[Résolu] Redirections vers des sites publicitaires depuis Google

Scippio

19 Octobre 2009 16:19:20

Bonjour,

Lorsque je clique sur des liens vers des sites web (sous Firefox) dans Google je suis redirigé vers des sites publicitaires. J'ai effectué une analyse antivirus (NOD32) et nettoyé avec Ccleaner et TuneUp, sans succès. Voici le rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:48, on 19/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\hp\Bureau\hijackthis-2.0.2.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\hijackthis-2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {15f75187-3c68-4a04-9f42-7da15ded5067} - c:\windows\system32\yzrcruf.dll
O2 - BHO: DAPIELoader Class - {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [SpybotDeletingA8708] command.com /c del "C:\WINDOWS\system32\lqqwyxex.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2896] cmd.exe /c del "C:\WINDOWS\system32\lqqwyxex.dll"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Synaptics TouchPad Enhancements] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O8 - Extra context menu item: &clean traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &download with &dap - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: download &all with dap - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ehpimpfj - C:\WINDOWS\SYSTEM32\yzrcruf.dll
O20 - Winlogon Notify: mfnxpha - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPCE) (RPCHE) - Unknown owner - C:\Program Files\Intel\Intel.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7770 bytes

Autres pages sur : resolu redirections vers sites publicitaires google

| Etre averti des réponses
| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 16:26:53

Bonjour,

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 16:29:42

Voici le contenu de log.txt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:48, on 19/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\hp\Bureau\hijackthis-2.0.2.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\hijackthis-2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {15f75187-3c68-4a04-9f42-7da15ded5067} - c:\windows\system32\yzrcruf.dll
O2 - BHO: DAPIELoader Class - {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [SpybotDeletingA8708] command.com /c del "C:\WINDOWS\system32\lqqwyxex.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2896] cmd.exe /c del "C:\WINDOWS\system32\lqqwyxex.dll"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Synaptics TouchPad Enhancements] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O8 - Extra context menu item: &clean traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &download with &dap - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: download &all with dap - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ehpimpfj - C:\WINDOWS\SYSTEM32\yzrcruf.dll
O20 - Winlogon Notify: mfnxpha - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPCE) (RPCHE) - Unknown owner - C:\Program Files\Intel\Intel.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7770 bytes

Et voici le contenu de info.txt:

info.txt logfile of random's system information tool 1.06 2009-10-19 18:28:22

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Reader 8.1.6 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced RAR Repair v1.0-->C:\PROGRA~1\ARAR\UNWISE.EXE C:\PROGRA~1\ARAR\INSTALL.LOG
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoBase 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x40c -uninst
ArcSoft PhotoStudio 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x40c -uninst
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Audacity 1.3.3 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AVI/MPEG/RM/WMV Joiner 4.81-->"C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AxCrypt (Désinstaller uniquement)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Call of Duty - United Offensive-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty Game of the Year Edition-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP240 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series /L0x000c
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CanoScan LiDE20,30 Manual-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}\setup.exe" -l0x40c
CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x40c
Capturino 1.4-->C:\Program Files\Capturino 1.4\Uninstal.exe
CC_ccProxyExt-->MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ccPxyCore-->MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
CleanMyPC - Registry Cleaner-->"C:\Program Files\CleanMyPC\Registry Cleaner\unins000.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Compel Adaptec WinASPI-->"C:\Program Files\WinASPI\unins000.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
DVDInfoPro-->C:\WINDOWS\unvise32.exe C:\Program Files\DvdinfoPro\uninstal.log
ESET NOD32 Antivirus-->MsiExec.exe /I{D63BE135-E5A0-41D3-889A-6F28A3C4C531}
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free MOV 2 AVI -->C:\Program Files\Free MOV 2 AVI\uninst.exe
Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2-->"C:\DOCUME~1\hp\LOCALS~1\Temp\HijackThis.exe" /uninstall
HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Quick Launch Buttons 6.10 A2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c -removeonly uninst
HP QuickPlay 2.3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP User Guides 0036-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4180B60-0239-48DE-89EF-2CE4C3650A71}\Setup.exe" -l0x40c -removeonly
HP Webcam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2BC4969-2DE3-499A-9A3D-1B7C34ED12C3}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x40c hpquninst
Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Matroska Playback Pack-->C:\Program Files\Matroska Playback Pack\uninstall.exe
MDI viewer 0.1-->"C:\Program Files\MDIviewer\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NetMeter 1.1.3-->"C:\Program Files\NetMeter\unins000.exe"
NetWaiting-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
Package de pilotes Windows - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.25)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\usbvm326_49CA82027FB353A22BAC4204862D30BB8A51CBB7\usbvm326.inf
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Satsuki Decoder Pack-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFV Checker-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9736F27-3CFC-4AF9-B2A7-5B1A54B1A84F}\setup.exe"
Sina Web TV-->C:\PROGRA~1\sina\SINAWE~1\307~1.1\UNWISE.EXE C:\PROGRA~1\sina\SINAWE~1\307~1.1\Install.LOG
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
SonicAC3Encoder-->MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder-->MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
SopCast 1.1.1-->C:\Program Files\SopCast\uninst.exe
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stream Torrent 1.0-->"C:\Program Files\StreamTorrent 1.0\uninstall.exe"
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tunatic-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.4.8.1-->C:\Program Files\TVUPlayer\uninst.exe
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
UUSee ÍøÂçµçÊÓ [4.4.801.53]-->C:\Program Files\uusee\uninst.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Veetle TV 0.9.15-->C:\Program Files\Veetle\UninstallVeetleTV.exe
Video Converter Studio V2.0.2-->"C:\Program Files\Apowersoft\Video Converter Studio\unins000.exe"
Virtualis Crédit Mutuel-->C:\Program Files\Virtualis\Désinstallation Virtualis Crédit Mutuel
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

======Hosts File======

127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: BitDefender Antivirus (disabled)
AV: Norton Internet Security 2006 (outdated)
AV: Kaspersky Anti-Virus (disabled) (outdated)
AV: ESET NOD32 Antivirus 3.0
FW: BitDefender Firewall (disabled)
FW: Norton Internet Security 2006

======System event log======

Computer Name: MASHENKA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

Record Number: 40645
Source Name: Cdrom
Time Written: 20090817185145.000000+120
Event Type: Avertissement
User:

Computer Name: MASHENKA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

Record Number: 40644
Source Name: Cdrom
Time Written: 20090817185145.000000+120
Event Type: Avertissement
User:

Computer Name: MASHENKA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

Record Number: 40643
Source Name: Cdrom
Time Written: 20090817185144.000000+120
Event Type: Avertissement
User:

Computer Name: MASHENKA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

Record Number: 40642
Source Name: Cdrom
Time Written: 20090817185144.000000+120
Event Type: Avertissement
User:

Computer Name: MASHENKA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

Record Number: 40641
Source Name: Cdrom
Time Written: 20090817185144.000000+120
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: MASHENKA
Event Code: 1
Message:
Record Number: 15136
Source Name: nview_info
Time Written: 20091012180155.000000+120
Event Type: erreur
User:

Computer Name: MASHENKA
Event Code: 1
Message:
Record Number: 15135
Source Name: nview_info
Time Written: 20091012180154.000000+120
Event Type: erreur
User:

Computer Name: MASHENKA
Event Code: 1
Message:
Record Number: 15134
Source Name: nview_info
Time Written: 20091012180154.000000+120
Event Type: erreur
User:

Computer Name: MASHENKA
Event Code: 1
Message:
Record Number: 15133
Source Name: nview_info
Time Written: 20091012180154.000000+120
Event Type: erreur
User:

Computer Name: MASHENKA
Event Code: 1
Message:
Record Number: 15132
Source Name: nview_info
Time Written: 20091012180154.000000+120
Event Type: erreur
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Satsuki Decoder Pack\filtres;C:\Program Files\Fichiers communs\Teleca Shared;C:\Program Files\Fichiers communs\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PCTYPE"=PAVILION
"PLATFORM"=MCD
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 16:38:32

Pour le rapport log, tu m'as juste mis le rapport HijackThis donc il n'est pas complet.

