Tom's Guide > Forum > Sécurité - Virus > [Résolu] Modification du registre detectée

[Résolu] Modification du registre detectée

Forum Sécurité - Virus : [Résolu] Modification du registre detectée

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !

Créer un nouveau sujet Répondre

Bas de page Chercher dans ce sujet

Bonjour a tous

Alors voila, depuis peu je me bats contre mon PC. tout a commencé par le fameux bug de l'accent circonflexe. J'en suis venu a bout grâce aux indications lues sur ce forum.
Ensuite j'ai eu le droit aux processus b.exe et c.exe, il me semble que j'en suis venu a bout aussi. Ensuite un bug bizarre faisait qu'a chaque démarrage, il fallait que je débranche et rebranche mon câble RJ45 pour que ma connexion au net s'active.

A présent, au bout d'une heure en gros, le système devient super lent, la frappe au clavier est difficile, il est très dur d'ouvrir le gestionnaire des taches windows et mon processeur m'indique une surcharge (en fait c'est en train de commencer ) Avast, Adaware, etc. n'y ont rien fait.

Ad-watch m'indique au bout de cette heure qu'il y a eu environ 5000 "Modification du registre détectée". (6000 à la fin de ce post).

bref, sans plus tarder je vous colle le rapport hijack dans le spoiler qui suit, merci à tous ceux qui m'aideront.

Spoiler :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:20:04, on 11/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\drivers\services.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\system32\drivers\services.exe
C:\Documents and Settings\Administrateur\svchost.exe
C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\EXPERTool ATI\TBPanel.exe
C:\Program Files\Ad-Aware\Ad-Watch.exe
C:\windows\system32\drivers\services.exe
C:\Documents and Settings\Administrateur\svchost.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\windows\system32\taskmgr.exe
C:\Documents and Settings\Administrateur\Bureau\buse\buse.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\Administrateur\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,C:\windows\system32\drivers\services.exe
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A2964E1-8474-481D-AD7D-06C0467C20BD} - C:\WINDOWS\system32\amdpcom3.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Bfovusukas] rundll32.exe "C:\WINDOWS\Ugeta.dll",e
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\svcnost.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKLM\..\Run: [Regedit32] C:\windows\system32\regedit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
O4 - HKCU\..\Run: [Steam] "j:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [A00F25B86EE.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe
O4 - HKCU\..\Run: [Administrateur] C:\Documents and Settings\Administrateur\Administrateur.exe /i
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [[system]] C:\windows\system32\drivers\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [[system]] C:\windows\system32\drivers\services.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: userinit.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Google Update (gupdate1c9940a6d0c47f8) (gupdate1c9940a6d0c47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSDV Driver (msdvdr) - Unknown owner - C:\windows\system32\msdvdr.pif
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Localisateur d'appels de procédure distante (RPC) RpcLocatorNetTcpPortSharing (RpcLocatorNetTcpPortSharing) - Unknown owner - C:\windows\system32\acelpdecb.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 10262 bytes

Message édité par endi_93 le 13-07-2009 à 07:45:50

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

Télécharge ComboFix (sUBs) sur ton Bureau.
Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Il va te demander d'installer la console de récupération : accepte.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Répondre à Destrio5

merci de me filer un coup de main
Le rapport est dans le spoiler qui suit.

Spoiler :

ComboFix 09-07-09.08 - Administrateur 12/07/2009 0:52.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1408 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\combo\ComboFix.exe
* Un nouveau point de restauration a été créé
.
/wow section - STAGE 8
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

/wow section - STAGE 32A
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

/wow section - STAGE 33
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

/wow section - STAGE 34
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Administrateur.exe
c:\documents and settings\Administrateur\Application Data\Microsoft\profile.dat
c:\documents and settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Administrateur\svchost.exe
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\ipdll.dll
c:\documents and settings\brizio\Bureau\WebMediaPlayer.lnk
c:\documents and settings\brizio\eula.txt
c:\documents and settings\LocalService.AUTORITE NT\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService.AUTORITE NT\svchost.exe
c:\documents and settings\NetworkService.AUTORITE NT\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\webmediaplayer
c:\program files\webmediaplayer\resources\languages.xml
c:\program files\webmediaplayer\resources\webmedias
c:\program files\webmediaplayer\skins\classic.skn
c:\program files\webmediaplayer\sqlite3.dll
c:\program files\webmediaplayer\WebMediaPlayer.url
c:\recycler\S-1-5-21-725345543-1547161642-2147208981-1003
C:\userinit.exe
c:\windows\Installer\36c588b.msi
c:\windows\Installer\36c588f.msi
c:\windows\Installer\7d60598.msp
c:\windows\Installer\a8e93.msi
c:\windows\msa.exe
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\system32\acelpdecb.exe
c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe
c:\windows\system32\calc.ifo
c:\windows\system32\config\systemprofile\Application Data\Microsoft\profile.dat
c:\windows\system32\drivers\i386si.sys
c:\windows\system32\drivers\ksi32sk.sys
c:\windows\system32\drivers\securentm.sys
c:\windows\system32\drivers\services.exe
c:\windows\system32\drivers\systemntmi.sys
c:\windows\system32\drivers\ws2_32sik.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\msconfig.exe
c:\windows\system32\msdvdr.dat
c:\windows\system32\msdvdr.pif
c:\windows\system32\sdra64.exe
c:\windows\system32\sysdm.exe
c:\windows\system32\uninstall.exe
c:\windows\system32\wsnpoema
c:\windows\system32\wsnpoema.exe
c:\windows\system32\wsnpoema\audio.dll
c:\windows\system32\wsnpoema\video.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_MSDVDR
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_RPCLOCATORNETTCPPORTSHARING
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_i386si
-------\Service_ksi32sk
-------\Service_msdvdDrv
-------\Service_msdvdr
-------\Service_RpcLocatorNetTcpPortSharing
-------\Service_securentm
-------\Service_systemntmi
-------\Service_ws2_32sik

((((((((((((((((((((((((((((( Fichiers créés du 2009-06-11 au 2009-07-11 ))))))))))))))))))))))))))))))))))))
.

2009-06-30 17:34 . 2009-06-30 17:34 16384 --sha-w- c:\windows\system32\actxprxyd.dll
2009-06-30 17:33 . 2009-06-30 17:34 88 --s-a-w- c:\windows\system32\3404731892.dat
2009-06-29 05:32 . 2009-06-29 05:24 33124 ---h--w- c:\documents and settings\LocalService.AUTORITE NT\LocalService.AUTORITE NT.exe
2009-06-29 05:32 . 2009-06-29 05:23 33124 ---h--w- c:\documents and settings\NetworkService.AUTORITE NT\NetworkService.AUTORITE NT.exe
2009-06-28 16:59 . 2009-06-28 19:41 -------- d-----w- c:\documents and settings\Administrateur\.housecall6.6
2009-06-28 07:15 . 2009-06-28 07:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-16 05:38 . 2009-02-03 20:10 55808 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-06-16 05:38 . 2009-05-07 15:30 349184 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-06-16 05:38 . 2008-06-12 13:48 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-06-16 05:38 . 2008-06-12 13:48 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2009-06-16 05:38 . 2008-06-12 13:48 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2009-06-16 05:38 . 2008-06-12 13:48 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2009-06-16 05:38 . 2008-06-12 13:48 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2009-06-16 05:38 . 2008-06-12 13:48 428032 -c----w- c:\windows\system32\dllcache\msdtcprx.dll
2009-06-16 05:34 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-16 05:34 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-16 05:30 . 2005-07-26 04:29 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-06-16 05:30 . 2009-03-06 14:00 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-16 05:30 . 2009-02-09 10:03 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-16 05:30 . 2009-02-06 09:41 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-16 05:30 . 2009-02-09 10:03 740352 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-16 05:30 . 2009-02-09 10:03 686080 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-16 05:30 . 2009-02-09 10:03 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-16 05:30 . 2009-02-09 09:53 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-16 05:30 . 2009-02-06 09:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-06-16 05:27 . 2008-12-16 12:49 351232 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-06-16 05:26 . 2008-04-21 21:27 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 22:49 . 2008-03-23 22:23 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 4
2009-07-11 10:43 . 2009-02-21 09:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-07-10 21:15 . 2008-04-20 14:51 -------- d-----w- c:\program files\Ad-Aware
2009-07-08 20:09 . 2008-04-20 21:31 138512 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-08 20:09 . 2008-04-20 21:31 201440 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-06 06:12 . 2009-03-09 13:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-28 19:36 . 2008-04-05 16:52 -------- d-----w- c:\program files\Ripp-it_AM
2009-06-26 21:26 . 2008-05-03 12:22 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-06-26 21:03 . 2008-05-31 20:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Azureus
2009-06-26 05:09 . 2007-09-23 17:16 -------- d-----w- c:\program files\Google
2009-06-24 19:23 . 2007-05-23 17:41 -------- d-----w- c:\program files\HomePlayer1.5.1.1
2009-05-13 05:04 . 2004-08-28 14:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:30 . 2004-08-28 14:00 349184 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 03:30 . 2008-08-06 07:20 3643904 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-04-29 02:18 . 2008-10-24 15:56 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-04-29 02:17 . 2008-08-06 07:20 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-04-29 02:07 . 2008-08-06 07:20 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-04-29 02:06 . 2008-08-06 07:20 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-04-29 02:06 . 2008-08-06 07:20 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-04-29 02:06 . 2008-08-06 07:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-04-29 02:06 . 2008-08-06 07:20 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-04-29 02:04 . 2008-08-06 07:20 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-04-29 02:03 . 2008-08-06 07:20 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-04-29 02:00 . 2008-10-24 15:56 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-04-29 01:56 . 2008-08-06 07:20 2997536 ----a-w- c:\windows\system32\ati3duag.dll
2009-04-29 01:45 . 2008-09-24 02:09 11603968 ----a-w- c:\windows\system32\atioglxx.dll
2009-04-29 01:42 . 2008-08-06 07:20 2687872 ----a-w- c:\windows\system32\ativvaxx.dll
2009-04-29 01:26 . 2009-04-29 01:26 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-04-29 01:26 . 2008-08-06 07:20 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-04-29 01:22 . 2008-08-06 07:20 479232 ----a-w- c:\windows\system32\atikvmag.dll
2009-04-29 01:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-04-29 01:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-04-29 01:20 . 2008-08-06 07:20 135168 ----a-w- c:\windows\system32\atiadlxx.dll
2009-04-29 01:19 . 2008-08-06 07:20 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-04-29 01:19 . 2008-08-06 07:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-04-29 01:18 . 2009-04-29 01:18 3280896 ----a-w- c:\windows\system32\aticaldd.dll
2009-04-29 01:17 . 2008-08-06 07:20 303104 ----a-w- c:\windows\system32\atiok3x2.dll
2009-04-29 01:13 . 2008-08-06 07:20 630784 ----a-w- c:\windows\system32\ati2cqag.dll
2009-04-28 19:05 . 2008-10-24 15:56 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-19 20:09 . 2004-08-28 14:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:17 . 2004-08-28 14:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2008-02-08 07:35 . 2007-06-02 16:00 67696 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-02-08 07:35 . 2007-06-02 16:00 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-08 07:35 . 2007-06-02 16:00 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-02-08 07:35 . 2007-06-02 16:00 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-02-08 07:35 . 2007-06-02 16:00 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2008-04-14 02:33 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ctfmon.exe
[-] 2004-08-28 14:00 25088 43836CFFABAC8D6779E8EE55E308DF2C c:\windows\system32\ctfmon.exe

