Infection par un cheval de troie: Trojan-Spy.Win32.Goldun.ayt

j'ai oublier de préciser le problème en entier:
Lors de chaque démarrage, un message d'erreur 'generic host process for win 32 services' apparaît, puis je clique de pas envoyer et après plus de son. Par contre, il y a toujours du son au démarrage, les bips, les erreurs et à l'arret de l'ordi. Puis, après un certain temps mon desktop se transforme magiquement en mode classic.. !

de plus, j'ai essayer de supprimer le cheval de troie mais sans succès pour l'instant.
avast et Malwarebytes ne le trouve pas

remerci d'avance pour votre aide.
david24

j'ai lancer RSIT et voici les 2 post:

1-log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sandra at 2009-07-30 17:43:59
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 55 GB (29%) free of 194 GB
Total RAM: 1023 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:18, on 30/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Fighters\configservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Fighters\ScannerService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\WINDOWS\System32\alg.exe
C:\Microsoft Office\Office10\OUTLOOK.EXE
C:\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sandra\Bureau\RSIT.exe
C:\Program Files\trend micro\Sandra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P41 "EPSON Stylus Photo RX620 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MediaLifeService] "C:\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Fg9BRvzRmB] C:\WINDOWS\system32\winver.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 10424 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-12-07 399424]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-14 77824]
"PRONoMgrWired"=C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [2004-11-18 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-08 7110656]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-07-08 86016]
"Logitech Hardware Abstraction Layer"=C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE [2006-07-19 94208]
"WinampAgent"=D:\Winamp\winampa.exe [2006-02-23 35328]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"EPSON Stylus Photo RX620 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE [2004-05-20 98304]
"EPSON Stylus Photo RX620 Series (Copie 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE [2004-05-20 98304]
""= []
"PhilipsDM"=C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe [2006-03-02 622592]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-07-19 94208]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe -scheduler []
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]
"MediaLifeService"=C:\Logitech\MediaLife\MediaLifeService.exe [2005-06-03 110739]
"LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe []
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-12-20 2656528]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"spywarefighterguard"=C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe [2008-11-18 180872]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Fg9BRvzRmB"=C:\WINDOWS\system32\winver.exe [2004-08-19 5632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"LDM"=C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-09 67128]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-09-13 22880040]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Logitech Desktop Messenger.lnk - C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\eMule\emule.exe"="D:\eMule\emule.exe:*:Enabled:eMule"
"D:\MotoGP URT 3\motogp.exe"="D:\MotoGP URT 3\motogp.exe:*:Enabled:motogp"
"D:\Program Files\GameSpy Arcade\Aphex.exe"="D:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:EnablednkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB"
"E:\Activision\Call oDuty 4 - Modern Warfare\iw3mp.exe"="E:\Activision\Call oDuty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\stalker\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="E:\stalker\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"E:\stalker\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="E:\stalker\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"E:\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat"="E:\EA GAMES\La Bataille pour la Terre du Milieu(tm)\patchget.dat:*isabledatchgrabber"
"E:\LSDA 6 LA BATAILLE POUR LA TERRE DU MILIEU\game.dat"="E:\LSDA 6 LA BATAILLE POUR LA TERRE DU MILIEU\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm)"
"E:\CRYSIS\Bin32\Crysis.exe"="E:\CRYSIS\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\CRYSIS\Bin32\CrysisDedicatedServer.exe"="E:\CRYSIS\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"E:\supreme commander\GPGNet\GPG.Multiplayer.Client.exe"="E:\supreme commander\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"E:\CoH\RelicCOH.exe"="E:\CoH\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\act of war high treason\ActOfWar_HighTreason.exe"="E:\act of war high treason\ActOfWar_HighTreason.exe:*:Enabled:ActOfWar_HighTreason"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{266a0289-a8ad-11dc-9ecf-0015f24633a8}]
shell\AutoRun\command - H:\setup\rsrc\Autorun.exe
shell\dinstall\command - H:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{266a028c-a8ad-11dc-9ecf-0015f24633a8}]
shell\AutoRun\command - H:\setup\rsrc\Autorun.exe
shell\dinstall\command - H:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fafa92e-35c2-11de-91f0-0015f24633a8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66a27f10-5d5d-11dd-90a4-0015f24633a8}]
shell\AutoRun\command - wscript.exe VirusRemoval.vbs
shell\open\command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bef81dec-cf8f-11dd-915a-0015f24633a8}]
shell\AutoRun\command - L:\TrueCrypt\TrueCrypt.exe /q background /e /m rm /v "Dossiers_cryptés"
shell\dismount\command - L:\TrueCrypt\TrueCrypt.exe /q /d
shell\start\command - L:\TrueCrypt\TrueCrypt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9fe601-a8b4-11dc-9ed1-0015f24633a8}]
shell\AutoRun\command - H:\setup\rsrc\Autorun.exe
shell\dinstall\command - H:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9fe609-a8b4-11dc-9ed1-0015f24633a8}]
shell\AutoRun\command - H:\Autorun.exe