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 16:40:55

Pardon, voilà tout le contenu du fichier log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by hp at 2009-10-19 18:39:43
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 8 GB (10%) free of 87 GB
Total RAM: 2046 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:02, on 19/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\hp\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\hp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {15f75187-3c68-4a04-9f42-7da15ded5067} - c:\windows\system32\yzrcruf.dll
O2 - BHO: DAPIELoader Class - {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [SpybotDeletingA8708] command.com /c del "C:\WINDOWS\system32\lqqwyxex.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2896] cmd.exe /c del "C:\WINDOWS\system32\lqqwyxex.dll"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Synaptics TouchPad Enhancements] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O8 - Extra context menu item: &clean traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &download with &dap - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: download &all with dap - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ehpimpfj - C:\WINDOWS\SYSTEM32\yzrcruf.dll
O20 - Winlogon Notify: mfnxpha - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPCE) (RPCHE) - Unknown owner - C:\Program Files\Intel\Intel.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7803 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15f75187-3c68-4a04-9f42-7da15ded5067}]
c:\windows\system32\yzrcruf.dll [2006-03-25 104448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff6c3cf0-4b15-11d1-abed-709549c10000}]
DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2009-06-24 140880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-26 61952]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-20 7581696]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-10-24 1451264]
"nwiz"=nwiz.exe /install []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA8708"=command.com /c del C:\WINDOWS\system32\lqqwyxex.dll []
"SpybotDeletingC2896"=cmd.exe /c del C:\WINDOWS\system32\lqqwyxex.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"Synaptics TouchPad Enhancements"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"NetMeter"=C:\Program Files\NetMeter\NetMeter.exe [2007-08-11 331264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hp^Menu Démarrer^Programmes^Démarrage^Memeo AutoBackup Launcher.lnk]
C:\Documents and Settings\hp\Application Data\Microsoft\Installer\{EADA929D-7AEA-462C-AB1A-4ADC5962D506}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe --silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2
"SPBBCSvc"=3
"SNDSrvc"=3
"ccSetMgr"=2
"ccProxy"=2
"ccISPwdSvc"=3
"ccEvtMgr"=2
"aawservice"=2
"avast! Web Scanner"=3
"avast! Mail Scanner"=3
"avast! Antivirus"=2
"aswUpdSv"=2
"Apple Mobile Device"=2
"mnmsrvc"=3
"TuneUp.Defrag"=3
"iPod Service"=3
"btwdins"=2
"Bonjour Service"=2
"WZCOOK"=3
"WLSetupSvc"=3
"usnjsvc"=3
"Adobe LM Service"=3
"NSCService"=2
"javaquickstarterservice"=2
"IJPLMSVC"=2
"hpqwmiex"=2
"avast!antivirus"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ehpimpfj]
C:\WINDOWS\system32\yzrcruf.dll [2006-03-25 104448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mfnxpha]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=144
"NoDrives"=00000000
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\hp\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\hp\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe"="C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe:*:Enabled:NAVBrowser"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f8e94b9-33f8-11de-83f5-001636a381df}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63db7e8b-b62f-11dd-838e-001636a381df}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf7c0c01-e08e-11dc-8294-0018dea2f451}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

======List of files/folders created in the last 1 months======

2009-10-19 18:27:58 ----D---- C:\Program Files\trend micro
2009-10-19 18:27:56 ----D---- C:\rsit
2009-10-16 23:13:44 ----D---- C:\Program Files\Tunatic
2009-10-16 11:01:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-16 10:18:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-16 10:01:04 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-13 18:05:07 ----D---- C:\Program Files\Unlocker
2009-10-13 12:12:03 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2009-10-09 22:27:36 ----D---- C:\Program Files\Traction Software
2009-10-09 18:09:33 ----D---- C:\Program Files\JRE
2009-10-09 01:29:38 ----D---- C:\Program Files\PowerISO
2009-10-06 17:21:58 ----D---- C:\Program Files\Fichiers communs\Skype
2009-10-04 12:51:23 ----D---- C:\Documents and Settings\hp\Application Data\StreamTorrent
2009-10-04 12:51:22 ----D---- C:\Program Files\StreamTorrent 1.0
2009-09-26 16:55:07 ----D---- C:\Program Files\sina

======List of files/folders modified in the last 1 months======

2009-10-19 18:39:39 ----D---- C:\WINDOWS\Temp
2009-10-19 18:39:10 ----D---- C:\Program Files\Mozilla Firefox
2009-10-19 18:27:58 ----D---- C:\Program Files
2009-10-19 18:12:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-19 17:50:59 ----D---- C:\WINDOWS\Prefetch
2009-10-19 16:29:10 ----D---- C:\Program Files\Mozilla Thunderbird
2009-10-18 21:30:11 ----SHD---- C:\System Volume Information
2009-10-18 21:05:07 ----D---- C:\Documents and Settings\hp\Application Data\dvdcss
2009-10-18 21:03:13 ----D---- C:\Documents and Settings\hp\Application Data\vlc
2009-10-18 14:45:08 ----D---- C:\Documents and Settings\hp\Application Data\utorrent
2009-10-18 14:06:10 ----D---- C:\WINDOWS\system32\Restore
2009-10-17 23:27:02 ----D---- C:\WINDOWS
2009-10-17 22:30:33 ----D---- C:\WINDOWS\system32
2009-10-17 17:54:28 ----AC---- C:\WINDOWS\WININIT.INI
2009-10-17 10:00:44 ----D---- C:\Program Files\FreeUndelete
2009-10-17 10:00:07 ----D---- C:\WINDOWS\system32\drivers
2009-10-16 19:07:26 ----SHD---- C:\WINDOWS\Installer
2009-10-16 19:07:26 ----SHD---- C:\Config.Msi
2009-10-16 18:01:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-16 10:23:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-16 10:10:49 ----D---- C:\WINDOWS\Tasks
2009-10-16 10:07:08 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-13 21:06:05 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJ
2009-10-13 21:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2009-10-13 12:36:06 ----D---- C:\Program Files\AVS4YOU
2009-10-13 11:42:01 ----D---- C:\Program Files\QuickTime
2009-10-13 11:38:52 ----D---- C:\Program Files\Fichiers communs\Apple
2009-10-13 11:37:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-13 11:37:21 ----HD---- C:\WINDOWS\inf
2009-10-13 11:37:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-09 22:27:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-09 19:24:59 ----D---- C:\Program Files\uTorrent
2009-10-09 18:16:18 ----RSD---- C:\WINDOWS\assembly
2009-10-09 18:10:41 ----RSD---- C:\WINDOWS\Fonts
2009-10-09 18:09:19 ----D---- C:\Program Files\OpenOffice.org 3
2009-10-06 17:24:06 ----D---- C:\Documents and Settings\hp\Application Data\Skype
2009-10-06 17:21:58 ----RD---- C:\Program Files\Skype
2009-10-06 17:21:58 ----D---- C:\Program Files\Fichiers communs
2009-10-06 17:21:51 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-10-06 17:11:45 ----D---- C:\Documents and Settings\hp\Application Data\skypePM
2009-10-05 20:40:44 ----N---- C:\WINDOWS\win.ini
2009-10-04 21:58:03 ----D---- C:\Program Files\DAP
2009-09-28 17:53:34 ----D---- C:\Documents and Settings\hp\Application Data\Microsoft
2009-09-26 16:54:14 ----D---- C:\WINDOWS\Downloaded Program Files
2009-09-26 16:53:07 ----D---- C:\Documents and Settings\hp\Application Data\Audacity
2009-09-26 16:29:21 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-10-24 34824]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-25 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-25 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-25 55936]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-11 179200]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-26 581632]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidIr;Pilote HID infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-21 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-21 208000]
R3 IrBus;Pilote de filtre de bus infrarouge pour les contrôles distants eHome; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-05-26 9856]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-17 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-23 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-02 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-21 727296]
S1 cf1821ad;cf1821ad; C:\WINDOWS\System32\drivers\cf1821ad.sys []
S1 f44240d1;f44240d1; C:\WINDOWS\System32\drivers\f44240d1.sys []
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ; C:\WINDOWS\System32\Drivers\5U870CAP.sys [2006-06-07 61952]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 182656]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MODBDA2;DiBcom MOD3000 TV receiver; C:\WINDOWS\System32\Drivers\modbda2.sys [2006-06-13 33024]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Slnt7554;USB Soft Modem Driver; C:\WINDOWS\system32\DRIVERS\slnt7554.sys [2004-08-03 129535]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-03 95424]
S3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-22 1429632]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 mchinjdrv;mchinjdrv; \??\C:\DOCUME~1\hp\LOCALS~1\Temp\mc21.tmp []
S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-20 143426]
R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
R2 xuejgvsp;Microsoft UAA Function for High Definition Audio ServiceMonitor; C:\WINDOWS\System32\svchost.exe [2009-05-09 14336]
S2 RPCHE;Remote Procedure Call (RPCE); C:\Program Files\Intel\Intel.exe []
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796]
S2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe []
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ehttpsrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-10-24 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ipod service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2009-05-09 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-24 72704]
S4 avast!antivirus;avast!antivirus; C:\WINDOWS\System32\avast!Antivirus.exe -k netsvcs []
S4 bonjour service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2006-05-12 258103]
S4 ccEvtMgr;Symantec Event Manager; c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe []
S4 ccSetMgr;Symantec Settings Manager; c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe []
S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S4 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
S4 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-16 152984]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-05-18 49152]
S4 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
S4 NSCService;Service Norton Protection Center; C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE []
S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WZCOOK;WEP/WPA-PMK key recovery service; C:\Documents and Settings\hp\Bureau\air crack\aircrack-2.41\win32\wzcook.exe []