[-] 2008-04-14 02:33 1571840 E17C85D5B5CF477638433B851A98499E c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\sfcfiles.dll
[-] 2004-08-28 14:00 1548288 F6AE0589111ACEFDC7A109A30A60E2A6 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-28 25088]
"IE Privacy Keeper"="c:\program files\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-12-03 1015808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools\daemon.exe" [2008-04-01 486856]
"Gainward"="c:\program files\EXPERTool ATI\TBPanel.exe" [2008-07-31 2296360]
"AWMON"="c:\program files\Ad-Aware\Ad-Watch.exe" [2005-05-25 517632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224]
"VisualTaskTips"="c:\windows\System32\VisualTaskTips.exe" [2004-08-28 36864]
"TransBar"="c:\windows\System32\TransBar.exe" [2004-08-28 65536]
"Styler"="c:\program files\styler\Styler.exe" [2006-05-03 307200]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2003-10-21 2334792]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-03-28 413696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 868352]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\brizio\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
HomePlayer.lnk - c:\program files\HomePlayer1.5.0.2\HomePlayer.exe [2007-2-6 184320]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-4-9 546816]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
userinit.exe [2009-3-21 27648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=SMNT40.dll
"wave1"=SMNT40.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\QuakeWars\\etqwded.exe"=
"d:\\QuakeWars\\etqw.exe"=
"e:\\MircAndy\\mirc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\HomePlayer1.5.1.1\\HomePlayer.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Emote\\Launcher\\launcher.exe"=
"c:\\Program Files\\MeuhMeuhTV\\MeuhMeuhTV.exe"=
"c:\\Program Files\\XBMC\\XBMC.exe"=
"c:\\windows\\system32\\Ati2evxx.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\CDBurnerXP\\NMSAccessU.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\alg.exe"=
"c:\\windows\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\jucheck.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"d:\\Wolfenstein\\et.exe"=
"d:\\ArmA 2\\arma2.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\windows\\system32\\SNDVOL32.EXE"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Ad-Aware\\Ad-Watch.exe"=
"c:\\Program Files\\Windows Sidebar\\sidebar.exe"=
"c:\\Program Files\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 4\\firefox.exe"=
"c:\\WINDOWS\\system32\\ssmypics.scr"=
"c:\\Program Files\\UberIcon\\UberIcon Manager.exe"=
"c:\\Windows\\System32\\VisualTaskTips.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\jusched.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\Program Files\\IE Privacy Keeper\\IEPrivacyKeeper.exe"=
"c:\\Program Files\\DAEMON Tools\\daemon.exe"=
"c:\\Program Files\\EXPERTool ATI\\TBPanel.exe"=
"c:\\Documents and Settings\\Administrateur\\Menu Démarrer\\Programmes\\Démarrage\\userinit.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\combo\\ComboFix.exe"=
"c:\\windows\\system32\\taskmgr.exe"=
"c:\\ComboFix\\NirCmdC.cfexe"=
"c:\\windows\\system32\\wuauclt.exe"=
"c:\\ComboFix\\Nircmd.com"=
"c:\\ComboFix\\Catchme.tmp"=
"c:\\WINDOWS\\PEV.exe"=
"c:\\ComboFix\\pev.cfexe"=
"c:\\ComboFix\\PV.cfexe"=
"c:\\ComboFix\\FINDSTR.cfexe"=
"c:\\windows\\system32\\netsh.exe"=
"c:\\windows\\system32\\CF2982.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6081:TCP"= 6081:TCP:RPC

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [24/10/2008 17:56 93696]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [19/04/2008 19:45 472644]
S0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [27/04/2003 12:39 8704]
S2 gupdate1c9940a6d0c47f8;Service Google Update (gupdate1c9940a6d0c47f8);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2009 11:54 133104]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [07/06/2008 18:59 12672]
S3 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [27/04/2003 11:43 99360]
S4 SMNT40;SMNT40;c:\windows\system32\drivers\SMNT40.sys [04/05/2008 15:51 161576]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - HELPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-07-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-23 22:07]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 09:54]

2009-07-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{2A2964E1-8474-481D-AD7D-06C0467C20BD} - c:\windows\system32\amdpcom3.dll
HKCU-Run-Steam - j:\steam\steam.exe
HKCU-Run-RGSC - j:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-Administrateur - c:\documents and settings\Administrateur\Administrateur.exe
HKLM-Run-Vistadrv - c:\windows\system32\Vistadrive\vsdrv.exe
HKLM-Run-Adobe Photo Downloader - l:\adobe photoshop lightroom 1.4\apdproxy.exe
HKLM-Run-Bfovusukas - c:\windows\Ugeta.dll
HKU-Default-Run-[system] - c:\windows\system32\drivers\services.exe
HKU-Default-Run-winlogon - c:\documents and settings\LocalService.AUTORITE NT\svchost.exe

.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.fr
uStart Page = hxxp://www.google.fr
uDefault_Search_URL = hxxp://www.google.fr/keyword/%s
mDefault_Page_URL = hxxp://www.google.fr
mStart Page = hxxp://www.google.fr
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\6mlw5ys5.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 4\plugins\npcosmop211.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox 3 Beta 4\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 00:57
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\TEMP\TMP00000013179F8117EC678CBC 524288 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1177238915-573735546-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,e2,12,cf,67,15,e4,47,8f,11,09,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,e2,12,cf,67,15,e4,47,8f,11,09,\

[HKEY_USERS\S-1-5-21-1177238915-573735546-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:74,ab,63,d9,73,9a,73,ae,45,5d,76,78,f6,ed,b3,1c,49,6a,55,6c,db,
45,d9,96,c4,90,fd,de,88,b7,b6,6d,f5,78,79,d3,96,6e,92,ef,ed,1c,79,4e,f6,5a,\
"rkeysecu"=hex:01,a8,a3,d0,1c,32,b3,d5,ab,e9,a0,17,12,71,11,ec

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
@Allowed: (Read) (Administrators)
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1892)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(276)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(1268)
c:\windows\System32\VttHooks.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\shimgvw.dll
c:\windows\system32\webcheck.dll
c:\progra~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Fichiers communs\Microsoft Shared\Web Components\11\1036\OWCI11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2009-07-11 1:00 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-07-11 22:59

Avant-CF: 1 937 981 440 octets libres
Après-CF: 1 959 100 416 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel p1" /3GB /USERVA=2500/
multi(0)disk(0)rdisk(1)partition(4)\WINDOWS="Microsoft Windows XP Professionnel p4" /3GB /USERVA=2500/

430 --- E O F --- 2009-06-28 09:46

Répondre à endi_93

Télécharge FindyKill (de Chiquitine29 & C_XX) sur ton Bureau.
Lance l'installation avec les paramètres par défaut.
Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
Double-clique sur le raccourci FindyKill sur ton Bureau.

(Sous Vista, il faut cliquer droit sur le raccourci de FindyKill et choisir Exécuter en tant qu'administrateur)

Choisis F pour Français.
Au menu principal, choisis l'option 1 (Recherche).
Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Répondre à Destrio5

Voila

Spoiler :

############################## | FindyKill V6.005 |

# User : Administrateur (Administrateurs) # 49600DF4A84A47C
# Update on 11/07/09 by Chiquitine29 & C_XX
# Start at: 08:33:25 | 12/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 19,53 Go (1,82 Go free) # NTFS
# D:\ # Disque fixe local # 39,06 Go (7,9 Go free) [One] # NTFS
# E:\ # Disque fixe local # 90,45 Go (9,25 Go free) [Two] # NTFS
# F:\ # Disque CD-ROM # 7,68 Go (0 Mo free) [ARMA2] # UDF
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 991,22 Mo (236,64 Mo free) # FAT
# I:\ # Disque fixe local # 232,88 Go (12,84 Go free) [Nouveau nom] # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\EXPERTool ATI\TBPanel.exe
C:\Program Files\Ad-Aware\Ad-Watch.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\windows\system32\wbem\wmiprvse.exe

################## | Registre Startup |

R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="http://www.google.fr"
R1 - HKCU\..\Main: "Start Page"="http://www.google.fr"
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\drivers\\services.exe"
F2 - HKLM\..\logon:"DefaultUserName"="Administrateur"
F2 - HKLM\..\logon:"AltDefaultUserName"="Administrateur"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: UberIcon="C:\Program Files\UberIcon\UberIcon Manager.exe"
04 - HKLM\..\Run: VisualTaskTips=C:\Windows\System32\VisualTaskTips.exe
04 - HKLM\..\Run: TransBar=C:\Windows\System32\TransBar.exe /s
04 - HKLM\..\Run: Styler=C:\Program Files\styler\Styler.exe
04 - HKLM\..\Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKLM\..\Run: Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide
04 - HKLM\..\Run: SmcService=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
04 - HKLM\..\Run: QuickTime Task="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
04 - HKLM\..\Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
04 - HKLM\..\Run: StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run: Vistadrv=C:\WINDOWS\system32\Vistadrive\vsdrv.exe
04 - HKLM\..\Run: SoundMAX="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
04 - HKLM\..\Run: Adobe Photo Downloader="L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
04 - HKLM\..\Run: svchost.exe=C:\WINDOWS\system32\svcnost.exe
04 - HKLM\..\Run: Bfovusukas=rundll32.exe "C:\WINDOWS\Ugeta.dll",e
04 - HKLM\..\Run: SVCHOST=C:\WINDOWS\MDM.EXE
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run: IE Privacy Keeper="C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
04 - HKCU\..\Run: DAEMON Tools Lite="C:\Program Files\DAEMON Tools\daemon.exe" -autorun
04 - HKCU\..\Run: Gainward=C:\Program Files\EXPERTool ATI\TBPanel.exe /A
04 - HKCU\..\Run: AWMON="C:\Program Files\Ad-Aware\Ad-Watch.exe"
04 - HKCU\..\Run: EA Core=C:\Program Files\Electronic Arts\EADM\Core.exe -silent
04 - HKCU\..\Run: Steam="j:\steam\steam.exe" -silent
04 - HKCU\..\Run: RGSC=J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
04 - HKCU\..\Run: Administrateur=C:\Documents and Settings\Administrateur\Administrateur.exe /i
04 - HKCU\..\Run: A00F25B86EE.exe=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe

################## | Fichiers # Dossiers infectieux |

################## | C:\Documents and Settings\Administrateur\Temporary Internet Files |

################## | All Drives ... |

Présent ! F:\Setup.exe [ce51ff44b1b93f925f1db0d832e629f7]
Présent ! F:\autorun.inf [aa93a7d7940c0dafd2dcabc6e492d931]

################## | Registre # Clés Run infectieuses |

Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Administrateur"
Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "svchost"

################## | Registre # Mountpoints2 |

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # FindyKill V6.005 ! |

Répondre à endi_93

Mes problèmes semblent réglés, merci

Répondre à endi_93

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
Double-clique sur le raccourci FindyKill sur ton Bureau.