======List of files/folders created in the last 1 months======

2009-07-29 10:08:42 ----D---- C:\Program Files\trend micro
2009-07-29 10:08:36 ----D---- C:\rsit
2009-07-24 15:02:42 ----D---- C:\Documents and Settings\Sandra\Application Data\Malwarebytes
2009-07-24 15:02:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-24 15:02:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-24 14:56:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-24 14:56:22 ----D---- C:\Program Files\Fichiers communs\PC Tools
2009-07-24 14:56:10 ----D---- C:\Program Files\Spyware Doctor
2009-07-24 14:56:10 ----D---- C:\Documents and Settings\Sandra\Application Data\PC Tools
2009-07-24 14:56:10 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-07-24 13:36:09 ----D---- C:\Program Files\Fighters
2009-07-24 13:36:09 ----D---- C:\Documents and Settings\All Users\Application Data\Fighters
2009-07-24 13:35:07 ----A---- C:\Documents and Settings\Sandra\Application Data\install.txt
2009-07-20 18:57:31 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-07-20 18:45:33 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-07-20 18:45:33 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-07-20 18:45:32 ----A---- C:\WINDOWS\system32\D3DX9_40.dll

======List of files/folders modified in the last 1 months======

2009-07-30 17:43:00 ----D---- C:\Program Files\Mozilla Firefox
2009-07-30 17:39:52 ----D---- C:\WINDOWS\Temp
2009-07-30 17:38:31 ----D---- C:\WINDOWS\system32\drivers
2009-07-30 15:39:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-30 14:53:37 ----D---- C:\WINDOWS\Prefetch
2009-07-30 12:31:28 ----D---- C:\WINDOWS\system32
2009-07-29 16:07:07 ----D---- C:\Documents and Settings\Sandra\Application Data\Skype
2009-07-29 10:26:20 ----D---- C:\WINDOWS
2009-07-29 10:08:42 ----RD---- C:\Program Files
2009-07-26 11:52:17 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-24 14:56:22 ----D---- C:\Program Files\Fichiers communs
2009-07-24 14:21:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-24 13:40:31 ----SHD---- C:\WINDOWS\Installer
2009-07-24 13:38:59 ----HD---- C:\WINDOWS\inf
2009-07-24 12:27:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-24 11:23:32 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-24 11:15:35 ----D---- C:\Program Files\a-squared Free
2009-07-23 14:49:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-22 16:02:36 ----D---- C:\Documents and Settings\Sandra\Application Data\Azureus
2009-07-20 18:45:35 ----D---- C:\WINDOWS\system32\DirectX
2009-07-20 18:45:35 ----D---- C:\Program Files\Electronic Arts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-06-09 23040]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-18 165376]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-09-01 3712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-18 18048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-16 2323072]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2007-12-12 223128]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-11-22 176128]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-07-19 27136]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-07-19 71936]
R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-12-16 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-12-17 768024]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-08 3198304]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-12-17 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-12-17 2686104]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 Vfscan;Vfscan; C:\WINDOWS\system32\DRIVERS\vffilter.sys [2008-11-18 15496]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D.sys [2004-07-06 44544]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2005-07-08 12416]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2006-07-19 13568]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2006-07-19 55936]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-08-05 47360]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 Geastar;Geastar; C:\WINDOWS\system32\drivers\fltMgr.sys [2004-08-03 124800]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-07-23 719392]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-08-07 253952]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 EFUploadSrv;ExtraFilm upload service; C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe [2008-11-27 1712128]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-08 127043]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-05-14 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-04-03 107832]
R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811; C:\Program Files\Fighters\licenseservice.exe [2008-11-18 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811; C:\Program Files\Fighters\updateservice.exe [2008-11-18 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811; C:\Program Files\Fighters\ScannerService.exe [2008-11-18 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811; C:\Program Files\Fighters\configservice.exe [2008-11-18 139912]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-04-12 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]