-----------------EOF-----------------

| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 16:47:28

Tu as plusieurs infections.

Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Double-clique sur UsbFix pour l'exécuter.

Choisis l'option 1 (Recherche).

Laisse travailler l'outil.

Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 17:17:59

############################## | UsbFix V6.042 |

User : hp (Administrateurs) # MASHENKA
Update on 15/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 19:15:22 | 19/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : BitDefender Antivirus 12.0 [ (!) Disabled | Updated ]
AV : Norton Internet Security 2006 2006 [ Enabled | (!) Outdated ]
AV : Kaspersky Anti-Virus 8.0.0.506 [ (!) Disabled | (!) Outdated ]
AV : ESET NOD32 Antivirus 3.0 3.0 [ Enabled | Updated ]
FW : BitDefender Firewall[ (!) Disabled ]12.0
FW : Norton Internet Security 2006[ Enabled ]2006

C:\ -> Disque fixe local # 84.93 Go (8.12 Go free) [OS] # NTFS
D:\ -> Disque fixe local # 93.16 Go (6.63 Go free) [Data] # NTFS
E:\ -> Disque fixe local # 8.23 Go (1.37 Go free) [HP_RECOVERY] # NTFS
F:\ -> Disque CD-ROM
H:\ -> Disque fixe local # 465.76 Go (1.14 Go free) [My Book] # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

D:\desktop.ini
E:\autorun.inf
E:\desktop.ini

################## | Registre # Clés Run infectieuses |

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{4f8e94b9-33f8-11de-83f5-001636a381df}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs

HKCU\..\..\Explorer\MountPoints2\{63db7e8b-b62f-11dd-838e-001636a381df}
Shell\AutoRun\command =G:\Autorun.exe

HKCU\..\..\Explorer\MountPoints2\{cf7c0c01-e08e-11dc-8294-0018dea2f451}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

################## | ! Fin du rapport # UsbFix V6.042 ! |

| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 17:40:19

Relance UsbFix et choisis l'option 5 pour le désinstaller.

Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.

Double-clique sur le fichier téléchargé pour lancer le processus d'installation.

Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.

Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.

Sélectionne Exécuter un examen rapide.

Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Ferme tes navigateurs.

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 17:57:29

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2988
Windows 5.1.2600 Service Pack 3

19/10/2009 19:54:53
mbam-log-2009-10-19 (19-54-53).txt

Type de recherche: Examen rapide
Eléments examinés: 113189
Temps écoulé: 8 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté

(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{aff01

325-0fc2-4749-8914-fbf0565ad9cc}

(Trojan.Agent) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\

Microsoft\Windows\CurrentVersion\Ext\St

ats\{aff01325-0fc2-4749-8914-

fbf0565ad9cc} (Trojan.Agent) ->

Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE

\Microsoft\Windows\CurrentVersion\Explo

rer\{19127ad2-394b-70f5-c650-

b97867baa1f7} (Backdoor.Bot) ->

Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE

\Microsoft\Windows\CurrentVersion\Explo

rer\{43bf8cd1-c5d5-2230-7bb2-

98f22c2b7dc6} (Backdoor.Bot) ->

Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\Current

Version\Explorer\{19127ad2-394b-70f5-

c650-b97867baa1f7} (Backdoor.Bot) ->

Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\Current

Version\Explorer\{43bf8cd1-c5d5-2230-

7bb2-98f22c2b7dc6} (Backdoor.Bot) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWAR

E\AGprotect (Malware.Trace) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\Curr

entControlSet\Services\avast!AntiVirus

(Trojan.Agent) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\System\Curr

entControlSet\Services\RPCHE

(Backdoor.Bot) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\System\Curr

entControlSet\Services\UACd.sys

(Trojan.Agent) -> Quarantined and deleted

successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\

Microsoft\Windows\CurrentVersion\Explor

er\WINID (Malware.Trace) ->

Quarantined and deleted successfully.

Elément(s) de données du Registre infecté

(s):
HKEY_LOCAL_MACHINE\System\Curr

entControlSet\Services\BITS\ImagePath

(Hijack.WindowsUpdates) -> Bad: (%

fystemRoot%\system32\svchost.exe -k

netsvcs) Good: (%SystemRoot%

\System32\svchost.exe -k netsvcs) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\Curr

entControlSet\Services\wuauserv\ImagePat

h (Hijack.WindowsUpdates) -> Bad: (%

fystemroot%\system32\svchost.exe -k

netsvcs) Good: (%SystemRoot%

\System32\svchost.exe -k netsvcs) ->

Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32

\drivers\4c1f3b39.sys (Rootkit.Rustock) ->

Delete on reboot.
C:\WINDOWS\system32\sft.res

(Malware.Trace) -> Quarantined and

deleted successfully.

Il y avait bien des malwares. Je suppose qu'il faut redémarrer avant de faire éventuellement une autre manipulation.

| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 18:08:03

Pourquoi le rapport est coupé comme cela ?

Oui, redémarre ton PC.

Relance MBAM, va dans Quarantaine et supprime tout.

Refais un scan RSIT et poste le rapport log.

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 18:14:16

Aucune idée en ce qui concerne le rapport, j'en ai copié l'intégralité pourtant.