(Sous Vista, il faut cliquer droit sur le raccourci de FindyKill et choisir Exécuter en tant qu'administrateur)

Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura un redémarrage, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Répondre à Destrio5

le voici, malheureusement j avais installé antivir pensant que le problème était réglé (boulet mod) du coup j'ai cliqué sur "ignore" dans la fenêtre antiv qui s'ouvrait a chaque fois que findykill trouvait un exe, qu'il testait je suppose, j'espère que ce n'est pas un trop gros soucis...

le rapport :

Spoiler :

############################## | FindyKill V6.005 |

# User : Administrateur (Administrateurs) # 49600DF4A84A47C
# Update on 11/07/09 by Chiquitine29 & C_XX
# Start at: 15:13:43 | 12/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : AntiVir Desktop 9.0.1.30 [ (!) Disabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 19,53 Go (1,6 Go free) # NTFS
# D:\ # Disque fixe local # 39,06 Go (7,84 Go free) [One] # NTFS
# E:\ # Disque fixe local # 90,45 Go (9,25 Go free) [Two] # NTFS
# F:\ # Disque CD-ROM # 7,68 Go (0 Mo free) [ARMA2] # UDF
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 991,22 Mo (236,64 Mo free) # FAT
# I:\ # Disque fixe local # 232,88 Go (7,36 Go free) [Nouveau nom] # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## | Fichiers # Dossiers infectieux |

################## | C:\Documents and Settings\Administrateur\Temporary Internet Files |

################## | All Drives ... |

Supprimé ! C:\userinit.exe
(!) Non supprimé ! F:\Setup.exe
(!) Non supprimé ! F:\autorun.inf
################## | Autres ... |

################## | Registre # Clés Run infectieuses |

Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "svchost"
Supprimé ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Administrateur"

################## | Registre # Mountpoints2 |

################## | Listing des fichiers présent |

[13/03/2007 19:49|--a------|0] - C:\AUTOEXEC.BAT
[01/05/2009 11:36|--a------|310] - C:\Boot.bak
[12/07/2009 00:51|-rahs----|379] - C:\boot.ini
[24/08/2008 01:53|-rahs----|4952] - C:\Bootfont.bin
[01/05/2009 11:09|--a------|348] - C:\bootsave.ini
[03/08/2004 23:00|--a------|263488] - C:\cmldr
[12/07/2009 01:00|--a------|26574] - C:\ComboFix.txt
[13/03/2007 19:49|--a------|0] - C:\CONFIG.SYS
[15/01/2008 22:10|--a------|429615] - C:\DSCF3565bis.jpg
[15/01/2008 22:07|--a------|894451] - C:\DSCF3597.JPG
[12/07/2009 15:24|--a------|3121] - C:\FindyKill.txt
[21/04/2008 07:57|--ahs----|904] - C:\hostssave
[13/03/2007 19:49|-rahs----|0] - C:\IO.SYS
[13/03/2007 19:49|-rahs----|0] - C:\MSDOS.SYS
[24/08/2008 01:53|-rahs----|47564] - C:\NTDETECT.COM
[24/08/2008 01:53|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[12/07/2009 14:18|--a------|32299960] - D:\avira_antivir_personal_en.exe
[07/05/2007 05:14|--a------|69716] - D:\bookmarks.html
[01/05/2009 11:21|--a------|326] - D:\boot.ini
[07/06/2008 18:58|--a------|2063807] - D:\cpu-z_cpu-z_1.51_anglais_11090.exe
[11/07/2009 08:15|--a------|401720] - D:\HiJackThis.exe
[01/11/2007 00:11|--a------|282] - D:\One (D).lnk
[04/07/2007 01:33|--ahs----|4608] - D:\Thumbs.db
[05/02/2006 07:04|--a------|14141] - D:\video.pass
[18/06/2008 08:06|--a------|46531155] - D:\XBMC_for_Windows-9.04.1-repack.exe
[02/05/2008 06:39|--a------|0] - E:\105900781_MVM_3.tmp
[29/06/2008 13:32|--a------|18382848] - E:\108805171_MVM_0.tmp
[05/02/2006 07:04|--a------|14141] - E:\video.pass
[29/05/2009 04:44|-r-------|1075256] - F:\AutoRun.bmp
[29/05/2009 04:44|-r-------|1830] - F:\Autorun.csv
[29/05/2009 04:44|-r-------|488] - F:\AutoRun.dat
[26/03/2009 10:20|-r-------|704512] - F:\AutoRun.exe
[29/05/2009 04:44|-r-------|48] - F:\Autorun.inf
[29/05/2009 04:44|-r-------|263138] - F:\autorun.wav
[29/05/2009 04:44|-r-------|2662] - F:\readme.txt
[29/05/2009 04:44|-r-------|239480] - F:\setup.bmp
[01/06/2009 04:23|-r-------|4456] - F:\setup.crc
[29/05/2009 04:44|-r-------|24754] - F:\Setup.csv
[29/05/2009 04:44|-r-------|1075] - F:\setup.dat
[21/05/2009 14:54|-r-------|983040] - F:\Setup.exe
[29/05/2009 04:44|-r-------|1930] - F:\Uninstall.csv
[26/03/2009 10:21|-r-------|573440] - F:\UnInstall.exe
[11/06/2009 15:03|--ah-----|6148] - H:\.DS_Store

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# D:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# E:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# H:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# I:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.

################## | Etat / Services / Informations |

# Mode sans echec : OK

# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # FindyKill V6.005 ! |

Répondre à endi_93

Désinstalle FindyKill.

Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
Sélectionne Exécuter un examen rapide.
Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Répondre à Destrio5

Voila

Spoiler :

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2412
Windows 5.1.2600 Service Pack 2

12/07/2009 16:54:23
mbam-log-2009-07-12 (16-54-23).txt

Type de recherche: Examen rapide
Eléments examinés: 111982
Temps écoulé: 5 minute(s), 22 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
C:\WINDOWS\system32\drivers\services.exe (Spyware.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bfovusukas (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f25b86ee.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\services.exe (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\svchost.exe (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.AUTORITE NT\svchost.exe (Spyware.Agent) -> Quarantined and deleted successfully.

Répondre à endi_93

Relance MBAM, va dans Quarantaine et supprime tout.

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
Double-clique sur RSIT.exe afin de lancer le programme.

(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Répondre à Destrio5

Voici

Spoiler :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-07-12 18:34:10
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (9%) free of 20 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:11, on 12/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\EXPERTool ATI\TBPanel.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\combo\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\svcnost.exe
O4 - HKLM\..\Run: [Bfovusukas] rundll32.exe "C:\WINDOWS\Ugeta.dll",e
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Steam] "j:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Administrateur] C:\Documents and Settings\Administrateur\Administrateur.exe /i
O4 - HKCU\..\Run: [A00F25B86EE.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: userinit.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Service Google Update (gupdate1c9940a6d0c47f8) (gupdate1c9940a6d0c47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8066 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SaveLinksOrder
Locked
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\styler\TB\StylerTB.dll [2006-05-02 102400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2005-08-12 180224]
"VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe [2004-08-28 36864]
"TransBar"=C:\Windows\System32\TransBar.exe [2004-08-28 65536]
"Styler"=C:\Program Files\styler\Styler.exe [2006-05-03 307200]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-01-10 1235456]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2008-03-28 413696]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-10-05 868352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"Vistadrv"=C:\WINDOWS\system32\Vistadrive\vsdrv.exe []
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"Adobe Photo Downloader"=L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe []
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui []
"svchost.exe"=C:\WINDOWS\system32\svcnost.exe []
"Bfovusukas"=C:\WINDOWS\Ugeta.dll,e []
"SVCHOST"=C:\WINDOWS\MDM.EXE []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-28 25088]
"IE Privacy Keeper"=C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe [2005-12-03 1015808]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\daemon.exe [2008-04-01 486856]
"Gainward"=C:\Program Files\EXPERTool ATI\TBPanel.exe [2008-07-31 2296360]
"AWMON"=C:\Program Files\Ad-Aware\Ad-Watch.exe [2005-05-25 517632]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Steam"=j:\steam\steam.exe -silent []
"RGSC"=J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"Administrateur"=C:\Documents and Settings\Administrateur\Administrateur.exe /i []
"A00F25B86EE.exe"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe []

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-04-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB"
"D:\QuakeWars\etqwded.exe"="D:\QuakeWars\etqwded.exe:*:Enabled:etqwded.exe"
"D:\QuakeWars\etqw.exe"="D:\QuakeWars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
"E:\MircAndy\mirc.exe"="E:\MircAndy\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe"="C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Emote\Launcher\launcher.exe"="C:\Program Files\Emote\Launcher\launcher.exe:*:Enabled:launcher"
"C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe"="C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe:*isabled:Application MeuhMeuhTV"
"C:\Program Files\XBMC\XBMC.exe"="C:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC Media Center"
"C:\windows\system32\Ati2evxx.exe"="C:\windows\system32\Ati2evxx.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:ENABLE"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
"C:\Program Files\CDBurnerXP\NMSAccessU.exe"="C:\Program Files\CDBurnerXP\NMSAccessU.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\alg.exe"="C:\WINDOWS\system32\alg.exe:*:Enabled:ENABLE"
"C:\windows\system32\wbem\wmiprvse.exe"="C:\windows\system32\wbem\wmiprvse.exe:*:Enabled:ENABLE"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:ENABLE"
"C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe:*:Enabled:ENABLE"
"C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe"="C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:ENABLE"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ENABLE"
"D:\Wolfenstein\et.exe"="D:\Wolfenstein\et.exe:*:Enabled:ENABLE"
"D:\ArmA 2\arma2.exe"="D:\ArmA 2\arma2.exe:*:Enabled:ENABLE"
"C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:ENABLE"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:ENABLE"
"C:\windows\system32\SNDVOL32.EXE"="C:\windows\system32\SNDVOL32.EXE:*:Enabled:ENABLE"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:ENABLE"
"C:\Program Files\Ad-Aware\Ad-Watch.exe"="C:\Program Files\Ad-Aware\Ad-Watch.exe:*:Enabled:ENABLE"
"C:\Program Files\Windows Sidebar\sidebar.exe"="C:\Program Files\Windows Sidebar\sidebar.exe:*:Enabled:ENABLE"
"C:\Program Files\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Ad-Aware\Ad-Aware.exe:*:Enabled:ENABLE"
"C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\ssmypics.scr"="C:\WINDOWS\system32\ssmypics.scr:*:Enabled:ENABLE"
"C:\Program Files\UberIcon\UberIcon Manager.exe"="C:\Program Files\UberIcon\UberIcon Manager.exe:*:Enabled:ENABLE"
"C:\Windows\System32\VisualTaskTips.exe"="C:\Windows\System32\VisualTaskTips.exe:*:Enabled:ENABLE"
"C:\Program Files\Windows Defender\MSASCui.exe"="C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:ENABLE"
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ENABLE"
"C:\Program Files\Analog Devices\Core\smax4pnp.exe"="C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:ENABLE"
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe:*:Enabled:ENABLE"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:*:Enabled:ENABLE"
"C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe"="C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe:*:Enabled:ENABLE"
"C:\Program Files\DAEMON Tools\daemon.exe"="C:\Program Files\DAEMON Tools\daemon.exe:*:Enabled:ENABLE"
"C:\Program Files\EXPERTool ATI\TBPanel.exe"="C:\Program Files\EXPERTool ATI\TBPanel.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe"="C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe:*:Enabled:ENABLE"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe"="C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe:*:Enabled:ENABLE"
"C:\windows\system32\taskmgr.exe"="C:\windows\system32\taskmgr.exe:*:Enabled:ENABLE"
"C:\ComboFix\NirCmdC.cfexe"="C:\ComboFix\NirCmdC.cfexe:*:Enabled:ENABLE"
"C:\windows\system32\wuauclt.exe"="C:\windows\system32\wuauclt.exe:*:Enabled:ENABLE"
"C:\ComboFix\Nircmd.com"="C:\ComboFix\Nircmd.com:*:Enabled:ENABLE"
"C:\ComboFix\Catchme.tmp"="C:\ComboFix\Catchme.tmp:*:Enabled:ENABLE"
"C:\WINDOWS\PEV.exe"="C:\WINDOWS\PEV.exe:*:Enabled:ENABLE"
"C:\ComboFix\pev.cfexe"="C:\ComboFix\pev.cfexe:*:Enabled:ENABLE"
"C:\ComboFix\PV.cfexe"="C:\ComboFix\PV.cfexe:*:Enabled:ENABLE"
"C:\ComboFix\FINDSTR.cfexe"="C:\ComboFix\FINDSTR.cfexe:*:Enabled:ENABLE"
"C:\windows\system32\netsh.exe"="C:\windows\system32\netsh.exe:*:Enabled:ENABLE"
"C:\windows\system32\CF2982.exe"="C:\windows\system32\CF2982.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-07-12 18:32:14 ----D---- C:\Program Files\trend micro
2009-07-12 18:32:13 ----D---- C:\rsit
2009-07-12 16:42:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2009-07-12 16:42:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-12 16:42:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-12 15:24:24 ----RASHD---- C:\autorun.inf
2009-07-12 15:24:24 ----A---- C:\FindyKill.txt
2009-07-12 14:36:55 ----SHD---- C:\RECYCLER
2009-07-12 08:32:13 ----D---- C:\FindyKill
2009-07-12 01:00:08 ----D---- C:\WINDOWS\temp
2009-07-12 01:00:07 ----A---- C:\ComboFix.txt
2009-07-12 00:51:08 ----A---- C:\Boot.bak
2009-07-12 00:51:05 ----RASHD---- C:\cmdcons
2009-07-12 00:48:42 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\zip.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWSC.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWREG.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\sed.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\PEV.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\grep.exe
2009-07-12 00:48:36 ----D---- C:\WINDOWS\ERDNT
2009-07-12 00:43:39 ----D---- C:\Qoobox
2009-06-30 19:34:39 ----ASH---- C:\WINDOWS\system32\actxprxyd.dll
2009-06-16 07:30:30 ----A---- C:\WINDOWS\system32\SET161.tmp