-----------------EOF-----------------

2-info.txt:

info.txt logfile of random's system information tool 1.06 2009-07-29 10:09:29

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBBB5EED-CC92-49F2-A276-D5433F39D1EB}\Setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02FB2C63-5763-4CDD-99E6-566C57189742}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x40c /cont -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3881DD58-780F-4FCF-8A16-6E6800C2FEE0}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x40c /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x40c -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Act of War - Direct Action-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9B915DF-B79C-4747-9BA3-9705A57DC717}\SETUP.EXE" -l0x40c
Act of War - High Treason-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C08EBBFD-C565-472F-9354-5593B9873705}\SETUP.EXE" -l0x40c
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c
ASUS GameFace Live-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D8533B-9EE7-46AB-B8B2-D643F888C5DF}
ASUS GameLiveShow-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{04726714-8286-43B8-AFD6-2DF92EC49995}
ASUS nVIDIA Driver-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1036
ASUS Utilities-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F370AD1F-9B68-4735-9ACD-501870D61F40} /l1036
ASUS VideoSecurity Online-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
ASUSDVD XP-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
AsusUpdate-->C:\WINDOWS\IsUninst.exe -fC:\ASUS\AsusUpdate\Uninst.isu
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
Ciel Compta Libérale 14.0-->MsiExec.exe /I{DBA6A6A6-5F8F-407C-BCBB-C3A34390AB7A}
Coffret de pilotes Logitech Legacy USB Camera-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\10.51.2023\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.90.1262\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.90" /clone_wait /hide_progress
Command & Conquer 3 Tiberium Wars(TM) Worldbuilder-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F428768A-BA63-43A5-86E9-7F0CFD174944}\setup.exe" -l0x9 -removeonly
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer™ Alerte Rouge 3 La Révolte-->MsiExec.exe /X{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"E:\CoH\Uninstall_French.exe"
Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink2\unins000.exe"
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
eMule-->"D:\eMule\Uninstall.exe"
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x40c uninst
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x40c uninst
EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x40c uninst
EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x40c anything
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x40c Uninstall
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESPRX620 Guide des logiciels-->C:\Program Files\EPSON\TPMANUAL\ESPRX620\PQU_G\DOCUNINS.EXE
ESPRX620 Series Guide de réf.-->C:\Program Files\EPSON\TPMANUAL\ESPRX620 Series\REF_G\DOCUNINS.EXE
Extrafilm Designer FR-->C:\Program Files\Extrafilm Designer FR\Uninstall.exe
Far Cry-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l1036
Frets On Fire-->"C:\Program Files\Frets on Fire\Uninstall.exe"
GameSpy Arcade-->D:\PROGRA~1\GAMESP~1\UNWISE.EXE D:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
IKEA Home Planner-->MsiExec.exe /I{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE}
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KhalSetup-->MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
La Bataille pour la Terre du Milieu(tm)-->E:\LSDA 6 LA BATAILLE POUR LA TERRE DU MILIEU\EAUninstall.exe
La Bataille pour la Terre du Milieu™ II-->E:\la bataille pour la terre du milieu 2\EAUninstall.exe
Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
L'Avènement du Roi-sorcier™-->E:\l'avenement du roi sorcier\EAUninstall.exe
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x40c UNINSTALL -removeonly
Logitech QuickCam-->MsiExec.exe /I{937B232D-9776-471E-92BD-D424E514EF14}
Logitech SetPoint-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x40c -removeonly
Ma Cuisine Lapeyre Prima-->C:\PROGRA~1\MACUIS~1\UNWISE.EXE C:\PROGRA~1\MACUIS~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaLife -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{362BFFCD-8274-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Halo Trial-->"C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Mise à jour de sécurité pour Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC DUAL SHOCK-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D313CA09-D5D4-4B3D-B4D0-20F2289BCD01}\setup.exe" -l0x9
Philips Device Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}\setup.exe" -l0x40c -removeonly
PhotoImpression 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x40c
PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBAB8CE2-6AE2-497C-A745-67A61134E72C}\SETUP.EXE" -l0x40c anything
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
Ri4m v5.0.1d-->C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
S.T.A.L.K.E.R. - Shadow of Chernobyl-->"E:\stalker\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Satsuki Decoder Pack-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
ScanToWeb-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x40c /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x40c UNINSTALL -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SPYWAREfighter-->"C:\Program Files\Fighters\spywarefighter\Uninstall.exe" Remove
SPYWAREfighter-->MsiExec.exe /I{B940005A-1212-4E87-885B-1FF80B40D6F4}
STARWARS: The Battle of Yavin version 1.1-->"C:\Program Files\STARWARS_TheBattleOfYavin_v11\unins000.exe"
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp (remove only)-->"D:\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090728-0]