Rapport log de RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by hp at 2009-10-19 20:13:03
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 8 GB (9%) free of 87 GB
Total RAM: 2046 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:21, on 19/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\hp\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\hp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {0f960f18-27f4-4bfc-824a-e49486b59239} - C:\WINDOWS\system32\lqqwyxex.dll
O2 - BHO: (no name) - {15f75187-3c68-4a04-9f42-7da15ded5067} - c:\windows\system32\yzrcruf.dll
O2 - BHO: DAPIELoader Class - {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Synaptics TouchPad Enhancements] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O8 - Extra context menu item: &clean traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &download with &dap - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: download &all with dap - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ehpimpfj - C:\WINDOWS\SYSTEM32\yzrcruf.dll
O20 - Winlogon Notify: mfnxpha - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7691 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f960f18-27f4-4bfc-824a-e49486b59239}]
C:\WINDOWS\system32\lqqwyxex.dll [2006-03-25 132608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15f75187-3c68-4a04-9f42-7da15ded5067}]
c:\windows\system32\yzrcruf.dll [2006-03-25 104448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff6c3cf0-4b15-11d1-abed-709549c10000}]
DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2009-06-24 140880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-26 61952]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-20 7581696]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-10-24 1451264]
"nwiz"=nwiz.exe /install []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"Synaptics TouchPad Enhancements"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"NetMeter"=C:\Program Files\NetMeter\NetMeter.exe [2007-08-11 331264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hp^Menu Démarrer^Programmes^Démarrage^Memeo AutoBackup Launcher.lnk]
C:\Documents and Settings\hp\Application Data\Microsoft\Installer\{EADA929D-7AEA-462C-AB1A-4ADC5962D506}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe --silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2
"SPBBCSvc"=3
"SNDSrvc"=3
"ccSetMgr"=2
"ccProxy"=2
"ccISPwdSvc"=3
"ccEvtMgr"=2
"aawservice"=2
"avast! Web Scanner"=3
"avast! Mail Scanner"=3
"avast! Antivirus"=2
"aswUpdSv"=2
"Apple Mobile Device"=2
"mnmsrvc"=3
"TuneUp.Defrag"=3
"iPod Service"=3
"btwdins"=2
"Bonjour Service"=2
"WZCOOK"=3
"WLSetupSvc"=3
"usnjsvc"=3
"Adobe LM Service"=3
"NSCService"=2
"javaquickstarterservice"=2
"IJPLMSVC"=2
"hpqwmiex"=2
"avast!antivirus"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ehpimpfj]
C:\WINDOWS\system32\yzrcruf.dll [2006-03-25 104448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mfnxpha]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=144
"NoDrives"=00000000
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\hp\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\hp\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe"="C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe:*:Enabled:NAVBrowser"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f8e94b9-33f8-11de-83f5-001636a381df}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63db7e8b-b62f-11dd-838e-001636a381df}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf7c0c01-e08e-11dc-8294-0018dea2f451}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

======List of files/folders created in the last 1 months======

2009-10-19 19:43:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-19 18:50:09 ----D---- C:\UsbFix
2009-10-19 18:27:58 ----D---- C:\Program Files\trend micro
2009-10-19 18:27:56 ----D---- C:\rsit
2009-10-16 23:13:44 ----D---- C:\Program Files\Tunatic
2009-10-16 11:01:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-16 10:18:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-16 10:01:04 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-13 18:05:07 ----D---- C:\Program Files\Unlocker
2009-10-13 12:12:03 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2009-10-09 22:27:36 ----D---- C:\Program Files\Traction Software
2009-10-09 18:09:33 ----D---- C:\Program Files\JRE
2009-10-06 17:21:58 ----D---- C:\Program Files\Fichiers communs\Skype
2009-10-04 12:51:23 ----D---- C:\Documents and Settings\hp\Application Data\StreamTorrent
2009-10-04 12:51:22 ----D---- C:\Program Files\StreamTorrent 1.0
2009-09-26 16:55:07 ----D---- C:\Program Files\sina

======List of files/folders modified in the last 1 months======

2009-10-19 20:09:36 ----D---- C:\WINDOWS\Temp
2009-10-19 20:04:14 ----D---- C:\WINDOWS\system32
2009-10-19 20:04:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-19 20:01:44 ----D---- C:\Program Files\Mozilla Firefox
2009-10-19 19:59:53 ----SHD---- C:\System Volume Information
2009-10-19 19:59:14 ----D---- C:\Program Files
2009-10-19 19:43:51 ----D---- C:\WINDOWS\system32\drivers
2009-10-19 19:32:58 ----D---- C:\Program Files\Mozilla Thunderbird
2009-10-19 18:59:14 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-19 18:54:16 ----D---- C:\WINDOWS\system32\Restore
2009-10-19 17:50:59 ----D---- C:\WINDOWS\Prefetch
2009-10-18 21:05:07 ----D---- C:\Documents and Settings\hp\Application Data\dvdcss
2009-10-18 21:03:13 ----D---- C:\Documents and Settings\hp\Application Data\vlc
2009-10-18 14:45:08 ----D---- C:\Documents and Settings\hp\Application Data\utorrent
2009-10-17 23:27:02 ----D---- C:\WINDOWS
2009-10-17 17:54:28 ----AC---- C:\WINDOWS\WININIT.INI
2009-10-17 10:00:44 ----D---- C:\Program Files\FreeUndelete
2009-10-16 19:07:26 ----SHD---- C:\WINDOWS\Installer
2009-10-16 19:07:26 ----SHD---- C:\Config.Msi
2009-10-16 10:23:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-16 10:10:49 ----D---- C:\WINDOWS\Tasks
2009-10-16 10:07:08 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-13 21:06:05 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJ
2009-10-13 21:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2009-10-13 12:36:06 ----D---- C:\Program Files\AVS4YOU
2009-10-13 11:42:01 ----D---- C:\Program Files\QuickTime
2009-10-13 11:38:52 ----D---- C:\Program Files\Fichiers communs\Apple
2009-10-13 11:37:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-13 11:37:21 ----HD---- C:\WINDOWS\inf
2009-10-13 11:37:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-09 22:27:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-09 19:24:59 ----D---- C:\Program Files\uTorrent
2009-10-09 18:16:18 ----RSD---- C:\WINDOWS\assembly
2009-10-09 18:10:41 ----RSD---- C:\WINDOWS\Fonts
2009-10-09 18:09:19 ----D---- C:\Program Files\OpenOffice.org 3
2009-10-06 17:24:06 ----D---- C:\Documents and Settings\hp\Application Data\Skype
2009-10-06 17:21:58 ----RD---- C:\Program Files\Skype
2009-10-06 17:21:58 ----D---- C:\Program Files\Fichiers communs
2009-10-06 17:21:51 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-10-06 17:11:45 ----D---- C:\Documents and Settings\hp\Application Data\skypePM
2009-10-05 20:40:44 ----N---- C:\WINDOWS\win.ini
2009-10-04 21:58:03 ----D---- C:\Program Files\DAP
2009-09-28 17:53:34 ----D---- C:\Documents and Settings\hp\Application Data\Microsoft
2009-09-26 16:54:14 ----D---- C:\WINDOWS\Downloaded Program Files
2009-09-26 16:53:07 ----D---- C:\Documents and Settings\hp\Application Data\Audacity
2009-09-26 16:29:21 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-10-24 34824]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-25 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-25 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-25 55936]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-11 179200]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-26 581632]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidIr;Pilote HID infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-21 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-21 208000]
R3 IrBus;Pilote de filtre de bus infrarouge pour les contrôles distants eHome; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-05-26 9856]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-17 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-23 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-02 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-21 727296]
S1 cf1821ad;cf1821ad; C:\WINDOWS\System32\drivers\cf1821ad.sys []
S1 f44240d1;f44240d1; C:\WINDOWS\System32\drivers\f44240d1.sys []
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ; C:\WINDOWS\System32\Drivers\5U870CAP.sys [2006-06-07 61952]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 182656]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MODBDA2;DiBcom MOD3000 TV receiver; C:\WINDOWS\System32\Drivers\modbda2.sys [2006-06-13 33024]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Slnt7554;USB Soft Modem Driver; C:\WINDOWS\system32\DRIVERS\slnt7554.sys [2004-08-03 129535]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-03 95424]
S3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-22 1429632]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 mchinjdrv;mchinjdrv; \??\C:\DOCUME~1\hp\LOCALS~1\Temp\mc21.tmp []
S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-20 143426]
R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
R2 xuejgvsp;Microsoft UAA Function for High Definition Audio ServiceMonitor; C:\WINDOWS\System32\svchost.exe [2009-05-09 14336]
S2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe []
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ehttpsrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-10-24 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ipod service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2009-05-09 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-24 72704]
S4 bonjour service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2006-05-12 258103]
S4 ccEvtMgr;Symantec Event Manager; c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe []
S4 ccSetMgr;Symantec Settings Manager; c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe []
S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S4 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
S4 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-16 152984]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-05-18 49152]
S4 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
S4 NSCService;Service Norton Protection Center; C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE []
S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WZCOOK;WEP/WPA-PMK key recovery service; C:\Documents and Settings\hp\Bureau\air crack\aircrack-2.41\win32\wzcook.exe []

-----------------EOF-----------------

| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 18:25:07

1/

Lance ce fichier : C:\Program Files\trend micro\hp.exe

Choisis Do a system scan only.