======List of files/folders modified in the last 1 months======

2009-07-12 18:32:14 ----RD---- C:\Program Files
2009-07-12 18:31:44 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 4
2009-07-12 17:03:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-12 17:02:32 ----D---- C:\WINDOWS\system32\drivers
2009-07-12 17:02:17 ----SD---- C:\WINDOWS\Tasks
2009-07-12 16:58:34 ----D---- C:\WINDOWS\system32
2009-07-12 15:25:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-12 15:24:24 ----D---- C:\WINDOWS\Prefetch
2009-07-12 15:13:36 ----D---- C:\WINDOWS
2009-07-12 14:34:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Azureus
2009-07-12 14:21:09 ----HD---- C:\WINDOWS\inf
2009-07-12 14:19:58 ----SHD---- C:\WINDOWS\Installer
2009-07-12 14:19:58 ----SHD---- C:\Config.Msi
2009-07-12 14:19:58 ----D---- C:\WINDOWS\WinSxS
2009-07-12 13:30:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-12 00:59:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-12 00:57:50 ----A---- C:\WINDOWS\system.ini
2009-07-12 00:55:25 ----D---- C:\WINDOWS\system32\config
2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-07-12 00:53:40 ----D---- C:\WINDOWS\AppPatch
2009-07-12 00:53:40 ----D---- C:\Program Files\Fichiers communs
2009-07-12 00:51:08 ----RASH---- C:\boot.ini
2009-07-11 12:43:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2009-07-10 23:15:36 ----D---- C:\Program Files\Ad-Aware
2009-07-10 21:11:51 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-08 22:09:33 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-06 08:12:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-28 21:39:11 ----AD---- C:\WINDOWS\i386
2009-06-28 21:36:48 ----D---- C:\WINDOWS\system32\Vistadrive
2009-06-28 21:36:48 ----D---- C:\Program Files\Ripp-it_AM
2009-06-28 11:37:47 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-28 11:33:32 ----D---- C:\WINDOWS\Debug
2009-06-26 23:26:32 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-06-26 07:09:36 ----D---- C:\Program Files\Google
2009-06-24 22:47:19 ----D---- C:\WINDOWS\system32\DirectX
2009-06-24 22:34:45 ----RSD---- C:\WINDOWS\assembly
2009-06-24 21:23:24 ----D---- C:\Program Files\HomePlayer1.5.1.1
2009-06-16 07:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40320]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-13 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-07-13 25416]
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-29 3643904]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-08-06 93696]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-28 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-28 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-12-08 61824]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2004-08-28 83968]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-28 248832]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S3 ac1kyhdw;ac1kyhdw; C:\WINDOWS\system32\drivers\ac1kyhdw.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cpuz132;cpuz132; \??\C:\windows\system32\drivers\cpuz132_x32.sys []
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys []
S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 st3wolf;st3wolf; C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 SMNT40;SMNT40; C:\WINDOWS\System32\drivers\SMNT40.SYS [2003-03-31 161576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-29 602112]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-31 66872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
S2 gupdate1c9940a6d0c47f8;Service Google Update (gupdate1c9940a6d0c47f8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-28 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-28 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Spoiler :

info.txt logfile of random's system information tool 1.06 2009-07-12 18:32:22

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
3DMark06-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Lightroom 2.3 RC-->MsiExec.exe /I{20E0E6F9-60AC-4453-A3ED-386BC5365C5E}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
Adobe Setup-->MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
All To MP3 Converter 1.55-->"C:\Program Files\LitexMedia\All To MP3 Converter\unins000.exe"
All2x264-->C:\Program Files\Satsuki All2x264\Uninstall.exe
Ant Renamer-->"C:\Program Files\Ant Renamer\unins000.exe"
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArmA 2 Uninstall-->D:\ArmA 2\UnInstall.exe
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\windows\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
Audacity 1.3.4 (Unicode)-->"C:\Program Files\Audacity\unins000.exe"
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Camtrace 3D-->MsiExec.exe /X{94870CBD-323C-4D44-B9AA-F83495699A58}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"J:\company of heroes\Uninstall_French.exe"
ConTEXT-->"C:\Program Files\ConTEXT\unins000.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Cosmo Player 2.1.1-->"C:\Program Files\CosmoSoftware\CosmoPlayer\CosmoPlayer\uninstall.exe"
CPUID CPU-Z 1.51-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
Crysis WARHEAD(R)-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD(R)-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Day of Defeat: Source Beta-->"D:\Steam\steam.exe" steam://uninstall/302
Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dungeon Party 0.7.0.5-->"J:\Dungeon Party\unins000.exe"
Emote-Launcher (remove only)-->"C:\Program Files\Emote\Launcher\Emote-Launcher-uninst.exe"
Empire: Total War Demo-->"J:\Steam\steam.exe" steam://uninstall/10620
Empty Temp Folders 2.8.3-->C:\Program Files\Empty Temp Folders 2.8.3\uninstall.exe
Enemy Territory - Quake Wars(TM)-->D:\QuakeWars\uninstall.exe
EXPERTool ATI 4.0-->"C:\Program Files\EXPERTool ATI\unins000.exe"
ffdshow [rev 2744] [2009-03-05]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
Half-Life 2-->"J:\Steam\steam.exe" steam://uninstall/220
Hauppauge WinTV Scheduler-->C:\PROGRA~1\WinTV\SCHEDU~1\UniSched.EXE C:\PROGRA~1\WinTV\SCHEDU~1\INSTALL.LOG
Hauppauge WinTV Soft PVR-->C:\PROGRA~1\WinTV\UNSftPVR.EXE C:\PROGRA~1\WinTV\softpvr.LOG
Hauppauge WinTV Source Selector-->C:\PROGRA~1\WinTV\UNtvsel.EXE C:\PROGRA~1\WinTV\WINTVsel.LOG
Hauppauge WinTV2000-->C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"
Helix YUV Codecs (remove only)-->"C:\WINDOWS\system32\uninstHelixYUV.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Keylight (1.0v3) for Adobe After Effects-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Foundry\Keylight 1.0 for After Effects.isu"
K-Lite Mega Codec Pack 1.65-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
Lightroom-->MsiExec.exe /I{D4134B0B-EA9B-4835-A77A-60BEE6277101}
LSDA Le Retour du Roi tm-->J:\LSDA Le Retour du Roi tm\EAUninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medieval II Total War Demo Gold-->C:\Program Files\InstallShield Installation Information\{4A665599-6771-4732-BE74-06B43B9F611B}\setup.exe -runfromtemp -l0x0009 -removeonly
MeGUI modern media encoder (remove only)-->"C:\Program Files\megui\megui-uninstall.exe"
Messenger Live Connector-->MsiExec.exe /I{0D959BD2-2BA9-418B-963B-7B4D1297C512}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mIRC-->"E:\MircAndy\mirc.exe" -uninstall
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\windows\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\windows\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox 3 Beta 4\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{97AA1F3C-DD64-4AA6-AEC5-F8F9F4CC21C5}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Nero 7 Lite v7.5.9.0-->"C:\Program Files\Nero\unins000.exe"
NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Peggle Nights Deluxe 1.0-->D:\PopCap Games\Peggle Nights Deluxe\PopUninstall.exe "D:\PopCap Games\Peggle Nights Deluxe\Install.log"
Prince of Persia-->"C:\Program Files\InstallShield Installation Information\{7C11154F-3539-4CB5-979D-EF7913473E53}\setup.exe" -runfromtemp -l0x040c -removeonly
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Pure-->C:\Program Files\InstallShield Installation Information\{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}\setup.exe -runfromtemp -l0x0c0c Pure -removeonly
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
ReClock (remove only)-->"C:\Program Files\ReClock\uninstall.exe"
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
Room Arranger-->"C:\Program Files\Room Arranger\uninstall.exe"
Security Update pour Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update pour Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
SoundMAX NT-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Analog Devices\SoundMAX Integrated Digital Audio\DeIsL1.isu"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synergy-->"D:\Steam\steam.exe" steam://uninstall/17520
Toribash 3.31-->"D:\Toribash-3.31\unins000.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.7.1-->"C:\Program Files\VideoLAN\VLC\uninstall.exe"
Warhammer 40,000: Dawn of War II - Single-player Demo-->"J:\Steam\steam.exe" steam://uninstall/15680
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WiziWYG XP-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Praxisoft\WiziWYG XP\Uninst.isu"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Zombie Panic! Source-->"D:\Steam\steam.exe" steam://uninstall/17500

======System event log======

Computer Name: 49600DF4A84A47C
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.

Pour plus d’informations, consultez les données suivantes :
http://go.microsoft.com/fwlink/?linkid=74409

ID d’analyse : {92A9B8BA-BEE4-4C29-A171-6EFCE44A3900}

Utilisateur : 49600DF4A84A47C\Administrateur

Nom : Unknown

ID :

ID de gravité : 0

ID de catégorie : 44

Chemin d’accès trouvé : firewallokfile:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\windows\system32\netsh.exe

Type d’alerte : Logiciel non classifié

Type de détection :

Record Number: 20926
Source Name: WinDefend
Time Written: 20090705152837.000000+120
Event Type: Avertissement
User:

Computer Name: 49600DF4A84A47C
Event Code: 3005
Message: L’agent de protection en temps réel Windows Defender a pris des mesures pour protéger cet ordinateur contre les logiciels espions ou autres logiciels potentiellement indésirables.

Pour plus d’informations, consultez les informations suivantes :
http://go.microsoft.com/fwlink/?linkid=74409

ID d’analyse : {495ED2CD-9BEC-4511-A2C9-A6951EBDEF7B}

Utilisateur : 49600DF4A84A47C\Administrateur

Nom : Unknown

ID :

ID de gravité : 0

ID de catégorie : 44

Type d’alerte : Logiciel non classifié

Action : Ignorer

Record Number: 20925
Source Name: WinDefend
Time Written: 20090705152820.000000+120
Event Type: Informations
User:

Computer Name: 49600DF4A84A47C
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.

Pour plus d’informations, consultez les données suivantes :
http://go.microsoft.com/fwlink/?linkid=74409

ID d’analyse : {495ED2CD-9BEC-4511-A2C9-A6951EBDEF7B}

Utilisateur : 49600DF4A84A47C\Administrateur

Nom : Unknown

ID :

ID de gravité : 0

ID de catégorie : 44

Chemin d’accès trouvé : file:C:\windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job;file:C:\Documents and Settings\Administrateur\Local Settings\Temp\b.exe;taskscheduler:C:\windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

Type d’alerte : Logiciel non classifié

Type de détection :

Record Number: 20924
Source Name: WinDefend
Time Written: 20090705152820.000000+120
Event Type: Avertissement
User:

Computer Name: 49600DF4A84A47C
Event Code: 3005
Message: L’agent de protection en temps réel Windows Defender a pris des mesures pour protéger cet ordinateur contre les logiciels espions ou autres logiciels potentiellement indésirables.

Pour plus d’informations, consultez les informations suivantes :
http://go.microsoft.com/fwlink/?linkid=74409

ID d’analyse : {0611AC58-C565-4AF2-A40D-5F126B1FEABA}

Utilisateur : 49600DF4A84A47C\Administrateur

Nom : Unknown

ID :

ID de gravité : 0

ID de catégorie : 44

Type d’alerte : Logiciel non classifié

Action : Ignorer

Record Number: 20923
Source Name: WinDefend
Time Written: 20090705151137.000000+120
Event Type: Informations
User:

Computer Name: 49600DF4A84A47C
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.