======System event log======

Computer Name: SANDRA-F832D06B
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{FBC6647E-4262-4609-99E5-41DE3AED6723} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 16274
Source Name: Tcpip
Time Written: 20090607122832.000000+120
Event Type: Informations
User:

Computer Name: SANDRA-F832D06B
Event Code: 33
Message: Intel(R) PRO/1000 MT Network Connection
Le lien a été établi : 1000 Mbits/s en duplex intégral.

Record Number: 16273
Source Name: E1000
Time Written: 20090607122832.000000+120
Event Type: Informations
User:

Computer Name: SANDRA-F832D06B
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 16272
Source Name: EventLog
Time Written: 20090607122804.000000+120
Event Type: Informations
User:

Computer Name: SANDRA-F832D06B
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 16271
Source Name: EventLog
Time Written: 20090607122804.000000+120
Event Type: Informations
User:

Computer Name: SANDRA-F832D06B
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.

Record Number: 16270
Source Name: EventLog
Time Written: 20090606144720.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: SANDRA-F832D06B
Event Code: 1004
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam', composant '{B52C7B4D-F46F-438C-ADF2-05A138C57757}. La ressource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' n'existe pas

Record Number: 18692
Source Name: MsiInstaller
Time Written: 20080824130446.000000+120
Event Type: Avertissement
User: AUTORITE NT\SERVICE RÉSEAU

Computer Name: SANDRA-F832D06B
Event Code: 1001
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam' lors de la demande du composant '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Record Number: 18691
Source Name: MsiInstaller
Time Written: 20080824130445.000000+120
Event Type: Avertissement
User: AUTORITE NT\SERVICE RÉSEAU

Computer Name: SANDRA-F832D06B
Event Code: 1004
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam', composant '{B52C7B4D-F46F-438C-ADF2-05A138C57757}. La ressource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' n'existe pas

Record Number: 18690
Source Name: MsiInstaller
Time Written: 20080824130445.000000+120
Event Type: Avertissement
User: AUTORITE NT\SERVICE RÉSEAU

Computer Name: SANDRA-F832D06B
Event Code: 1001
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam' lors de la demande du composant '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Record Number: 18689
Source Name: MsiInstaller
Time Written: 20080824130444.000000+120
Event Type: Avertissement
User: AUTORITE NT\SERVICE RÉSEAU

Computer Name: SANDRA-F832D06B
Event Code: 1004
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam', composant '{B52C7B4D-F46F-438C-ADF2-05A138C57757}. La ressource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' n'existe pas

Record Number: 18688
Source Name: MsiInstaller
Time Written: 20080824130444.000000+120
Event Type: Avertissement
User: AUTORITE NT\SERVICE RÉSEAU

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

En voulant lancer Usbfix, celui ci me demande de mettre mon disque dur externe sous tension (alors que tu me dis de ne pas l'ouvrir) et d'en retirer la protection en écriture.
Que dois je faire?

voici le rapport de Usbfix.txt:


############################## | UsbFix V6.012 |

User : Sandra () # SANDRA-F832D06B
Update on 29/07/09 by Chiquitine29 & C_XX
Start at: 09:26:34 | 31/07/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1335 [VPS 090730-0] 4.8.1335 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces # 1,39 Mo (1,39 Mo free) # FAT
C:\ -> Disque fixe local # 189,92 Go (54,15 Go free) # NTFS
D:\ -> Disque fixe local # 201,09 Go (35,89 Go free) # NTFS
E:\ -> Disque fixe local # 264,67 Go (9,31 Go free) # NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM # 5,89 Go (0 Mo free) [CCRA3Uprising] # CDFS
I:\ -> Disque CD-ROM
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
L:\ -> Disque amovible # 958,59 Mo (936,42 Mo free) [USBDISKPRO] # FAT32
M:\ -> Disque fixe local # 465,76 Go (35,51 Go free) [Webox500Go] # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Fighters\configservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Fighters\ScannerService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Présent ! H:\autorun.inf

