recherche débutant dans 'D:\' <INSTALL>

Début de la désinfection :
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
[REMARQUE] Le résultat positif a été classé comme suspect.
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a879407.qua' !
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet1.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
[REMARQUE] Le résultat positif a été classé comme suspect.
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bf8aca8.qua' !
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet2.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
[REMARQUE] Le résultat positif a été classé comme suspect.
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b07d460.qua' !
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet3.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
[REMARQUE] Le résultat positif a été classé comme suspect.
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b06dc38.qua' !
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet4.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
[REMARQUE] Le résultat positif a été classé comme suspect.
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b05dbf0.qua' !
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet5.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
[REMARQUE] Le résultat positif a été classé comme suspect.
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b04c3c8.qua' !
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewDotNet6.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
[REMARQUE] Le résultat positif a été classé comme suspect.
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b03cb80.qua' !
C:\Documents and Settings\speisser thierry\Mes documents\LimeWire Downloads\20 ans mauss live at private party.mp3
[RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3093d2.qua' !
C:\Documents and Settings\speisser thierry\Mes documents\LimeWire Downloads\black sabbath - high quality.mp3
[RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a719411.qua' !
C:\Documents and Settings\speisser thierry\Mes documents\LimeWire Downloads\Calvin Russell - My love is so.mp3
[RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a7c9408.qua' !
C:\Documents and Settings\speisser thierry\Mes documents\LimeWire Downloads\Total Guitar - OZZY OSBOURNE - Miracle Man - Full track.mp3
[RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a849417.qua' !
C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe
[RESULTAT] Contient le modèle de détection du dropper DR/Shopper.L.8
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a7c941e.qua' !
C:\Program Files\Navilog1\gnc.exe
[RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a739418.qua' !
C:\Program Files\Navilog1\Backupnavi\kbmsnovqj.exe
[RESULTAT] Contient le cheval de Troie TR/Obfuscated.aqn.106
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a7d940d.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000014.exe
[RESULTAT] Contient le modèle de détection du ver WORM/IrcBot.42546
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a4093dc.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000016.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.ZBot.utx
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a4093dd.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000027.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49560b7e.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000030.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a4093de.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000033.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49541acf.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000034.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49583bef.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000035.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '495a241f.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000036.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '495b2c57.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000037.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a4093df.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000038.dll
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '495e5cc0.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000039.exe
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '495f4508.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000132.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a4093e0.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000133.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49617599.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000134.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49627da1.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000136.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '496365e9.qua' !
C:\System Volume Information\_restore{54D8DA60-6A4A-42A7-A8E5-96FEC1364212}\RP1\A0000322.exe
[RESULTAT] Contient le modèle de détection d'un programme de numérotation générant des coûts DIAL/170048.A (dialer)
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49646e31.qua' !

Fin de la recherche : lundi 18 mai 2009 00:46
Temps nécessaire: 1:31:19 Heure(s)

La recherche a été effectuée intégralement

12459 Les répertoires ont été contrôlés
518209 Des fichiers ont été contrôlés
29 Des virus ou programmes indésirables ont été trouvés
7 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
30 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
518171 Fichiers non infectés
10006 Les archives ont été contrôlées
3 Avertissements
32 Consignes
92196 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

| Alerter

Répondre à Philtidus

Destrio5

17 Mai 2009 23:27:02

Ton PC va bien ?

Refais un scan RSIT et poste le rapport log.

| Alerter

Répondre à Destrio5

Philtidus

18 Mai 2009 00:11:35

Il a l'air d'aller bien oui, merci

Voici le rapport:

Citation :

Logfile of random's system information tool 1.06 (written by random/random)
Run by speisser thierry at 2009-05-18 01:58:59
WIN_XP Service Pack 2
System drive C: has 77 GB (28%) free of 279 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:59:02, on 18/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\speisser thierry\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\speisser thierry.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-1143313878-1128349487-3228875740-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1143313878-1128349487-3228875740-1006\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\grooooooosse grosse merde MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\grooooooosse grosse merde MP3 Player Utilities 4.09\MediaManager\grab.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9882 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-07-30 1404928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-17 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-17 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-17 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
C:\Program Files\CA\Etrust Antivirus\Register.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2004-09-17 443904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
C:\WINDOWS\system32\carpserv.exe [2003-03-19 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\mHotkey.exe [2003-07-29 526848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [2007-11-06 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe [2006-09-14 5001216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
C:\WINDOWS\CNYHKey.exe [2004-03-03 5576704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe [2003-04-04 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-12-09 1937408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe [2004-12-07 84480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\CyberLink\PowerCinema\PCMService.exe [2005-01-19 110744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-01-19 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-01-19 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
C:\WINDOWS\system32\winsys2.exe [2006-04-29 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
C:\PROGRA~1\AOL9~1.0\aoltray.exe [2004-04-14 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [2004-09-24 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
C:\PROGRA~1\CASIO\PHOTOL~1\Plauto.exe [2002-08-22 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^speisser thierry^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.2.lnk]
C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE [2007-02-02 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe"="C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled

owerCinema"
"C:\Program Files\CA\Etrust Antivirus\Realmon.exe"="C:\Program Files\CA\Etrust Antivirus\Realmon.exe:*

isabled:Realmon"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled

artage de l'application RTC"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*

isabled:Microsoft DirectPlay Helper"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*

isabled:AOL 9.0"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\speisser thierry\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\DofusUpdater\DofusUpdater.exe"="C:\Documents and Settings\speisser thierry\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\DofusUpdater\DofusUpdater.exe:*

isabled:Installation de Dofus"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*

isabled:Windows® NetMeeting®"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe"="C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-05-17 22:38:14 ----D---- C:\_OTMoveIt
2009-05-17 22:14:32 ----D---- C:\Program Files\MSECACHE
2009-05-17 20:21:52 ----SHD---- C:\RECYCLER
2009-05-17 19:45:25 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-17 19:39:54 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-17 19:39:54 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-17 19:39:54 ----A---- C:\WINDOWS\system32\java.exe
2009-05-17 19:39:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-17 19:39:36 ----D---- C:\Program Files\Java
2009-05-17 19:00:08 ----D---- C:\Documents and Settings\speisser thierry\Application Data\Malwarebytes
2009-05-17 19:00:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-17 19:00:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-17 18:41:40 ----D---- C:\WINDOWS\temp
2009-05-17 18:41:38 ----A---- C:\ComboFix.txt
2009-05-17 18:31:44 ----A---- C:\Boot.bak
2009-05-17 18:31:39 ----RASHD---- C:\cmdcons
2009-05-17 17:37:08 ----D---- C:\WINDOWS\ERDNT
2009-05-17 15:32:42 ----D---- C:\rsit
2009-05-16 23:12:41 ----D---- C:\Program Files\Avira
2009-05-16 23:12:41 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-04-29 23:20:20 ----D---- C:\Program Files\Bullfrog
2009-04-22 18:07:25 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-04-22 17:56:46 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-04-22 17:56:45 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-04-22 17:56:45 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-04-22 17:56:45 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-04-22 17:56:44 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-04-21 15:56:25 ----D---- C:\Documents and Settings\speisser thierry\Application Data\vlc
2009-04-20 02:11:40 ----D---- C:\Documents and Settings\speisser thierry\Application Data\Xfire