Pour plus d’informations, consultez les données suivantes :
http://go.microsoft.com/fwlink/?linkid=74409

ID d’analyse : {0611AC58-C565-4AF2-A40D-5F126B1FEABA}

Utilisateur : 49600DF4A84A47C\Administrateur

Nom : Unknown

ID :

ID de gravité : 0

ID de catégorie : 44

Chemin d’accès trouvé : regkey:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Administrateur\Local Settings\Temp\c.exe;firewallokfile:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Administrateur\Local Settings\Temp\c.exe;file:C:\Documents and Settings\Administrateur\Local Settings\Temp\c.exe

Type d’alerte : Logiciel non classifié

Type de détection :

Record Number: 20922
Source Name: WinDefend
Time Written: 20090705151137.000000+120
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: 49600DF4A84A47C
Event Code: 0
Message:
Record Number: 5
Source Name: gupdate1c9940a6d0c47f8
Time Written: 20090707072401.000000+120
Event Type: Informations
User:

Computer Name: 49600DF4A84A47C
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 4
Source Name: SecurityCenter
Time Written: 20090707072350.000000+120
Event Type: Informations
User:

Computer Name: 49600DF4A84A47C
Event Code: 0
Message:
Record Number: 3
Source Name: gusvc
Time Written: 20090707072327.000000+120
Event Type: Informations
User:

Computer Name: 49600DF4A84A47C
Event Code: 0
Message:
Record Number: 2
Source Name: gupdate1c9940a6d0c47f8
Time Written: 20090707072326.000000+120
Event Type: Informations
User:

Computer Name: 49600DF4A84A47C
Event Code: 105
Message: The service was started.

Record Number: 1
Source Name: ATI Smart
Time Written: 20090707072320.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"CLASSPATH"=.;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\QTJava.zip
"RGSCLauncher"=j:\Rockstar Games\Rockstar Games Social Club
"RGSC"=j:\Rockstar Games\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------

Répondre à endi_93

C'est beaucoup mieux mais il y a encore des choses à faire.

Tu n'as pas d'antivirus ?

Répondre à Destrio5

Quand j'ai été contaminé je n'avais pas d'antivirus. Ensuite j'ai essayé d'éradiquer le(s) virus avec avast, et la en lisant le pinned j'ai installé Antivir.

Merci en tout cas l'ordi marche déjà beaucoup mieux ! :bounce:

Répondre à endi_93

Installe AntiVir et mets-le à jour.
Double-clique sur l'icône d'AntiVir (Parapluie) dans la barre des tâches.
Dans AntiVir, choisis Outils puis Configuration.
Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
Fais un scan complet, clique sur Tout réparer si AntiVir trouve quelque chose et poste le rapport.

Tutoriel : Scanner le(s) disque(s) dur(s)

Répondre à Destrio5

Il a trouvé pas mal de choses, décidément mon ordi est un vrai repaire a troyen...

Spoiler :

Avira AntiVir Personal
Report file date: dimanche 12 juillet 2009 19:13

Scanning for 1515293 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : 49600DF4A84A47C

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 03/06/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 11/05/2009 08:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 16:56:06
ANTIVIR2.VDF : 7.1.4.198 778752 Bytes 08/07/2009 16:56:08
ANTIVIR3.VDF : 7.1.4.220 504320 Bytes 11/07/2009 16:56:09
Engineversion : 8.2.0.204
AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 10:52:04
AESCRIPT.DLL : 8.1.2.13 426362 Bytes 12/07/2009 16:56:13
AESCN.DLL : 8.1.2.3 127347 Bytes 14/05/2009 10:02:01
AERDL.DLL : 8.1.2.2 438642 Bytes 12/07/2009 16:56:13
AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 15:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 12/07/2009 16:56:12
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 12/07/2009 16:56:12
AEHELP.DLL : 8.1.3.6 205174 Bytes 12/07/2009 16:56:10
AEGEN.DLL : 8.1.1.48 348532 Bytes 12/07/2009 16:56:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 15:07:20
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 09:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, I:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: dimanche 12 juillet 2009 19:13

Starting search for hidden objects.
'48318' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'TBPANEL.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'IEPrivacyKeeper.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '48' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\n.pif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvchost1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\undBillFake1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgenthc2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgenthc5.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\LocalService.AUTORITE NT\LocalService.AUTORITE NT.exe
[DETECTION] Is the TR/Wigon.KT.1 Trojan
C:\Documents and Settings\NetworkService.AUTORITE NT\NetworkService.AUTORITE NT.exe
[DETECTION] Is the TR/Wigon.KT.1 Trojan
C:\Program Files\Windows Sidebar\wlsrvc.dll
[DETECTION] Is the TR/Patched.GY.12 Trojan
C:\Qoobox\Quarantine\C\userinit.exe.vir
[DETECTION] Is the TR/Agent.odmn.6 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\Administrateur.exe.vir
[DETECTION] Is the TR/Spy.21672 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\svchost.exe.vir
[DETECTION] Is the TR/Agent.odmn.6 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\ipdll.dll.vir
[DETECTION] Is the TR/Agent.budc Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService.AUTORITE NT\svchost.exe.vir
[DETECTION] Is the TR/Agent.odmn.6 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir
[DETECTION] Is the TR/Renos.OKZ Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.ifo.vir
[DETECTION] Is the TR/Dldr.Small.jud.5 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\msdvdr.pif.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\uninstall.exe.vir
[DETECTION] Is the TR/Dldr.VB.lxj Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\_msdvdr_.pif.zip
[0] Archive type: ZIP
--> msdvdr.pif
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\i386si.sys.vir
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ksi32sk.sys.vir
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\securentm.sys.vir
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\services.exe.vir
[DETECTION] Is the TR/Agent.odmn.6 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\systemntmi.sys.vir
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ws2_32sik.sys.vir
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
C:\WINDOWS\i386\EGA60666.FO_
[0] Archive type: CAB (Microsoft)
--> ega60666.fon
[1] Archive type: RAR SFX (self extracting)
--> Windows Sidebar\wlsrvc.dll
[DETECTION] Is the TR/Patched.GY.12 Trojan
C:\WINDOWS\system32\actxprxyd.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\drivers\services.exe
[DETECTION] Is the TR/Agent.odmn.6 Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <One>
D:\Wolfenstein\etpro\screenshots\shot0127.tga
[DETECTION] Contains HEUR/HTML.Malware suspicious code
Begin scan in 'E:\' <Two>
Begin scan in 'I:\' <Nouveau nom>
I:\lovexp.rar
[0] Archive type: RAR
--> lovexp\4 Easy steps for activate your Windows XP\01_Generate_Genuine_Serial_For_WinXP\Generate Genuine Serial For WinXP.exe
[DETECTION] Is the TR/Agent.72607.A Trojan
I:\Bureau\lovexp.rar
[0] Archive type: RAR
--> lovexp\4 Easy steps for activate your Windows XP\01_Generate_Genuine_Serial_For_WinXP\Generate Genuine Serial For WinXP.exe
[DETECTION] Is the TR/Agent.72607.A Trojan
I:\lovexp\lovexp\4 Easy steps for activate your Windows XP\01_Generate_Genuine_Serial_For_WinXP\Generate Genuine Serial For WinXP.exe
[DETECTION] Is the TR/Agent.72607.A Trojan

Beginning disinfection:
C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe
[NOTE] The file was moved to '4ac72963.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4ac92964.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4b90305d.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvchost1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4ba1fa1d.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4ac32962.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\undBillFake1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4abe2963.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgenthc2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4ac8295e.qua'!
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgenthc5.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49d0285f.qua'!
C:\Documents and Settings\LocalService.AUTORITE NT\LocalService.AUTORITE NT.exe
[DETECTION] Is the TR/Wigon.KT.1 Trojan
[NOTE] The file was moved to '4abd2964.qua'!
C:\Documents and Settings\NetworkService.AUTORITE NT\NetworkService.AUTORITE NT.exe
[DETECTION] Is the TR/Wigon.KT.1 Trojan
[NOTE] The file was moved to '4ace295a.qua'!
C:\Program Files\Windows Sidebar\wlsrvc.dll
[DETECTION] Is the TR/Patched.GY.12 Trojan
[NOTE] The file was moved to '4acd2961.qua'!
C:\Qoobox\Quarantine\C\userinit.exe.vir
[DETECTION] Is the TR/Agent.odmn.6 Trojan
[NOTE] The file was moved to '4abf2969.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\Administrateur.exe.vir
[DETECTION] Is the TR/Spy.21672 Trojan
[NOTE] The file was moved to '4ac7295a.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\svchost.exe.vir
[DETECTION] Is the TR/Agent.odmn.6 Trojan
[NOTE] The file was moved to '4abd296c.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\ipdll.dll.vir
[DETECTION] Is the TR/Agent.budc Trojan
[NOTE] The file was moved to '4abe2966.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService.AUTORITE NT\svchost.exe.vir
[DETECTION] Is the TR/Agent.odmn.6 Trojan
[NOTE] The file was moved to '4b39a9fd.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir
[DETECTION] Is the TR/Renos.OKZ Trojan
[NOTE] The file was moved to '4abb2969.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.ifo.vir
[DETECTION] Is the TR/Dldr.Small.jud.5 Trojan
[NOTE] The file was moved to '4ac62957.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\msdvdr.pif.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4abe2969.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4acc295a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\uninstall.exe.vir
[DETECTION] Is the TR/Dldr.VB.lxj Trojan
[NOTE] The file was moved to '4ac32964.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\_msdvdr_.pif.zip
[NOTE] The file was moved to '4acd2963.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\i386si.sys.vir
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a922929.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ksi32sk.sys.vir
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4ac3296a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\securentm.sys.vir
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4abd295c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\services.exe.vir
[DETECTION] Is the TR/Agent.odmn.6 Trojan
[NOTE] The file was moved to '4acc295c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\systemntmi.sys.vir
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4acd2970.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ws2_32sik.sys.vir
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a8c296a.qua'!
C:\WINDOWS\i386\EGA60666.FO_
[NOTE] The file was moved to '4a9b293e.qua'!
C:\WINDOWS\system32\actxprxyd.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ace295b.qua'!
C:\WINDOWS\system32\drivers\services.exe
[DETECTION] Is the TR/Agent.odmn.6 Trojan
[NOTE] The file was moved to '4acc295d.qua'!
D:\Wolfenstein\etpro\screenshots\shot0127.tga
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4ac92960.qua'!
I:\lovexp.rar
[NOTE] The file was moved to '4ad02967.qua'!
I:\Bureau\lovexp.rar
[NOTE] The file was moved to '4ad02968.qua'!
I:\lovexp\lovexp\4 Easy steps for activate your Windows XP\01_Generate_Genuine_Serial_For_WinXP\Generate Genuine Serial For WinXP.exe
[DETECTION] Is the TR/Agent.72607.A Trojan
[NOTE] The file was moved to '4983700f.qua'!

End of the scan: dimanche 12 juillet 2009 20:18
Used time: 1:04:27 Hour(s)

The scan has been done completely.

26526 Scanned directories
465465 Files were scanned
27 Viruses and/or unwanted programs were found
8 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
35 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
465428 Files not concerned
7798 Archives were scanned
2 Warnings
36 Notes
48318 Objects were scanned with rootkit scan
0 Hidden objects were found

Répondre à endi_93

Refais un scan RSIT et poste le rapport log.