Coche les cases qui sont devant les lignes suivantes :

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: (no name) - {0f960f18-27f4-4bfc-824a-e49486b59239} - C:\WINDOWS\system32\lqqwyxex.dll

O2 - BHO: (no name) - {15f75187-3c68-4a04-9f42-7da15ded5067} - c:\windows\system32\yzrcruf.dll

O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe

O20 - Winlogon Notify: ehpimpfj - C:\WINDOWS\SYSTEM32\yzrcruf.dll

O20 - Winlogon Notify: mfnxpha - C:\WINDOWS\

Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

Ferme HijackThis.

2/

Télécharge OTM (OldTimer) sur ton Bureau.

Double-clique sur OTM.exe afin de le lancer.

Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:services
cf1821ad
f44240d1
WZCOOK

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hp^Menu Démarrer^Programmes^Démarrage^Memeo AutoBackup Launcher.lnk]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf7c0c01-e08e-11dc-8294-0018dea2f451}]

:files
C:\WINDOWS\system32\lqqwyxex.dll
c:\windows\system32\yzrcruf.dll

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

Clique maintenant sur le bouton MoveIt! puis ferme OTM.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 18:33:53

Rapport OTM:

Files moved on Reboot...
C:\WINDOWS\system32\lqqwyxex.dll unregistered successfully.
File move failed. C:\WINDOWS\system32\lqqwyxex.dll scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\yzrcruf.dll
c:\windows\system32\yzrcruf.dll NOT unregistered.
File move failed. c:\windows\system32\yzrcruf.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Il faut redémarrer de nouveau je suppose.

edit: le redémarrage automatique n'ayant pas fonctionné j'ai relancé la procédure et voici le nouveau fichier log:

Error: Unable to interpret <Files moved on Reboot...> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\lqqwyxex.dll unregistered successfully.> in the current context!
Error: Unable to interpret <File move failed. C:\WINDOWS\system32\lqqwyxex.dll scheduled to be moved on reboot.> in the current context!
Error: Unable to interpret <LoadLibrary failed for c:\windows\system32\yzrcruf.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\yzrcruf.dll NOT unregistered.> in the current context!
Error: Unable to interpret <File move failed. c:\windows\system32\yzrcruf.dll scheduled to be moved on reboot.> in the current context!
Error: Unable to interpret <Registry entries deleted on Reboot...> in the current context!

OTM by OldTimer - Version 3.0.0.6 log created on 10192009_203421

| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 18:36:58

Moué... Nous allons utiliser un outil plus puissant.

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Il va te demander d'installer la console de récupération : accepte.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 19:00:47

Rapport ComboFix:

ComboFix 09-10-18.06 - hp 19/10/2009 20:47.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1476 [GMT 2:00]
Lancé depuis: c:\documents and settings\hp\Bureau\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Un antivirus résident est actif

.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\SuperCopier2\SC2Hook.dll

ADS - WINDOWS: deleted 48 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\755020800.exe
c:\recycler\S-1-5-21-0367936994-8369958338-978018945-7476
C:\teacd.tmp
C:\test.txt
c:\windows\Installer\171070a.msi
c:\windows\Installer\18d92ab.msi
c:\windows\Installer\7057aa.msi
c:\windows\Installer\aeaa905.msi
c:\windows\kb913800.exe
c:\windows\system32\auegdfs.dll
c:\windows\system32\drivers\frfpdcbp.sys
c:\windows\system32\drivers\nvnwlpra.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\lqqwyxex.dll
c:\windows\system32\yzrcruf.dll
E:\Autorun.inf
c:\windows\system32\drivers\4c1f3b39.sys . . . . impossible à supprimer

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_avast!antivirus
-------\Legacy_nvnwlpra
-------\Legacy_NWCWORKSTATION
-------\Legacy_tcpsr
-------\Legacy_xuejgvsp
-------\Service_nvnwlpra
-------\Service_NWCWorkstation
-------\Service_xuejgvsp
-------\Service_4c1f3b39

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-19 au 2009-10-19 ))))))))))))))))))))))))))))))))))))
.

2009-10-19 18:30 . 2009-10-19 18:30 -------- d-----w- C:\_OTM
2009-10-19 17:43 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 17:43 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 17:43 . 2009-10-19 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 16:50 . 2009-10-19 17:41 -------- d-----w- C:\UsbFix
2009-10-19 16:27 . 2009-10-19 18:29 -------- d-----w- c:\program files\trend micro
2009-10-19 16:27 . 2009-10-19 16:31 -------- d-----w- C:\rsit
2009-10-16 21:13 . 2009-10-16 21:13 -------- d-----w- c:\program files\Tunatic
2009-10-16 08:18 . 2009-10-16 08:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-13 16:05 . 2009-10-13 16:05 -------- d-----w- c:\program files\Unlocker
2009-10-13 10:12 . 2009-10-13 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-09 20:27 . 2009-10-09 20:27 -------- d-----w- c:\program files\Traction Software
2009-10-09 16:09 . 2009-10-09 16:09 -------- d-----w- c:\program files\JRE
2009-10-06 15:21 . 2009-10-06 15:21 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-10-04 10:51 . 2009-10-04 10:51 -------- d-----w- c:\documents and settings\hp\Application Data\StreamTorrent
2009-10-04 10:51 . 2009-10-04 10:51 -------- d-----w- c:\program files\StreamTorrent 1.0
2009-09-26 14:55 . 2009-09-26 14:55 -------- d-----w- c:\program files\sina

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 18:54 . 2009-05-09 20:21 97020 ----a-w- c:\windows\system32\drivers\4c1f3b39.sys
2009-10-19 18:52 . 2007-04-30 01:19 -------- d-----w- c:\program files\SuperCopier2
2009-10-19 18:43 . 2006-03-25 11:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-10-19 18:41 . 2006-06-29 16:24 80948 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-19 18:41 . 2006-06-29 16:24 486692 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-19 18:39 . 2008-03-02 01:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-19 18:38 . 2007-05-08 11:14 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-19 18:27 . 2009-05-04 22:48 -------- d-----w- c:\documents and settings\hp\Application Data\vlc
2009-10-18 19:05 . 2007-07-20 12:37 -------- d-----w- c:\documents and settings\hp\Application Data\dvdcss
2009-10-18 12:45 . 2007-04-28 23:52 -------- d-----w- c:\documents and settings\hp\Application Data\utorrent
2009-10-17 08:00 . 2009-07-05 12:45 -------- d-----w- c:\program files\FreeUndelete
2009-10-16 08:26 . 2007-07-01 18:21 6832 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-16 08:23 . 2007-12-18 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-13 19:06 . 2009-04-24 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
2009-10-13 19:05 . 2009-04-24 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-10-13 10:36 . 2009-08-17 16:48 -------- d-----w- c:\program files\AVS4YOU
2009-10-13 09:42 . 2008-03-08 18:13 -------- d-----w- c:\program files\QuickTime
2009-10-13 09:38 . 2007-09-29 12:44 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-10-09 20:27 . 2007-02-28 17:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-09 18:56 . 2007-04-18 15:05 84240 -c--a-w- c:\documents and settings\hp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 17:24 . 2008-08-13 08:07 -------- d-----w- c:\program files\uTorrent
2009-10-09 16:09 . 2008-11-13 17:57 -------- d-----w- c:\program files\OpenOffice.org 3
2009-10-06 15:24 . 2007-04-28 23:02 -------- d-----w- c:\documents and settings\hp\Application Data\Skype
2009-10-06 15:21 . 2007-09-12 16:00 -------- d-----r- c:\program files\Skype
2009-10-06 15:21 . 2007-04-28 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-06 15:11 . 2009-01-27 18:13 -------- d-----w- c:\documents and settings\hp\Application Data\skypePM
2009-10-04 19:58 . 2008-11-14 13:53 -------- d-----w- c:\program files\DAP
2009-09-26 14:53 . 2007-10-24 17:36 -------- d-----w- c:\documents and settings\hp\Application Data\Audacity
2009-09-15 17:10 . 2009-09-15 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-09-15 17:10 . 2009-01-11 20:11 -------- d-----w- c:\program files\TVUPlayer
2007-04-30 19:46 . 2007-04-30 19:46 362 -c--a-w- c:\program files\ffdsvsetts.reg
2007-04-30 19:46 . 2007-04-30 19:46 1446 -c--a-w- c:\program files\ffdssetts.reg
2007-04-30 19:46 . 2007-04-30 19:46 1172 -c--a-w- c:\program files\ffdsasetts.reg
2007-04-30 19:46 . 2007-04-30 19:46 1002 ----a-w- c:\program files\mpc5.reg
2007-04-30 19:46 . 2007-04-30 19:46 4704 ----a-w- c:\program files\satsukidecodersettings.ini
2007-04-30 18:03 . 2007-04-30 18:03 251 ----a-w- c:\program files\wt3d.ini
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-03-25 03:00 . 2008-04-21 23:13 60416 -csha-w- c:\windows\Packs\SysFiles\26_MSIMN.EXE
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff6c3cf0-4b15-11d1-abed-709549c10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Synaptics TouchPad Enhancements"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-07-26 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"mnmsrvc"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"iPod Service"=3 (0x3)
"btwdins"=2 (0x2)
"Bonjour Service"=2 (0x2)
"WZCOOK"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"NSCService"=2 (0x2)
"javaquickstarterservice"=2 (0x2)
"IJPLMSVC"=2 (0x2)
"hpqwmiex"=2 (0x2)
"avast!antivirus"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /installquiet /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\hp\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE\\EregFre\\NAVBrowser.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uusee\\UUSeePlayer.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/10/2008 20:53 34824]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 20:51 468224]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [07/06/2006 05:39 61952]
S3 MODBDA2;DiBcom MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [13/06/2006 10:53 33024]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [18/04/2008 18:05 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [18/04/2008 18:05 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [18/04/2008 18:05 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s716mgmt.sys [18/04/2008 18:07 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\drivers\s716nd5.sys [18/04/2008 18:08 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\drivers\s716obex.sys [18/04/2008 18:07 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\drivers\s716unic.sys [18/04/2008 18:07 98952]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [25/06/2007 15:08 129535]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - NVNWLPRA
*Deregistered* - mchinjdrv
*Deregistered* - nvnwlpra