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{266a0289-a8ad-11dc-9ecf-0015f24633a8}
Shell\AutoRun\command =H:\setup\rsrc\Autorun.exe
Shell\dinstall\command =H:\Directx\dxsetup.exe

HKCU\..\..\Explorer\MountPoints2\{266a028c-a8ad-11dc-9ecf-0015f24633a8}
Shell\AutoRun\command =H:\setup\rsrc\Autorun.exe
Shell\dinstall\command =H:\Directx\dxsetup.exe

HKCU\..\..\Explorer\MountPoints2\{5fafa92e-35c2-11de-91f0-0015f24633a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe

HKCU\..\..\Explorer\MountPoints2\{66a27f10-5d5d-11dd-90a4-0015f24633a8}
Shell\AutoRun\command =wscript.exe VirusRemoval.vbs
Shell\open\Command =wscript.exe VirusRemoval.vbs

HKCU\..\..\Explorer\MountPoints2\{bef81dec-cf8f-11dd-915a-0015f24633a8}
Shell\AutoRun\command =L:\TrueCrypt\TrueCrypt.exe /q background /e /m rm /v "Dossiers_cryptés"
Shell\dismount\command =L:\TrueCrypt\TrueCrypt.exe /q /d
Shell\start\command =L:\TrueCrypt\TrueCrypt.exe

HKCU\..\..\Explorer\MountPoints2\{ce9fe601-a8b4-11dc-9ed1-0015f24633a8}
Shell\AutoRun\command =H:\setup\rsrc\Autorun.exe
Shell\dinstall\command =H:\Directx\dxsetup.exe

HKCU\..\..\Explorer\MountPoints2\{ce9fe609-a8b4-11dc-9ed1-0015f24633a8}
Shell\AutoRun\command =H:\Autorun.exe

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.012 ! |

voici le rapport en question:


############################## | UsbFix V6.012 |

User : Sandra (Administrateurs) # SANDRA-F832D06B
Update on 29/07/09 by Chiquitine29 & C_XX
Start at: 14:54:34 | 31/07/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1335 [VPS 090730-0] 4.8.1335 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces # 1,39 Mo (1,39 Mo free) # FAT
C:\ -> Disque fixe local # 189,92 Go (54,15 Go free) # NTFS
D:\ -> Disque fixe local # 201,09 Go (35,89 Go free) # NTFS
E:\ -> Disque fixe local # 264,67 Go (9,31 Go free) # NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
L:\ -> Disque amovible # 958,59 Mo (936,42 Mo free) [USBDISKPRO] # FAT32
M:\ -> Disque fixe local # 465,76 Go (35,51 Go free) [Webox500Go] # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Fighters\configservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Fighters\ScannerService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe

################## | Fichiers # Dossiers infectieux |


################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{266a0289-a8ad-11dc-9ecf-0015f24633a8}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{266a028c-a8ad-11dc-9ecf-0015f24633a8}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{5fafa92e-35c2-11de-91f0-0015f24633a8}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{bef81dec-cf8f-11dd-915a-0015f24633a8}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{ce9fe601-a8b4-11dc-9ed1-0015f24633a8}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[12/04/2006 09:04|--a------|0] -> C:\AUTOEXEC.BAT
[12/04/2006 09:33|---hs----|323] -> C:\boot.ini
[30/08/2002 14:00|-rahs----|4952] -> C:\Bootfont.bin
[12/04/2006 09:04|--a------|0] -> C:\CONFIG.SYS
[04/08/2004 12:17|--a------|1128203] -> C:\dvdshrink32setup_FR.exe
[12/04/2006 09:04|-rahs----|0] -> C:\IO.SYS
[12/04/2006 09:04|-rahs----|0] -> C:\MSDOS.SYS
[03/08/2004 22:38|-rahs----|47564] -> C:\NTDETECT.COM
[03/08/2004 22:59|-rahs----|251712] -> C:\ntldr
[?|?|?] -> C:\pagefile.sys
[23/05/2008 14:02|--a------|65762] -> C:\tv3d_debug.txt
[31/07/2009 15:01|--a------|3916] -> C:\UsbFix.txt
[14/04/2006 17:19|--a------|5702408] -> D:\mozilla firefox.exe
[14/04/2006 17:17|--a------|5564800] -> D:\winamp52_full.exe
[14/04/2006 13:17|--a------|1107787] -> D:\winrar.exe
[15/03/2005 07:48|--a------|10334208] -> E:\ACTOFWAR.EXE
[06/05/2008 14:41|--a------|82] -> E:\code64607.txt
[06/11/2007 23:33|--a------|3017216] -> E:\iw3sp.exe
[28/04/2009 11:08|--a------|1479840] -> L:\avril 2009 196.jpg
[28/04/2009 11:08|--a------|1505348] -> L:\avril 2009 180.jpg
[28/04/2009 11:08|--a------|1248718] -> L:\avril 2009 181.jpg
[28/04/2009 11:08|--a------|1381820] -> L:\avril 2009 182.jpg
[28/04/2009 11:08|--a------|1412096] -> L:\avril 2009 183.jpg
[28/04/2009 11:08|--a------|1314212] -> L:\avril 2009 184.jpg
[28/04/2009 11:08|--a------|1484388] -> L:\avril 2009 185.jpg
[28/04/2009 11:08|--a------|1426390] -> L:\avril 2009 186.jpg
[28/04/2009 11:08|--a------|1383516] -> L:\avril 2009 187.jpg
[28/04/2009 11:08|--a------|1272466] -> L:\avril 2009 188.jpg
[28/04/2009 11:08|--a------|1305592] -> L:\avril 2009 189.jpg
[28/04/2009 11:08|--a------|1559501] -> L:\avril 2009 190.jpg
[28/04/2009 11:08|--a------|1290863] -> L:\avril 2009 191.jpg
[28/04/2009 11:08|--a------|1160937] -> L:\avril 2009 192.jpg
[28/04/2009 11:08|--a------|1175942] -> L:\avril 2009 193.jpg
[28/04/2009 11:08|--a------|1207121] -> L:\avril 2009 194.jpg
[28/04/2009 11:08|--a------|1560635] -> L:\avril 2009 195.jpg

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# L:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# M:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.012 ! |

voici le rapport de MBAM (avant de lancer MBAM, j'avais débrancher mon disque dur externe. j'espère que ce n'est pas une erreur):

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2534
Windows 5.1.2600 Service Pack 2

31/07/2009 15:54:57
mbam-log-2009-07-31 (15-54-57).txt

Type de recherche: Examen rapide
Eléments examinés: 88170
Temps écoulé: 5 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

et voici:

http://www.virustotal.com/fr/anali [...] 1246659110

voilà le rapport de kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: rapport d'analyse
samedi 1 août 2009
Système d'exploitation : Microsoft Windows XP Professional Service Pack 2 (build 2600)
Version de Kaspersky Online Scanner : 7.0.26.13
Dernière mise à jour de la base : Saturday, August 01, 2009 07:57:53
Enregistrements dans la base : 2569378
--------------------------------------------------------------------------------

Paramètres d'analyse:
analyser avec la base suivante: étendue
Analyser les archives: oui
Analyser les bases de messagerie: oui

Zone d'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Statistiques d'analyse:
Objets analysés: 108271
Menaces trouvées: 1
Objets infectés trouvés: 1
Objets suspects trouvés: 0
Durée d'analyse: 02:44:20


Nom de fichier / Menace / Compteur de menaces
C:\Documents and Settings\Sandra\Local Settings\Application Data\Microsoft\Outlook\archive.pst Infecté : Trojan-Spy.Win32.Goldun.ayt 1

La zone sélectionnée a été analysée.

non
quand j'allume mon PC, je n'ai aucun message d'alerte de la part d'Avast
je sais juste que j'ai un virus grâce au scan de kaspersky que j'ai effectué il y a quelques jours (en plus de celui du 1er aout)

voici le rapport de OTM

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Documents and Settings\Sandra\Local Settings\Application Data\Microsoft\Outlook\archive.pst not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Help

User: LocalService
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33172 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2173229 bytes

User: Sandra
->Temp folder emptied: 98184018 bytes
->Temporary Internet Files folder emptied: 44242468 bytes
->Java cache emptied: 15220079 bytes
->FireFox cache emptied: 88831045 bytes

User: Template

C:\NV18481852.TMP folder deleted successfully.
C:\NV18601864.TMP folder deleted successfully.
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2133582 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5a4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 38308591 bytes
RecycleBin emptied: 4290922140 bytes

Total Files Cleaned = 271,97 mb


OTM by OldTimer - Version 3.0.0.5 log created on 08042009_095956

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_5a4.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...