Répondre à Destrio5

Log RSIT

Spoiler :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-07-12 21:22:17
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (8%) free of 20 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:25, on 12/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\EXPERTool ATI\TBPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ad-Aware\Ad-Watch.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\combo\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\svcnost.exe
O4 - HKLM\..\Run: [Bfovusukas] rundll32.exe "C:\WINDOWS\Ugeta.dll",e
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Steam] "j:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Administrateur] C:\Documents and Settings\Administrateur\Administrateur.exe /i
O4 - HKCU\..\Run: [A00F25B86EE.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Service Google Update (gupdate1c9940a6d0c47f8) (gupdate1c9940a6d0c47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)

--
End of file - 8481 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SaveLinksOrder
Locked
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\styler\TB\StylerTB.dll [2006-05-02 102400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2005-08-12 180224]
"VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe [2004-08-28 36864]
"TransBar"=C:\Windows\System32\TransBar.exe [2004-08-28 65536]
"Styler"=C:\Program Files\styler\Styler.exe [2006-05-03 307200]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-01-10 1235456]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2008-03-28 413696]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-10-05 868352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"Vistadrv"=C:\WINDOWS\system32\Vistadrive\vsdrv.exe []
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"Adobe Photo Downloader"=L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe []
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui []
"svchost.exe"=C:\WINDOWS\system32\svcnost.exe []
"Bfovusukas"=C:\WINDOWS\Ugeta.dll,e []
"SVCHOST"=C:\WINDOWS\MDM.EXE []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-28 25088]
"IE Privacy Keeper"=C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe [2005-12-03 1015808]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\daemon.exe [2008-04-01 486856]
"Gainward"=C:\Program Files\EXPERTool ATI\TBPanel.exe [2008-07-31 2296360]
"AWMON"=C:\Program Files\Ad-Aware\Ad-Watch.exe [2005-05-25 517632]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Steam"=j:\steam\steam.exe -silent []
"RGSC"=J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"Administrateur"=C:\Documents and Settings\Administrateur\Administrateur.exe /i []
"A00F25B86EE.exe"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-04-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe"="C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Emote\Launcher\launcher.exe"="C:\Program Files\Emote\Launcher\launcher.exe:*:Enabled:launcher"
"C:\Program Files\XBMC\XBMC.exe"="C:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC Media Center"
"C:\windows\system32\Ati2evxx.exe"="C:\windows\system32\Ati2evxx.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:ENABLE"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
"C:\Program Files\CDBurnerXP\NMSAccessU.exe"="C:\Program Files\CDBurnerXP\NMSAccessU.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\alg.exe"="C:\WINDOWS\system32\alg.exe:*:Enabled:ENABLE"
"C:\windows\system32\wbem\wmiprvse.exe"="C:\windows\system32\wbem\wmiprvse.exe:*:Enabled:ENABLE"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:ENABLE"
"C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe:*:Enabled:ENABLE"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ENABLE"
"D:\Wolfenstein\et.exe"="D:\Wolfenstein\et.exe:*:Enabled:ENABLE"
"D:\ArmA 2\arma2.exe"="D:\ArmA 2\arma2.exe:*:Enabled:ENABLE"
"C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:ENABLE"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:ENABLE"
"C:\windows\system32\SNDVOL32.EXE"="C:\windows\system32\SNDVOL32.EXE:*:Enabled:ENABLE"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:ENABLE"
"C:\Program Files\Ad-Aware\Ad-Watch.exe"="C:\Program Files\Ad-Aware\Ad-Watch.exe:*:Enabled:ENABLE"
"C:\Program Files\Windows Sidebar\sidebar.exe"="C:\Program Files\Windows Sidebar\sidebar.exe:*:Enabled:ENABLE"
"C:\Program Files\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Ad-Aware\Ad-Aware.exe:*:Enabled:ENABLE"
"C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\ssmypics.scr"="C:\WINDOWS\system32\ssmypics.scr:*:Enabled:ENABLE"
"C:\Program Files\UberIcon\UberIcon Manager.exe"="C:\Program Files\UberIcon\UberIcon Manager.exe:*:Enabled:ENABLE"
"C:\Windows\System32\VisualTaskTips.exe"="C:\Windows\System32\VisualTaskTips.exe:*:Enabled:ENABLE"
"C:\Program Files\Windows Defender\MSASCui.exe"="C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:ENABLE"
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ENABLE"
"C:\Program Files\Analog Devices\Core\smax4pnp.exe"="C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:ENABLE"
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe:*:Enabled:ENABLE"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:*:Enabled:ENABLE"
"C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe"="C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe:*:Enabled:ENABLE"
"C:\Program Files\DAEMON Tools\daemon.exe"="C:\Program Files\DAEMON Tools\daemon.exe:*:Enabled:ENABLE"
"C:\Program Files\EXPERTool ATI\TBPanel.exe"="C:\Program Files\EXPERTool ATI\TBPanel.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe"="C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe:*:Enabled:ENABLE"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe"="C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe:*:Enabled:ENABLE"
"C:\windows\system32\taskmgr.exe"="C:\windows\system32\taskmgr.exe:*:Enabled:ENABLE"
"C:\ComboFix\NirCmdC.cfexe"="C:\ComboFix\NirCmdC.cfexe:*:Enabled:ENABLE"
"C:\windows\system32\wuauclt.exe"="C:\windows\system32\wuauclt.exe:*:Enabled:ENABLE"
"C:\ComboFix\Nircmd.com"="C:\ComboFix\Nircmd.com:*:Enabled:ENABLE"
"C:\ComboFix\Catchme.tmp"="C:\ComboFix\Catchme.tmp:*:Enabled:ENABLE"
"C:\WINDOWS\PEV.exe"="C:\WINDOWS\PEV.exe:*:Enabled:ENABLE"
"C:\ComboFix\pev.cfexe"="C:\ComboFix\pev.cfexe:*:Enabled:ENABLE"
"C:\ComboFix\PV.cfexe"="C:\ComboFix\PV.cfexe:*:Enabled:ENABLE"
"C:\ComboFix\FINDSTR.cfexe"="C:\ComboFix\FINDSTR.cfexe:*:Enabled:ENABLE"
"C:\windows\system32\netsh.exe"="C:\windows\system32\netsh.exe:*:Enabled:ENABLE"
"C:\windows\system32\CF2982.exe"="C:\windows\system32\CF2982.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-07-12 18:55:10 ----D---- C:\WINDOWS\LastGood
2009-07-12 18:55:03 ----D---- C:\Program Files\Avira
2009-07-12 18:55:03 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2009-07-12 18:32:14 ----D---- C:\Program Files\trend micro
2009-07-12 18:32:13 ----D---- C:\rsit
2009-07-12 16:42:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2009-07-12 16:42:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-12 16:42:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-12 15:24:24 ----RASHD---- C:\autorun.inf
2009-07-12 15:24:24 ----A---- C:\FindyKill.txt
2009-07-12 14:36:55 ----SHD---- C:\RECYCLER
2009-07-12 08:32:13 ----D---- C:\FindyKill
2009-07-12 01:00:08 ----D---- C:\WINDOWS\temp
2009-07-12 01:00:07 ----A---- C:\ComboFix.txt
2009-07-12 00:51:08 ----A---- C:\Boot.bak
2009-07-12 00:51:05 ----RASHD---- C:\cmdcons
2009-07-12 00:48:42 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\zip.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWSC.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWREG.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\sed.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\PEV.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\grep.exe
2009-07-12 00:48:36 ----D---- C:\WINDOWS\ERDNT
2009-07-12 00:43:39 ----D---- C:\Qoobox
2009-06-16 07:30:30 ----A---- C:\WINDOWS\system32\SET161.tmp

======List of files/folders modified in the last 1 months======

2009-07-12 21:21:37 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 4
2009-07-12 20:18:32 ----D---- C:\WINDOWS\system32\drivers
2009-07-12 20:18:32 ----D---- C:\WINDOWS\system32
2009-07-12 20:18:29 ----RD---- C:\Program Files\Windows Sidebar
2009-07-12 18:55:11 ----HD---- C:\WINDOWS\inf
2009-07-12 18:55:10 ----D---- C:\WINDOWS
2009-07-12 18:55:03 ----RD---- C:\Program Files
2009-07-12 18:54:17 ----SHD---- C:\WINDOWS\Installer
2009-07-12 18:54:17 ----SHD---- C:\Config.Msi
2009-07-12 18:54:17 ----D---- C:\WINDOWS\WinSxS
2009-07-12 17:03:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-12 17:02:17 ----SD---- C:\WINDOWS\Tasks
2009-07-12 15:25:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-12 15:24:24 ----D---- C:\WINDOWS\Prefetch
2009-07-12 14:34:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Azureus
2009-07-12 13:30:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-12 00:59:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-12 00:57:50 ----A---- C:\WINDOWS\system.ini
2009-07-12 00:55:25 ----D---- C:\WINDOWS\system32\config
2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-07-12 00:53:40 ----D---- C:\WINDOWS\AppPatch
2009-07-12 00:53:40 ----D---- C:\Program Files\Fichiers communs
2009-07-12 00:51:08 ----RASH---- C:\boot.ini
2009-07-11 12:43:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2009-07-10 23:15:36 ----D---- C:\Program Files\Ad-Aware
2009-07-10 21:11:51 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-08 22:09:33 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-06 08:12:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-28 21:39:11 ----AD---- C:\WINDOWS\i386
2009-06-28 21:36:48 ----D---- C:\WINDOWS\system32\Vistadrive
2009-06-28 21:36:48 ----D---- C:\Program Files\Ripp-it_AM
2009-06-28 11:37:47 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-28 11:33:32 ----D---- C:\WINDOWS\Debug
2009-06-26 23:26:32 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-06-26 07:09:36 ----D---- C:\Program Files\Google
2009-06-24 22:47:19 ----D---- C:\WINDOWS\system32\DirectX
2009-06-24 22:34:45 ----RSD---- C:\WINDOWS\assembly
2009-06-24 21:23:24 ----D---- C:\Program Files\HomePlayer1.5.1.1
2009-06-16 07:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-13 278984]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-07-13 25416]
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-29 3643904]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-08-06 93696]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-28 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-28 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-12-08 61824]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2004-08-28 83968]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-28 248832]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S3 ac1kyhdw;ac1kyhdw; C:\WINDOWS\system32\drivers\ac1kyhdw.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cpuz132;cpuz132; \??\C:\windows\system32\drivers\cpuz132_x32.sys []
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys []
S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 st3wolf;st3wolf; C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 SMNT40;SMNT40; C:\WINDOWS\System32\drivers\SMNT40.SYS [2003-03-31 161576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-29 602112]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-31 66872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
S2 gupdate1c9940a6d0c47f8;Service Google Update (gupdate1c9940a6d0c47f8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-28 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-28 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Message édité par endi_93 le 12-07-2009 à 21:26:45

Répondre à endi_93

Lance ce fichier : C:\Program Files\trend micro\Administrateur.exe
Choisis Do a system scan only.
Coche les cases qui sont devant les lignes suivantes :

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe

O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\svcnost.exe

O4 - HKLM\..\Run: [Bfovusukas] rundll32.exe "C:\WINDOWS\Ugeta.dll",e

O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE

O4 - HKCU\..\Run: [Administrateur] C:\Documents and Settings\Administrateur\Administrateur.exe /i

O4 - HKCU\..\Run: [A00F25B86EE.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe

O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)

Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
Ferme HijackThis.

Télécharge OTM (OldTimer) sur ton Bureau.
Double-clique sur OTM.exe afin de le lancer.
Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:services
Schedule

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt! puis ferme OTM.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\

---> Le nom du rapport correspond au moment de sa création : date_heure.log

Répondre à Destrio5

Le voici

Spoiler :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========

Service\Driver Schedule deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 750372 bytes
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 57799 bytes
->Java cache emptied: 29629835 bytes
->FireFox cache emptied: 67775115 bytes

User: All Users

User: All Users.WINDOWS

User: brizio
File delete failed. C:\Documents and Settings\brizio\Local Settings\Temp\hsperfdata_brizio\588 scheduled to be deleted on reboot.
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27366877 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 195684 bytes

User: LocalService.AUTORITE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 96395464 bytes

User: NetworkService.AUTORITE NT
->Temp folder emptied: 6326 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 401408 bytes
Windows Temp folder emptied: 2107 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 212,41 mb

OTM by OldTimer - Version 3.0.0.4 log created on 07122009_215550

Files moved on Reboot...
File move failed. C:\Documents and Settings\brizio\Local Settings\Temp\hsperfdata_brizio\588 scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Message édité par endi_93 le 12-07-2009 à 22:03:52

Répondre à endi_93

Désinstalle Java 6 Update 6.