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2061F7AD-FF51-FF52-7CDB-9101507869AF}]
c:\program files\Winhelper\Winhelper.exe s
.
Contenu du dossier 'Tâches planifiées'

2009-10-16 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-21 11:14]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:7171
IE: &clean traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &download with &dap - c:\program files\DAP\dapextie.htm
IE: download &all with dap - c:\program files\DAP\dapextie2.htm
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\documents and settings\hp\Application Data\Mozilla\Firefox\Profiles\zx3j554g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.footballfilter.com/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\hp\Application Data\Mozilla\Firefox\Profiles\zx3j554g.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: network.http.max-connections-per-server - 8
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{0f960f18-27f4-4bfc-824a-e49486b59239} - c:\windows\system32\lqqwyxex.dll
Notify-mfnxpha - (no file)
Notify-WB - (no file)
AddRemove-hijackthis - c:\docume~1\hp\LOCALS~1\Temp\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 20:54
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchinjdrv]
"ImagePath"="\??\c:\docume~1\hp\LOCALS~1\Temp\mc22.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\4c1f3b39]
"ImagePath"="\SystemRoot\System32\drivers\4c1f3b39.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\s-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\s-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\s-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25F5F4DE-111D-EE05-78E7-8CAC396A5403}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abfhjkehidakeaoojbmpelpjbomaeoajbn"=hex:61,61,00,00
"bbfhjkehidakeaoojbfbljpbehcmcaneaiaf"=hex:61,61,00,00

[HKEY_USERS\s-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE2A26FA-CE31-A583-C57E-12685D7D77EA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iablhjgohnpmggidjo"=hex:6b,61,65,6e,6b,61,6b,63,61,6c,69,62,63,6d,69,61,66,66,
6f,6a,6d,6e,00,00
"hahkjpannahcebbi"=hex:6b,61,65,6e,6b,61,6b,63,61,6c,69,62,63,6d,69,61,66,66,
6f,6a,6d,6e,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1396)
c:\program files\SuperCopier2\SC2Hook.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\nvsvc32.exe
c:\combofix\CF16447.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2009-10-19 20:59 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-19 18:59

Avant-CF: 8 763 412 480 octets libres
Après-CF: 8 618 549 248 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 404050B5A285CAC4E579D5DCA5175910

| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 19:03:08

Bien, tu peux recommencer ?

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 19:36:32

Nouveau rapport ComboFix:

ComboFix 09-10-18.06 - hp 19/10/2009 21:27.3.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1612 [GMT 2:00]
Lancé depuis: c:\documents and settings\hp\Bureau\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\SuperCopier2\SC2Hook.dll

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\windows\system32\drivers\4c1f3b39.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_4c1f3b39

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-19 au 2009-10-19 ))))))))))))))))))))))))))))))))))))
.

2009-10-19 18:30 . 2009-10-19 18:30 -------- d-----w- C:\_OTM
2009-10-19 17:43 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 17:43 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 17:43 . 2009-10-19 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 16:50 . 2009-10-19 17:41 -------- d-----w- C:\UsbFix
2009-10-19 16:27 . 2009-10-19 18:29 -------- d-----w- c:\program files\trend micro
2009-10-19 16:27 . 2009-10-19 16:31 -------- d-----w- C:\rsit
2009-10-16 21:13 . 2009-10-16 21:13 -------- d-----w- c:\program files\Tunatic
2009-10-16 08:18 . 2009-10-16 08:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-13 16:05 . 2009-10-13 16:05 -------- d-----w- c:\program files\Unlocker
2009-10-13 10:12 . 2009-10-13 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-09 20:27 . 2009-10-09 20:27 -------- d-----w- c:\program files\Traction Software
2009-10-09 16:09 . 2009-10-09 16:09 -------- d-----w- c:\program files\JRE
2009-10-06 15:21 . 2009-10-06 15:21 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-10-04 10:51 . 2009-10-04 10:51 -------- d-----w- c:\documents and settings\hp\Application Data\StreamTorrent
2009-10-04 10:51 . 2009-10-04 10:51 -------- d-----w- c:\program files\StreamTorrent 1.0
2009-09-26 14:55 . 2009-09-26 14:55 -------- d-----w- c:\program files\sina