======List of files/folders modified in the last 1 months======

2009-05-18 01:58:48 ----D---- C:\Program Files\Mozilla Firefox
2009-05-18 00:46:03 ----D---- C:\Program Files\Navilog1
2009-05-18 00:46:01 ----D---- C:\Program Files\MultiMedia France Toolbar
2009-05-17 23:13:19 ----D---- C:\WINDOWS\Prefetch
2009-05-17 22:48:07 ----SD---- C:\WINDOWS\Tasks
2009-05-17 22:45:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-17 22:45:10 ----D---- C:\Program Files\CA
2009-05-17 22:43:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-17 22:35:25 ----SHD---- C:\WINDOWS\Installer
2009-05-17 22:35:25 ----SHD---- C:\Config.Msi
2009-05-17 22:35:25 ----RAD---- C:\Program Files
2009-05-17 19:46:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-17 19:45:42 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-05-17 19:45:01 ----D---- C:\Program Files\Adobe
2009-05-17 19:44:18 ----AD---- C:\WINDOWS\system32
2009-05-17 19:36:27 ----D---- C:\Program Files\Fichiers communs
2009-05-17 19:09:52 ----D---- C:\WINDOWS\system32\drivers
2009-05-17 18:59:06 ----D---- C:\WINDOWS
2009-05-17 18:38:03 ----A---- C:\WINDOWS\system.ini
2009-05-17 18:35:09 ----D---- C:\WINDOWS\system32\config
2009-05-17 18:34:19 ----D---- C:\WINDOWS\AppPatch
2009-05-17 18:33:32 ----D---- C:\WINDOWS\system
2009-05-17 18:31:44 ----RASH---- C:\boot.ini
2009-05-17 17:41:12 ----SHD---- C:\System Volume Information
2009-05-17 17:41:12 ----D---- C:\WINDOWS\system32\Restore
2009-05-16 23:12:49 ----HD---- C:\WINDOWS\inf
2009-05-16 23:11:09 ----D---- C:\WINDOWS\WinSxS
2009-05-16 22:03:25 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-13 22:45:12 ----D---- C:\Documents and Settings\speisser thierry\Application Data\uTorrent
2009-05-13 22:31:56 ----D---- C:\Program Files\Internet Explorer
2009-05-13 19:01:20 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-05-13 15:59:47 ----D---- C:\Documents and Settings\speisser thierry\Application Data\LimeWire
2009-05-12 17:34:57 ----D---- C:\Documents and Settings\speisser thierry\Application Data\Skype
2009-05-10 11:56:23 ----D---- C:\Documents and Settings\speisser thierry\Application Data\OpenOffice.org2
2009-05-09 19:15:34 ----D---- C:\Program Files\Windows Live Safety Center
2009-05-07 23:08:39 ----A---- C:\WINDOWS\win.ini
2009-05-01 10:36:56 ----D---- C:\Program Files\eMule
2009-04-30 10:30:22 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2009-04-22 17:56:47 ----D---- C:\WINDOWS\system32\DirectX
2009-04-22 17:56:30 ----RSD---- C:\WINDOWS\assembly
2009-04-22 01:37:01 ----D---- C:\Documents and Settings\speisser thierry\Application Data\dvdcss
2009-04-20 06:34:18 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-01-19 8552]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-26 271360]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-26 18048]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-03-19 11044]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-05 88448]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-05 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-05 55936]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2003-03-19 22400]
R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 945152]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2004-09-16 18048]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-06-09 3968]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-03-19 1107072]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-03-19 177024]
R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader; C:\WINDOWS\System32\Drivers\IMT0521.sys [2003-07-11 34825]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-03-19 622592]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-05 17024]
S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-05 38016]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-05 100992]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-05 274944]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-05 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\SPEISS~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-05 15360]
S3 MSICPL;MSICPL; \??\F:\install4\MSICPL.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-05 10880]
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys []
S3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-09-25 174530]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 QV2KUX;Appareil photo numérique Casio; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-05 59648]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 63608]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-05 11136]
S3 SNDP202;Dual Mode Camera (8008 VGA); C:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-01-16 245120]
S3 SQTECH905C;DaulCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2004-12-08 32123]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-05 15360]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-08-03 237568]
S4 cdawdm;CDAWDM; C:\WINDOWS\system32\DRIVERS\CDAWDM.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:\WINDOWS\system32\drivers\papycpu2.sys [2001-02-13 2016]
R01000000 papyjoy;papyjoy; C:\WINDOWS\system32\drivers\papyjoy.sys [2001-02-13 1888]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-01-19 172153]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-01-19 110711]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-01-19 24576]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-17 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-05 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-13 189072]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-06 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

-----------------EOF-----------------

| Alerter

Répondre à Philtidus

Destrio5

18 Mai 2009 00:20:23

1/

Désinstalle HijackThis.

Télécharge ToolsCleaner2 sur ton Bureau.

Double-clique sur ToolsCleaner2.exe pour le lancer.

Clique sur Recherche et laisse le scan agir.

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options Facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2/

Télécharge et installe CCleaner Slim.

Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....

Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.

Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).

3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien

==Problème résolu ?==

Si tu estimes que ton problème est résolu :

---> Ajoute maintenant [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer

.

Rajoute la mention [Résolu] devant le titre.

Clique ensuite sur Valider votre message.

Sois plus vigilant(e) sur Internet

| Alerter

Répondre à Destrio5

Philtidus

18 Mai 2009 01:17:57

Citation :

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\BFU\toolbar.bfu: trouvé !
C:\BFU\Winsoftware.bfu: trouvé !
C:\BFU\Bfu.exe: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\speisser thierry\Bureau\Déchetterie\Clean.zip: trouvé !
C:\Documents and Settings\speisser thierry\Bureau\Déchetterie\Navilog1.lnk: trouvé !
C:\Documents and Settings\speisser thierry\Bureau\Déchetterie\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\speisser thierry\Bureau\Déchetterie\Rsit.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\BFU\toolbar.bfu: supprimé !
C:\BFU\Winsoftware.bfu: supprimé !
C:\BFU\Bfu.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\speisser thierry\Bureau\Déchetterie\Clean.zip: supprimé !
C:\Documents and Settings\speisser thierry\Bureau\Déchetterie\Navilog1.lnk: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\Documents and Settings\speisser thierry\Bureau\Déchetterie\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\speisser thierry\Bureau\Déchetterie\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Fichiers temporaires nettoyés !