Mets à jour Java.

Mets à jour Adobe Reader.

Refais un scan RSIT et poste le rapport log.

Répondre à Destrio5

Done

Spoiler :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-07-12 23:33:07
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (8%) free of 20 GB
Total RAM: 2047 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:22, on 12/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\EXPERTool ATI\TBPanel.exe
C:\Program Files\Ad-Aware\Ad-Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\combo\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\svcnost.exe
O4 - HKLM\..\Run: [Bfovusukas] rundll32.exe "C:\WINDOWS\Ugeta.dll",e
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Steam] "j:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Administrateur] C:\Documents and Settings\Administrateur\Administrateur.exe /i
O4 - HKCU\..\Run: [A00F25B86EE.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Service Google Update (gupdate1c9940a6d0c47f8) (gupdate1c9940a6d0c47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8225 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-12 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SaveLinksOrder
Locked
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\styler\TB\StylerTB.dll [2006-05-02 102400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2005-08-12 180224]
"VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe [2004-08-28 36864]
"TransBar"=C:\Windows\System32\TransBar.exe [2004-08-28 65536]
"Styler"=C:\Program Files\styler\Styler.exe [2006-05-03 307200]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-01-10 1235456]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2008-03-28 413696]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-10-05 868352]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"Vistadrv"=C:\WINDOWS\system32\Vistadrive\vsdrv.exe []
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"Adobe Photo Downloader"=L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe []
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui []
"svchost.exe"=C:\WINDOWS\system32\svcnost.exe []
"Bfovusukas"=C:\WINDOWS\Ugeta.dll,e []
"SVCHOST"=C:\WINDOWS\MDM.EXE []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-28 25088]
"IE Privacy Keeper"=C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe [2005-12-03 1015808]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\daemon.exe [2008-04-01 486856]
"Gainward"=C:\Program Files\EXPERTool ATI\TBPanel.exe [2008-07-31 2296360]
"AWMON"=C:\Program Files\Ad-Aware\Ad-Watch.exe [2005-05-25 517632]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Steam"=j:\steam\steam.exe -silent []
"RGSC"=J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"Administrateur"=C:\Documents and Settings\Administrateur\Administrateur.exe /i []
"A00F25B86EE.exe"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-04-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB"
"D:\QuakeWars\etqwded.exe"="D:\QuakeWars\etqwded.exe:*:Enabled:etqwded.exe"
"D:\QuakeWars\etqw.exe"="D:\QuakeWars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
"E:\MircAndy\mirc.exe"="E:\MircAndy\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe"="C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Emote\Launcher\launcher.exe"="C:\Program Files\Emote\Launcher\launcher.exe:*:Enabled:launcher"
"C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe"="C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe:*isabled:Application MeuhMeuhTV"
"C:\Program Files\XBMC\XBMC.exe"="C:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC Media Center"
"C:\windows\system32\Ati2evxx.exe"="C:\windows\system32\Ati2evxx.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:ENABLE"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
"C:\Program Files\CDBurnerXP\NMSAccessU.exe"="C:\Program Files\CDBurnerXP\NMSAccessU.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\alg.exe"="C:\WINDOWS\system32\alg.exe:*:Enabled:ENABLE"
"C:\windows\system32\wbem\wmiprvse.exe"="C:\windows\system32\wbem\wmiprvse.exe:*:Enabled:ENABLE"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:ENABLE"
"C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe:*:Enabled:ENABLE"
"C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe"="C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:ENABLE"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ENABLE"
"D:\Wolfenstein\et.exe"="D:\Wolfenstein\et.exe:*:Enabled:ENABLE"
"D:\ArmA 2\arma2.exe"="D:\ArmA 2\arma2.exe:*:Enabled:ENABLE"
"C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:ENABLE"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:ENABLE"
"C:\windows\system32\SNDVOL32.EXE"="C:\windows\system32\SNDVOL32.EXE:*:Enabled:ENABLE"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:ENABLE"
"C:\Program Files\Ad-Aware\Ad-Watch.exe"="C:\Program Files\Ad-Aware\Ad-Watch.exe:*:Enabled:ENABLE"
"C:\Program Files\Windows Sidebar\sidebar.exe"="C:\Program Files\Windows Sidebar\sidebar.exe:*:Enabled:ENABLE"
"C:\Program Files\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Ad-Aware\Ad-Aware.exe:*:Enabled:ENABLE"
"C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\ssmypics.scr"="C:\WINDOWS\system32\ssmypics.scr:*:Enabled:ENABLE"
"C:\Program Files\UberIcon\UberIcon Manager.exe"="C:\Program Files\UberIcon\UberIcon Manager.exe:*:Enabled:ENABLE"
"C:\Windows\System32\VisualTaskTips.exe"="C:\Windows\System32\VisualTaskTips.exe:*:Enabled:ENABLE"
"C:\Program Files\Windows Defender\MSASCui.exe"="C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:ENABLE"
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ENABLE"
"C:\Program Files\Analog Devices\Core\smax4pnp.exe"="C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:ENABLE"
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe:*:Enabled:ENABLE"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:*:Enabled:ENABLE"
"C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe"="C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe:*:Enabled:ENABLE"
"C:\Program Files\DAEMON Tools\daemon.exe"="C:\Program Files\DAEMON Tools\daemon.exe:*:Enabled:ENABLE"
"C:\Program Files\EXPERTool ATI\TBPanel.exe"="C:\Program Files\EXPERTool ATI\TBPanel.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe"="C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe:*:Enabled:ENABLE"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe"="C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe:*:Enabled:ENABLE"
"C:\windows\system32\taskmgr.exe"="C:\windows\system32\taskmgr.exe:*:Enabled:ENABLE"
"C:\ComboFix\NirCmdC.cfexe"="C:\ComboFix\NirCmdC.cfexe:*:Enabled:ENABLE"
"C:\windows\system32\wuauclt.exe"="C:\windows\system32\wuauclt.exe:*:Enabled:ENABLE"
"C:\ComboFix\Nircmd.com"="C:\ComboFix\Nircmd.com:*:Enabled:ENABLE"
"C:\ComboFix\Catchme.tmp"="C:\ComboFix\Catchme.tmp:*:Enabled:ENABLE"
"C:\WINDOWS\PEV.exe"="C:\WINDOWS\PEV.exe:*:Enabled:ENABLE"
"C:\ComboFix\pev.cfexe"="C:\ComboFix\pev.cfexe:*:Enabled:ENABLE"
"C:\ComboFix\PV.cfexe"="C:\ComboFix\PV.cfexe:*:Enabled:ENABLE"
"C:\ComboFix\FINDSTR.cfexe"="C:\ComboFix\FINDSTR.cfexe:*:Enabled:ENABLE"
"C:\windows\system32\netsh.exe"="C:\windows\system32\netsh.exe:*:Enabled:ENABLE"
"C:\windows\system32\CF2982.exe"="C:\windows\system32\CF2982.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\java.exe
2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-12 21:55:50 ----D---- C:\_OTM
2009-07-12 18:55:03 ----D---- C:\Program Files\Avira
2009-07-12 18:55:03 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2009-07-12 18:32:14 ----D---- C:\Program Files\trend micro
2009-07-12 18:32:13 ----D---- C:\rsit
2009-07-12 16:42:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2009-07-12 16:42:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-12 16:42:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-12 15:24:24 ----RASHD---- C:\autorun.inf
2009-07-12 15:24:24 ----A---- C:\FindyKill.txt
2009-07-12 14:36:55 ----SHD---- C:\RECYCLER
2009-07-12 08:32:13 ----D---- C:\FindyKill
2009-07-12 01:00:08 ----D---- C:\WINDOWS\temp
2009-07-12 01:00:07 ----A---- C:\ComboFix.txt
2009-07-12 00:51:08 ----A---- C:\Boot.bak
2009-07-12 00:51:05 ----RASHD---- C:\cmdcons
2009-07-12 00:48:42 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\zip.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWSC.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWREG.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\sed.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\PEV.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\grep.exe
2009-07-12 00:48:36 ----D---- C:\WINDOWS\ERDNT
2009-07-12 00:43:39 ----D---- C:\Qoobox

======List of files/folders modified in the last 1 months======

2009-07-12 23:32:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-12 23:31:35 ----SD---- C:\WINDOWS\Tasks
2009-07-12 23:22:07 ----SHD---- C:\WINDOWS\Installer
2009-07-12 23:22:06 ----SHD---- C:\Config.Msi
2009-07-12 23:21:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-07-12 23:21:06 ----D---- C:\WINDOWS\system32
2009-07-12 23:12:55 ----D---- C:\Program Files\Java
2009-07-12 23:10:11 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 4
2009-07-12 21:58:19 ----D---- C:\WINDOWS
2009-07-12 20:18:32 ----D---- C:\WINDOWS\system32\drivers
2009-07-12 20:18:29 ----RD---- C:\Program Files\Windows Sidebar
2009-07-12 18:55:11 ----HD---- C:\WINDOWS\inf
2009-07-12 18:55:03 ----RD---- C:\Program Files
2009-07-12 18:54:17 ----D---- C:\WINDOWS\WinSxS
2009-07-12 15:25:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-12 15:24:24 ----D---- C:\WINDOWS\Prefetch
2009-07-12 14:34:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Azureus
2009-07-12 13:30:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-12 00:59:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-12 00:57:50 ----A---- C:\WINDOWS\system.ini
2009-07-12 00:55:25 ----D---- C:\WINDOWS\system32\config
2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-07-12 00:53:40 ----D---- C:\WINDOWS\AppPatch
2009-07-12 00:53:40 ----D---- C:\Program Files\Fichiers communs
2009-07-12 00:51:08 ----RASH---- C:\boot.ini
2009-07-11 12:43:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2009-07-10 23:15:36 ----D---- C:\Program Files\Ad-Aware
2009-07-10 21:11:51 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-08 22:09:33 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-06 08:12:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-28 21:39:11 ----AD---- C:\WINDOWS\i386
2009-06-28 21:36:48 ----D---- C:\WINDOWS\system32\Vistadrive
2009-06-28 21:36:48 ----D---- C:\Program Files\Ripp-it_AM
2009-06-28 11:37:47 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-28 11:33:32 ----D---- C:\WINDOWS\Debug
2009-06-26 23:26:32 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-06-26 07:09:36 ----D---- C:\Program Files\Google
2009-06-24 22:47:19 ----D---- C:\WINDOWS\system32\DirectX
2009-06-24 22:34:45 ----RSD---- C:\WINDOWS\assembly
2009-06-24 21:23:24 ----D---- C:\Program Files\HomePlayer1.5.1.1
2009-06-16 07:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-13 278984]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-07-13 25416]
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-29 3643904]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-08-06 93696]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-28 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-28 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-12-08 61824]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2004-08-28 83968]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-28 248832]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S3 amm6dm0c;amm6dm0c; C:\WINDOWS\system32\drivers\amm6dm0c.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cpuz132;cpuz132; \??\C:\windows\system32\drivers\cpuz132_x32.sys []
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys []
S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 st3wolf;st3wolf; C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 SMNT40;SMNT40; C:\WINDOWS\System32\drivers\SMNT40.SYS [2003-03-31 161576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-29 602112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-12 152984]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-31 66872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
S2 gupdate1c9940a6d0c47f8;Service Google Update (gupdate1c9940a6d0c47f8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-28 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-28 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Répondre à endi_93

Tu as un logiciel qui empêche de modifier le registre ?

Je te demande ça car il y a des lignes que je t'ai demandé de fixer avec HijackThis qui sont encore là.