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 19:27 . 2007-04-30 01:19 -------- d-----w- c:\program files\SuperCopier2
2009-10-19 19:18 . 2006-06-29 16:24 80948 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-19 19:18 . 2006-06-29 16:24 486692 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-19 18:43 . 2006-03-25 11:00 182656 ------w- c:\windows\system32\drivers\ndis.sys
2009-10-19 18:39 . 2008-03-02 01:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-19 18:38 . 2007-05-08 11:14 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-19 18:27 . 2009-05-04 22:48 -------- d-----w- c:\documents and settings\hp\Application Data\vlc
2009-10-18 19:05 . 2007-07-20 12:37 -------- d-----w- c:\documents and settings\hp\Application Data\dvdcss
2009-10-18 12:45 . 2007-04-28 23:52 -------- d-----w- c:\documents and settings\hp\Application Data\utorrent
2009-10-17 08:00 . 2009-07-05 12:45 -------- d-----w- c:\program files\FreeUndelete
2009-10-16 08:26 . 2007-07-01 18:21 6832 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-16 08:23 . 2007-12-18 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-13 19:06 . 2009-04-24 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
2009-10-13 19:05 . 2009-04-24 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-10-13 10:36 . 2009-08-17 16:48 -------- d-----w- c:\program files\AVS4YOU
2009-10-13 09:42 . 2008-03-08 18:13 -------- d-----w- c:\program files\QuickTime
2009-10-13 09:38 . 2007-09-29 12:44 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-10-09 20:27 . 2007-02-28 17:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-09 18:56 . 2007-04-18 15:05 84240 -c--a-w- c:\documents and settings\hp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 17:24 . 2008-08-13 08:07 -------- d-----w- c:\program files\uTorrent
2009-10-09 16:09 . 2008-11-13 17:57 -------- d-----w- c:\program files\OpenOffice.org 3
2009-10-06 15:24 . 2007-04-28 23:02 -------- d-----w- c:\documents and settings\hp\Application Data\Skype
2009-10-06 15:21 . 2007-09-12 16:00 -------- d-----r- c:\program files\Skype
2009-10-06 15:21 . 2007-04-28 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-06 15:11 . 2009-01-27 18:13 -------- d-----w- c:\documents and settings\hp\Application Data\skypePM
2009-10-04 19:58 . 2008-11-14 13:53 -------- d-----w- c:\program files\DAP
2009-09-26 14:53 . 2007-10-24 17:36 -------- d-----w- c:\documents and settings\hp\Application Data\Audacity
2009-09-15 17:10 . 2009-09-15 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-09-15 17:10 . 2009-01-11 20:11 -------- d-----w- c:\program files\TVUPlayer
2007-04-30 19:46 . 2007-04-30 19:46 362 -c--a-w- c:\program files\ffdsvsetts.reg
2007-04-30 19:46 . 2007-04-30 19:46 1446 -c--a-w- c:\program files\ffdssetts.reg
2007-04-30 19:46 . 2007-04-30 19:46 1172 -c--a-w- c:\program files\ffdsasetts.reg
2007-04-30 19:46 . 2007-04-30 19:46 1002 ----a-w- c:\program files\mpc5.reg
2007-04-30 19:46 . 2007-04-30 19:46 4704 ----a-w- c:\program files\satsukidecodersettings.ini
2007-04-30 18:03 . 2007-04-30 18:03 251 ----a-w- c:\program files\wt3d.ini
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-03-25 03:00 . 2008-04-21 23:13 60416 -csha-w- c:\windows\Packs\SysFiles\26_MSIMN.EXE
.

((((((((((((((((((((((((((((( SnapShot@2009-10-19_18.54.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-06-29 16:24 . 2009-10-19 18:41 66820 c:\windows\system32\perfc009.dat
+ 2006-06-29 16:24 . 2009-10-19 19:18 66820 c:\windows\system32\perfc009.dat
+ 2006-06-29 16:24 . 2009-10-19 19:18 417382 c:\windows\system32\perfh009.dat
- 2006-06-29 16:24 . 2009-10-19 18:41 417382 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff6c3cf0-4b15-11d1-abed-709549c10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Synaptics TouchPad Enhancements"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-07-26 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"mnmsrvc"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"iPod Service"=3 (0x3)
"btwdins"=2 (0x2)
"Bonjour Service"=2 (0x2)
"WZCOOK"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"NSCService"=2 (0x2)
"javaquickstarterservice"=2 (0x2)
"IJPLMSVC"=2 (0x2)
"hpqwmiex"=2 (0x2)
"avast!antivirus"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /installquiet /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\hp\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE\\EregFre\\NAVBrowser.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uusee\\UUSeePlayer.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/10/2008 20:53 34824]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 20:51 468224]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [07/06/2006 05:39 61952]
S3 MODBDA2;DiBcom MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [13/06/2006 10:53 33024]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [18/04/2008 18:05 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [18/04/2008 18:05 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [18/04/2008 18:05 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s716mgmt.sys [18/04/2008 18:07 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\drivers\s716nd5.sys [18/04/2008 18:08 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\drivers\s716obex.sys [18/04/2008 18:07 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\drivers\s716unic.sys [18/04/2008 18:07 98952]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [25/06/2007 15:08 129535]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2061F7AD-FF51-FF52-7CDB-9101507869AF}]
c:\program files\Winhelper\Winhelper.exe s
.
Contenu du dossier 'Tâches planifiées'

2009-10-16 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-21 11:14]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:7171
IE: &clean traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &download with &dap - c:\program files\DAP\dapextie.htm
IE: download &all with dap - c:\program files\DAP\dapextie2.htm
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\documents and settings\hp\Application Data\Mozilla\Firefox\Profiles\zx3j554g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.footballfilter.com/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\hp\Application Data\Mozilla\Firefox\Profiles\zx3j554g.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: network.http.max-connections-per-server - 8
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 21:33
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\hp\LOCALS~1\Temp\mc21.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25F5F4DE-111D-EE05-78E7-8CAC396A5403}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abfhjkehidakeaoojbmpelpjbomaeoajbn"=hex:61,61,00,00
"bbfhjkehidakeaoojbfbljpbehcmcaneaiaf"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE2A26FA-CE31-A583-C57E-12685D7D77EA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iablhjgohnpmggidjo"=hex:6b,61,65,6e,6b,61,6b,63,61,6c,69,62,63,6d,69,61,66,66,
6f,6a,6d,6e,00,00
"hahkjpannahcebbi"=hex:6b,61,65,6e,6b,61,6b,63,61,6c,69,62,63,6d,69,61,66,66,
6f,6a,6d,6e,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3296)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2009-10-19 21:36
ComboFix-quarantined-files.txt 2009-10-19 19:35
ComboFix2.txt 2009-10-19 18:59

Avant-CF: 8 618 123 264 octets libres
Après-CF: 8 572 805 120 octets libres

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 965061CB6E0478D74F061BFCE363E0D8

| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 20:01:18

Menu Démarrer > Exécuter > Tape ComboFix /u et valide.

Pourquoi as-tu désactivé des services ?

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 20:05:00

En fait j'ai du relancer de manière forcée ComboFix car tout le PC avait planté. C'est la seule chose de spécial que j'ai fait.

| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 20:07:33

Non mais il y a des services d'Avast et de Norton par exemple qui sont désactivés.

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 20:08:36

Ce sont des antivirus que je n'utilise plus et que je pensais avoir entièrement désinstallés.

| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 20:14:18

Pour supprimer les traces d'Avast :
http://www.avast.com/fre/avast-uninstall-utility.html

Pour supprimer les traces de Norton :
ftp://ftp.symantec.com/public/english_us_canada/removal...

Désinstalle les programmes suivants :
- J2SE Runtime Environment 5.0 Update 6
- Java 6 Update 13
- Java 6 Update 3
- Java 6 Update 4
- Java 6 Update 5
- Java 6 Update 7
- Java SE Runtime Environment 6 Update 1
- Java SE Runtime Environment 6

Mets à jour Java.

Mets à jour Adobe Reader.

Refais un scan RSIT et poste le rapport log.

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 20:30:50

Rapport log de RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by hp at 2009-10-19 22:28:57
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 9 GB (10%) free of 87 GB
Total RAM: 2046 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:04, on 19/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\hp\Bureau\RSIT.exe
C:\Program Files\trend micro\hp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: DAPIELoader Class - {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Synaptics TouchPad Enhancements] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O8 - Extra context menu item: &clean traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &download with &dap - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: download &all with dap - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