Répondre à Destrio5

surement ad-watch

Répondre à endi_93

Réessaie la procédure (sauf OTM).

Répondre à Destrio5

Celui ci doit être bon

Spoiler :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-07-13 00:02:43
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (8%) free of 20 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:03:00, on 13/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\EXPERTool ATI\TBPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Ad-Aware\Ad-Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\combo\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Steam] "j:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Service Google Update (gupdate1c9940a6d0c47f8) (gupdate1c9940a6d0c47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7762 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-12 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SaveLinksOrder
Locked
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\styler\TB\StylerTB.dll [2006-05-02 102400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2005-08-12 180224]
"VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe [2004-08-28 36864]
"TransBar"=C:\Windows\System32\TransBar.exe [2004-08-28 65536]
"Styler"=C:\Program Files\styler\Styler.exe [2006-05-03 307200]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-01-10 1235456]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2008-03-28 413696]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-10-05 868352]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"Vistadrv"=C:\WINDOWS\system32\Vistadrive\vsdrv.exe []
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"Adobe Photo Downloader"=L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe []
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-28 25088]
"IE Privacy Keeper"=C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe [2005-12-03 1015808]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\daemon.exe [2008-04-01 486856]
"Gainward"=C:\Program Files\EXPERTool ATI\TBPanel.exe [2008-07-31 2296360]
"AWMON"=C:\Program Files\Ad-Aware\Ad-Watch.exe [2005-05-25 517632]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Steam"=j:\steam\steam.exe -silent []
"RGSC"=J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-04-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB"
"D:\QuakeWars\etqwded.exe"="D:\QuakeWars\etqwded.exe:*:Enabled:etqwded.exe"
"D:\QuakeWars\etqw.exe"="D:\QuakeWars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
"E:\MircAndy\mirc.exe"="E:\MircAndy\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe"="C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Emote\Launcher\launcher.exe"="C:\Program Files\Emote\Launcher\launcher.exe:*:Enabled:launcher"
"C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe"="C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe:*isabled:Application MeuhMeuhTV"
"C:\Program Files\XBMC\XBMC.exe"="C:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC Media Center"
"C:\windows\system32\Ati2evxx.exe"="C:\windows\system32\Ati2evxx.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:ENABLE"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
"C:\Program Files\CDBurnerXP\NMSAccessU.exe"="C:\Program Files\CDBurnerXP\NMSAccessU.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\alg.exe"="C:\WINDOWS\system32\alg.exe:*:Enabled:ENABLE"
"C:\windows\system32\wbem\wmiprvse.exe"="C:\windows\system32\wbem\wmiprvse.exe:*:Enabled:ENABLE"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:ENABLE"
"C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe:*:Enabled:ENABLE"
"C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe"="C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:ENABLE"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ENABLE"
"D:\Wolfenstein\et.exe"="D:\Wolfenstein\et.exe:*:Enabled:ENABLE"
"D:\ArmA 2\arma2.exe"="D:\ArmA 2\arma2.exe:*:Enabled:ENABLE"
"C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:ENABLE"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:ENABLE"
"C:\windows\system32\SNDVOL32.EXE"="C:\windows\system32\SNDVOL32.EXE:*:Enabled:ENABLE"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:ENABLE"
"C:\Program Files\Ad-Aware\Ad-Watch.exe"="C:\Program Files\Ad-Aware\Ad-Watch.exe:*:Enabled:ENABLE"
"C:\Program Files\Windows Sidebar\sidebar.exe"="C:\Program Files\Windows Sidebar\sidebar.exe:*:Enabled:ENABLE"
"C:\Program Files\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Ad-Aware\Ad-Aware.exe:*:Enabled:ENABLE"
"C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\ssmypics.scr"="C:\WINDOWS\system32\ssmypics.scr:*:Enabled:ENABLE"
"C:\Program Files\UberIcon\UberIcon Manager.exe"="C:\Program Files\UberIcon\UberIcon Manager.exe:*:Enabled:ENABLE"
"C:\Windows\System32\VisualTaskTips.exe"="C:\Windows\System32\VisualTaskTips.exe:*:Enabled:ENABLE"
"C:\Program Files\Windows Defender\MSASCui.exe"="C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:ENABLE"
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ENABLE"
"C:\Program Files\Analog Devices\Core\smax4pnp.exe"="C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:ENABLE"
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe:*:Enabled:ENABLE"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:*:Enabled:ENABLE"
"C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe"="C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe:*:Enabled:ENABLE"
"C:\Program Files\DAEMON Tools\daemon.exe"="C:\Program Files\DAEMON Tools\daemon.exe:*:Enabled:ENABLE"
"C:\Program Files\EXPERTool ATI\TBPanel.exe"="C:\Program Files\EXPERTool ATI\TBPanel.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe"="C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe:*:Enabled:ENABLE"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe"="C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe:*:Enabled:ENABLE"
"C:\windows\system32\taskmgr.exe"="C:\windows\system32\taskmgr.exe:*:Enabled:ENABLE"
"C:\ComboFix\NirCmdC.cfexe"="C:\ComboFix\NirCmdC.cfexe:*:Enabled:ENABLE"
"C:\windows\system32\wuauclt.exe"="C:\windows\system32\wuauclt.exe:*:Enabled:ENABLE"
"C:\ComboFix\Nircmd.com"="C:\ComboFix\Nircmd.com:*:Enabled:ENABLE"
"C:\ComboFix\Catchme.tmp"="C:\ComboFix\Catchme.tmp:*:Enabled:ENABLE"
"C:\WINDOWS\PEV.exe"="C:\WINDOWS\PEV.exe:*:Enabled:ENABLE"
"C:\ComboFix\pev.cfexe"="C:\ComboFix\pev.cfexe:*:Enabled:ENABLE"
"C:\ComboFix\PV.cfexe"="C:\ComboFix\PV.cfexe:*:Enabled:ENABLE"
"C:\ComboFix\FINDSTR.cfexe"="C:\ComboFix\FINDSTR.cfexe:*:Enabled:ENABLE"
"C:\windows\system32\netsh.exe"="C:\windows\system32\netsh.exe:*:Enabled:ENABLE"
"C:\windows\system32\CF2982.exe"="C:\windows\system32\CF2982.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\java.exe
2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-12 21:55:50 ----D---- C:\_OTM
2009-07-12 18:55:03 ----D---- C:\Program Files\Avira
2009-07-12 18:55:03 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2009-07-12 18:32:14 ----D---- C:\Program Files\trend micro
2009-07-12 18:32:13 ----D---- C:\rsit
2009-07-12 16:42:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2009-07-12 16:42:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-12 16:42:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-12 15:24:24 ----RASHD---- C:\autorun.inf
2009-07-12 15:24:24 ----A---- C:\FindyKill.txt
2009-07-12 14:36:55 ----SHD---- C:\RECYCLER
2009-07-12 08:32:13 ----D---- C:\FindyKill
2009-07-12 01:00:08 ----D---- C:\WINDOWS\temp
2009-07-12 01:00:07 ----A---- C:\ComboFix.txt
2009-07-12 00:51:08 ----A---- C:\Boot.bak
2009-07-12 00:51:05 ----RASHD---- C:\cmdcons
2009-07-12 00:48:42 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\zip.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWSC.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWREG.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\sed.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\PEV.exe
2009-07-12 00:48:41 ----A---- C:\WINDOWS\grep.exe
2009-07-12 00:48:36 ----D---- C:\WINDOWS\ERDNT
2009-07-12 00:43:39 ----D---- C:\Qoobox

======List of files/folders modified in the last 1 months======

2009-07-13 00:01:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-13 00:01:36 ----SD---- C:\WINDOWS\Tasks
2009-07-12 23:52:32 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 4
2009-07-12 23:30:49 ----SHD---- C:\Config.Msi
2009-07-12 23:22:07 ----SHD---- C:\WINDOWS\Installer
2009-07-12 23:21:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-07-12 23:21:06 ----D---- C:\WINDOWS\system32
2009-07-12 23:12:55 ----D---- C:\Program Files\Java
2009-07-12 21:58:19 ----D---- C:\WINDOWS
2009-07-12 20:18:32 ----D---- C:\WINDOWS\system32\drivers
2009-07-12 20:18:29 ----RD---- C:\Program Files\Windows Sidebar
2009-07-12 18:55:11 ----HD---- C:\WINDOWS\inf
2009-07-12 18:55:03 ----RD---- C:\Program Files
2009-07-12 18:54:17 ----D---- C:\WINDOWS\WinSxS
2009-07-12 15:25:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-12 15:24:24 ----D---- C:\WINDOWS\Prefetch
2009-07-12 14:34:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Azureus
2009-07-12 13:30:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-12 00:59:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-12 00:57:50 ----A---- C:\WINDOWS\system.ini
2009-07-12 00:55:25 ----D---- C:\WINDOWS\system32\config
2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-07-12 00:53:40 ----D---- C:\WINDOWS\AppPatch
2009-07-12 00:53:40 ----D---- C:\Program Files\Fichiers communs
2009-07-12 00:51:08 ----RASH---- C:\boot.ini
2009-07-11 12:43:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2009-07-10 23:15:36 ----D---- C:\Program Files\Ad-Aware
2009-07-10 21:11:51 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-08 22:09:33 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-06 08:12:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-28 21:39:11 ----AD---- C:\WINDOWS\i386
2009-06-28 21:36:48 ----D---- C:\WINDOWS\system32\Vistadrive
2009-06-28 21:36:48 ----D---- C:\Program Files\Ripp-it_AM
2009-06-28 11:37:47 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-28 11:33:32 ----D---- C:\WINDOWS\Debug
2009-06-26 23:26:32 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-06-26 07:09:36 ----D---- C:\Program Files\Google
2009-06-24 22:47:19 ----D---- C:\WINDOWS\system32\DirectX
2009-06-24 22:34:45 ----RSD---- C:\WINDOWS\assembly
2009-06-24 21:23:24 ----D---- C:\Program Files\HomePlayer1.5.1.1
2009-06-16 07:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-13 278984]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-07-13 25416]
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-29 3643904]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-08-06 93696]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-28 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-28 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-12-08 61824]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2004-08-28 83968]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-28 248832]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S3 axdtuzwk;axdtuzwk; C:\WINDOWS\system32\drivers\axdtuzwk.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cpuz132;cpuz132; \??\C:\windows\system32\drivers\cpuz132_x32.sys []
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys []
S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 st3wolf;st3wolf; C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 SMNT40;SMNT40; C:\WINDOWS\System32\drivers\SMNT40.SYS [2003-03-31 161576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-29 602112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-12 152984]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-31 66872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
S2 gupdate1c9940a6d0c47f8;Service Google Update (gupdate1c9940a6d0c47f8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-28 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-28 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Répondre à endi_93

Ton PC va bien ?

Répondre à Destrio5

Ben ça a l'air de rouler parfaitement oui il semble même n'avoir jamais aussi bien fonctionné !

Merci :bounce:

Répondre à endi_93

Désinstalle HijackThis.

Télécharge ToolsCleaner2 sur ton Bureau.
Double-clique sur ToolsCleaner2.exe pour le lancer.
Clique sur Recherche et laisse le scan agir.
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options Facultatives.
Clique sur Quitter pour obtenir le rapport.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Télécharge et installe CCleaner Slim.
Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

==Prévention==

Supprimer les popups d'Antivir : Lien

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien

==Problème résolu ?==

Si tu estimes que ton problème est résolu :

---> Ajoute maintenant [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer .
Rajoute la mention [Résolu] devant le titre.
Clique ensuite sur Valider votre message.

Sois plus vigilant(e) sur Internet

Répondre à Destrio5

Merci de ta compétence ! Je serais clairement moins naïf à présent :hello:

+

Répondre à endi_93

Créer un nouveau sujet Répondre

Tom's Guide > Forum > Sécurité - Virus > [Résolu] Modification du registre detectée

Aller à :

Aide |
Règles du forum

Il y a 426 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Page générée en 0,519 secondes

Liens