--
End of file - 6782 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff6c3cf0-4b15-11d1-abed-709549c10000}]
DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2009-06-24 140880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-26 61952]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-20 7581696]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-10-24 1451264]
"nwiz"=nwiz.exe /install []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"Synaptics TouchPad Enhancements"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2
"SPBBCSvc"=3
"SNDSrvc"=3
"ccSetMgr"=2
"ccProxy"=2
"ccISPwdSvc"=3
"ccEvtMgr"=2
"aawservice"=2
"avast! Web Scanner"=3
"avast! Mail Scanner"=3
"avast! Antivirus"=2
"aswUpdSv"=2
"Apple Mobile Device"=2
"mnmsrvc"=3
"TuneUp.Defrag"=3
"iPod Service"=3
"btwdins"=2
"Bonjour Service"=2
"WZCOOK"=3
"WLSetupSvc"=3
"usnjsvc"=3
"Adobe LM Service"=3
"NSCService"=2
"javaquickstarterservice"=2
"IJPLMSVC"=2
"hpqwmiex"=2
"avast!antivirus"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\hp\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\hp\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe"="C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe:*:Enabled:NAVBrowser"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled

ownload Accelerator Plus (DAP)"
"C:\Documents and Settings\hp\Local Settings\Temp\7zS7DB.tmp\SymNRT.exe"="C:\Documents and Settings\hp\Local Settings\Temp\7zS7DB.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-10-19 22:05:05 ----SD---- C:\ComboFix
2009-10-19 21:36:09 ----D---- C:\WINDOWS\temp
2009-10-19 21:36:07 ----A---- C:\ComboFix.txt
2009-10-19 20:44:33 ----A---- C:\Boot.bak
2009-10-19 20:44:11 ----RASHD---- C:\cmdcons
2009-10-19 20:41:54 ----D---- C:\WINDOWS\ERDNT
2009-10-19 20:30:18 ----D---- C:\_OTM
2009-10-19 19:43:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-19 18:50:09 ----D---- C:\UsbFix
2009-10-19 18:27:58 ----D---- C:\Program Files\trend micro
2009-10-19 18:27:56 ----D---- C:\rsit
2009-10-16 23:13:44 ----D---- C:\Program Files\Tunatic
2009-10-16 11:01:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-16 10:18:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-16 10:01:04 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-13 18:05:07 ----D---- C:\Program Files\Unlocker
2009-10-13 12:12:03 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2009-10-09 22:27:36 ----D---- C:\Program Files\Traction Software
2009-10-09 18:09:33 ----D---- C:\Program Files\JRE
2009-10-06 17:21:58 ----D---- C:\Program Files\Fichiers communs\Skype
2009-10-04 12:51:23 ----D---- C:\Documents and Settings\hp\Application Data\StreamTorrent
2009-10-04 12:51:22 ----D---- C:\Program Files\StreamTorrent 1.0
2009-09-26 16:55:07 ----D---- C:\Program Files\sina

======List of files/folders modified in the last 1 months======

2009-10-19 22:27:46 ----AD---- C:\WINDOWS
2009-10-19 22:27:33 ----SHD---- C:\System Volume Information
2009-10-19 22:27:26 ----D---- C:\Program Files
2009-10-19 22:26:51 ----D---- C:\Program Files\SuperCopier2
2009-10-19 22:26:01 ----HD---- C:\WINDOWS\inf
2009-10-19 22:26:01 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-19 22:24:17 ----D---- C:\Program Files\Mozilla Firefox
2009-10-19 22:23:52 ----D---- C:\Config.Msi
2009-10-19 22:23:36 ----D---- C:\WINDOWS\system32
2009-10-19 22:23:29 ----SHD---- C:\WINDOWS\Installer
2009-10-19 22:23:13 ----D---- C:\Program Files\Java
2009-10-19 22:20:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-19 22:18:20 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-19 22:17:33 ----D---- C:\WINDOWS\system32\drivers
2009-10-19 22:05:17 ----D---- C:\WINDOWS\system32\Restore
2009-10-19 21:56:34 ----D---- C:\Program Files\Mozilla Thunderbird
2009-10-19 21:33:29 ----N---- C:\WINDOWS\system.ini
2009-10-19 21:31:32 ----D---- C:\WINDOWS\AppPatch
2009-10-19 21:31:26 ----D---- C:\Program Files\Fichiers communs
2009-10-19 21:18:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-19 21:12:06 ----D---- C:\WINDOWS\system32\config
2009-10-19 20:44:34 ----RASH---- C:\boot.ini
2009-10-19 20:27:13 ----D---- C:\Documents and Settings\hp\Application Data\vlc
2009-10-19 17:50:59 ----D---- C:\WINDOWS\Prefetch
2009-10-18 21:05:07 ----D---- C:\Documents and Settings\hp\Application Data\dvdcss
2009-10-18 14:45:08 ----D---- C:\Documents and Settings\hp\Application Data\utorrent
2009-10-17 17:54:28 ----AC---- C:\WINDOWS\WININIT.INI
2009-10-17 10:00:44 ----D---- C:\Program Files\FreeUndelete
2009-10-16 10:23:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-16 10:10:49 ----D---- C:\WINDOWS\Tasks
2009-10-16 10:07:08 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-13 21:06:05 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJ
2009-10-13 21:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2009-10-13 12:36:06 ----D---- C:\Program Files\AVS4YOU
2009-10-13 11:42:01 ----D---- C:\Program Files\QuickTime
2009-10-13 11:38:52 ----D---- C:\Program Files\Fichiers communs\Apple
2009-10-13 11:37:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-09 22:27:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-09 19:24:59 ----D---- C:\Program Files\uTorrent
2009-10-09 18:16:18 ----RSD---- C:\WINDOWS\assembly
2009-10-09 18:10:41 ----RSD---- C:\WINDOWS\Fonts
2009-10-09 18:09:19 ----D---- C:\Program Files\OpenOffice.org 3
2009-10-06 17:24:06 ----D---- C:\Documents and Settings\hp\Application Data\Skype
2009-10-06 17:21:58 ----RD---- C:\Program Files\Skype
2009-10-06 17:21:51 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-10-06 17:11:45 ----D---- C:\Documents and Settings\hp\Application Data\skypePM
2009-10-05 20:40:44 ----N---- C:\WINDOWS\win.ini
2009-10-04 21:58:03 ----D---- C:\Program Files\DAP
2009-09-28 17:53:34 ----D---- C:\Documents and Settings\hp\Application Data\Microsoft
2009-09-26 16:54:14 ----D---- C:\WINDOWS\Downloaded Program Files
2009-09-26 16:53:07 ----D---- C:\Documents and Settings\hp\Application Data\Audacity
2009-09-26 16:29:21 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-10-24 34824]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-25 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-25 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-25 55936]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-11 179200]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-26 581632]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidIr;Pilote HID infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-21 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-21 208000]
R3 IrBus;Pilote de filtre de bus infrarouge pour les contrôles distants eHome; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-05-26 9856]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-17 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-23 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-02 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-21 727296]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ; C:\WINDOWS\System32\Drivers\5U870CAP.sys [2006-06-07 61952]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 148168]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 catchme;catchme; \??\C:\DOCUME~1\hp\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MODBDA2;DiBcom MOD3000 TV receiver; C:\WINDOWS\System32\Drivers\modbda2.sys [2006-06-13 33024]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Slnt7554;USB Soft Modem Driver; C:\WINDOWS\system32\DRIVERS\slnt7554.sys [2004-08-03 129535]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-03 95424]
S3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-22 1429632]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\hp\LOCALS~1\Temp\mc21.tmp []
S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-20 143426]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796]
S2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe []
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ehttpsrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-10-24 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ipod service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2009-05-09 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-24 72704]
S4 bonjour service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2006-05-12 258103]
S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S4 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-05-18 49152]
S4 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 21:22:39

C'est beaucoup mieux.

Le PC va comment ?

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 21:26:44

Beaucoup mieux lui aussi, j'ai l'impression que tout tourne plus vite, l'affichage des pages web est plus rapide je trouve, c'est plus confortable pour surfer.

Merci beaucoup, tout est plus agréable, merci encore de m'avoir consacré autant de temps et d'efforts! Bonne nuit, Kenavo.

| Alerter

Répondre à Scippio

Destrio5

19 Octobre 2009 21:28:08

1/

Désinstalle HijackThis.

Télécharge ToolsCleaner2 sur ton Bureau.

Double-clique sur ToolsCleaner2.exe pour le lancer.

Clique sur Recherche et laisse le scan agir.

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options Facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2/

Télécharge et installe CCleaner Slim.

Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....

Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.

3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien

==Problème résolu ?==

--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer

.

Ajoute la mention [Résolu] devant le titre.

Clique ensuite sur Valider votre message.

Sois plus vigilant(e) sur Internet

| Alerter

Répondre à Destrio5

Scippio

19 Octobre 2009 21:36:19

Merci; c'est vrai que j'ai été laxiste ces derniers temps en ce qui concerne la santé de la bécane.

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\_OTM: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\hp\Bureau\OTM.exe: trouvé !
C:\Documents and Settings\hp\Bureau\Rsit.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\hp\Bureau\OTM.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\hp\Bureau\Rsit.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Combofix: supprimé !
C:\_OTM: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !