[Résolu] Virus ...

Bonjour,

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\Rsit.

Bonjour,

Merci pour votre réponse, ci dessous les 2 fichiers

Log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-01-14 11:59:50
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 8 GB (24%) free of 31 GB
Total RAM: 1014 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:00, on 14/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trust\MI-4520T Wireless Optical Tilt Mouse\moffice.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trust\MI-4520T Wireless Optical Tilt Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Administrateur\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4520T Wireless Optical Tilt Mouse\moffice.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Administrateur\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launch Softros Messenger.lnk = C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F804543-6758-43E1-B358-C98E4859D0C7}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{8F804543-6758-43E1-B358-C98E4859D0C7}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9630 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

et l'info .txt

info.txt logfile of random's system information tool 1.06 2010-01-14 12:00:03

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Alky for Applications (Windows XP)-->MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Parental Control-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{390FF986-468D-4CA9-8830-2C4B313F447F} /l1036
AutoCAD LT 2000 - Français-->C:\WINDOWS\unin040c.exe -fC:\PROGRA~1\AUTOCA~1\DeIsL1.isu -c"C:\PROGRA~1\AUTOCA~1\unaclt.dll
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chinese Simplified Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-900000000003}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
DeepBurner v1.9.0.228-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log" -u
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
Désinstaller L'Annuaire de l'Enseigne-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\enseigne\Setup.exe" -l0x40c -uninst
GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GPL Ghostscript 8.61-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.61\uninstal.txt"
GPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Inkscape 0.46-->C:\Program Files\Inkscape\Uninstall.exe
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LoudMo Contextual Ad Assistant-->C:\WINDOWS\system32\NLl7-I6.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Micro Application - PrintPratic 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC79B672-686B-4C0A-9402-12EA1A04A99C}\Setup.exe" -l0x40c
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Basic 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall BASICR /dll OSETUP.DLL
Microsoft Office Basic 2007-->MsiExec.exe /X{91120000-0013-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{165EB935-0893-4FB3-B6FD-4D2B638B69B2}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Onaya Acceptation Commandes-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{845E4C59-4424-4A2A-B67F-522A92276E18}\setup.exe" -l0x40c -uninst
Onaya Devis-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55AAF4DB-DE97-42BA-8EA0-21B55F5D1529}\setup.exe" -l0x40c -uninst
Onaya Facturation-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Aquitaine Informatique BTP\Uninst_f.isu"
Onaya Suivi-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Aquitaine Informatique BTP\Uninst_s.isu"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.1.1-->MsiExec.exe /X{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
PdfGrabber 5.0-->MsiExec.exe /I{6D9B4C6B-7879-477A-B5EE-7DF068B91F34}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Power IEv3-->MsiExec.exe /I{AF7C627C-F354-4FF1-8450-398C806B436E}
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Softros LAN Messenger-->"C:\Program Files\Softros Systems\Softros Messenger\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
TomTom HOME 2.6.4.1641-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
TRUST MI-4520T Wireless Optical Tilt Mouse-->C:\Program Files\Trust\MI-4520T Wireless Optical Tilt Mouse\uninst00.exe
Universal Viewer-->"C:\Program Files\Universal Viewer\Uninstall.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
VisiooWriter 0.6.1-->C:\visioowriter\uninst.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Winmail Reader 1.1.12-->"C:\Program Files\Winmail Reader\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe

======Hosts File======

127.0.0.1 localhost
192.168.1.200 serveur
192.168.1.200 serveur
192.168.1.200 serveur

======Security center information======

AV: AVG Anti-Virus Free
AV: AntiVir Desktop

======System event log======

Computer Name: NATH
Event Code: 4202
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{8F804543-6758-43E1-B358-C98E4859D0C7} était déconnectée du réseau,
et la configuration réseau de la carte a été abandonnée. Si la carte
réseau n'était pas déconnectée, ceci peut indiquer un disfonctionnement.
Contactez le fabricant pour des pilotes mis à jour.

Record Number: 6273
Source Name: Tcpip
Time Written: 20100111081918.000000+060
Event Type: Informations
User:

Computer Name: NATH
Event Code: 10
Message: Ce lecteur ne semble pas prendre en charge la lecture audio numérique.

Record Number: 6272
Source Name: redbook
Time Written: 20100111081918.000000+060
Event Type: Informations
User:

Computer Name: NATH
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 6271
Source Name: EventLog
Time Written: 20100111081906.000000+060
Event Type: Informations
User:

Computer Name: NATH
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 6270
Source Name: EventLog
Time Written: 20100111081906.000000+060
Event Type: Informations
User:

Computer Name: NATH
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.

Record Number: 6269
Source Name: EventLog
Time Written: 20100111081804.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: NATH
Event Code: 1802
Message: Le service Centre de sécurité de Windows n'a pas pu établir de requêtes d'événements avec WMI pour contrôler le programme antivirus et le pare-feu tiers.

Record Number: 504
Source Name: SecurityCenter
Time Written: 20090702173038.000000+120
Event Type: erreur
User:

Computer Name: NATH
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 503
Source Name: SecurityCenter
Time Written: 20090702172829.000000+120
Event Type: Informations
User:

Computer Name: NATH
Event Code: 1802
Message: Le service Centre de sécurité de Windows n'a pas pu établir de requêtes d'événements avec WMI pour contrôler le programme antivirus et le pare-feu tiers.

Record Number: 502
Source Name: SecurityCenter
Time Written: 20090702172828.000000+120
Event Type: erreur
User:

Computer Name: NATH
Event Code: 1002
Message: Application bloquée thunderbird.exe, version 1.8.20090.60502, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Record Number: 501
Source Name: Application Hang
Time Written: 20090702163334.000000+120
Event Type: erreur
User:

Computer Name: NATH
Event Code: 1000
Message: Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d.

Record Number: 500
Source Name: Application Error
Time Written: 20090702163316.000000+120
Event Type: erreur
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"GS_PROG"=C:\Program Files\gs\gs8.61\bin\gswin32.exe
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\PC Connectivity Solution\;C:\Program Files\Aquitaine Informatique BTP\Communs;C:\PROGRA~1\FICHIE~1\AUTODE~1;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Alky for Applications\Libraries\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0407
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

Le rapport log est incomplet.

Re rapport log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-01-14 11:59:50
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 8 GB (24%) free of 31 GB
Total RAM: 1014 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:00, on 14/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trust\MI-4520T Wireless Optical Tilt Mouse\moffice.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trust\MI-4520T Wireless Optical Tilt Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Administrateur\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4520T Wireless Optical Tilt Mouse\moffice.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Administrateur\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launch Softros Messenger.lnk = C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F804543-6758-43E1-B358-C98E4859D0C7}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{8F804543-6758-43E1-B358-C98E4859D0C7}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9630 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\SyncBack Aibtp Lundi Mercredi Vendredi.job
C:\WINDOWS\tasks\SyncBack Aibtp Mardi Jeudi.job
C:\WINDOWS\tasks\SyncBack Mail.job
C:\WINDOWS\tasks\SyncBack Saso Lundi Mercredi Vendredi.job
C:\WINDOWS\tasks\SyncBack Saso Mardi Jeudi.job
C:\WINDOWS\tasks\SyncBack SASO.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"NPSStartup"= []
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"FLMOFFICE4DMOUSE"=C:\Program Files\Trust\MI-4520T Wireless Optical Tilt Mouse\moffice.exe [2009-11-05 823296]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"F.lux"=C:\Documents and Settings\Administrateur\Local Settings\Apps\F.lux\flux.exe [2009-02-25 962560]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-06-03 251240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^La Chaîne Météo.lnk]
C:\PROGRA~1\LACHAN~1\LACHAN~1.EXE []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Launch Softros Messenger.lnk - C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
SyncBack.lnk - C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe"="C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe:*:Enabled:Messenger"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe"="C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe:*:Enabled:TomTom HOME"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Top Conges\congesSrv.exe"="C:\Program Files\Top Conges\congesSrv.exe:*:Enabled:Logiciel de gestion des plannings de congés - Module serveur"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Fichiers communs\XPressUpdate\XPressUpdate.exe"="C:\Program Files\Fichiers communs\XPressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cb13a95-8cb8-11de-a4ea-001372ce7a44}]
shell\AutoRun\command - I:\
shell\explore\command - I:\RECYCLED\INFO.exe
shell\open\command - I:\RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f45f0dff-6a10-11de-a4d9-001372ce7a44}]
shell\AutoRun\command - J:\InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2010-01-14 11:59:51 ----D---- C:\Program Files\trend micro
2010-01-14 11:59:50 ----D---- C:\rsit
2010-01-14 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-14 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-13 03:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-12 17:35:34 ----D---- C:\Program Files\Fichiers communs\HP
2010-01-12 17:33:45 ----D---- C:\Program Files\Hewlett-Packard
2010-01-12 17:19:39 ----A---- C:\WINDOWS\OEWABLog.txt
2010-01-12 17:14:35 ----A---- C:\WINDOWS\system32\msjava.dll
2010-01-12 17:07:21 ----A---- C:\WINDOWS\Fix IE Log.txt
2010-01-12 17:06:14 ----D---- C:\Program Files\Power IE
2010-01-12 14:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-01-12 14:10:22 ----D---- C:\WINDOWS\pss
2010-01-12 12:38:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2010-01-12 12:38:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-12 12:38:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-12 12:35:42 ----A---- C:\WINDOWS\system32\tmp.txt
2010-01-12 12:35:33 ----A---- C:\rapport.txt
2010-01-12 09:27:22 ----D---- C:\Program Files\Alwil Software
2010-01-11 10:45:45 ----D---- C:\Program Files\Panda Security
2010-01-11 10:38:11 ----SHD---- C:\WINDOWS\CSC
2010-01-11 10:38:03 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-11 10:19:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-01-11 10:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-01-11 10:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-01-11 10:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-01-11 10:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-11 10:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-11 10:18:22 ----D---- C:\Program Files\MSXML 6.0
2010-01-11 10:18:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-11 10:17:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-11 10:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-01-11 10:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-01-11 10:17:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-01-11 10:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-11 10:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-01-11 10:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-11 10:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-01-11 10:16:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-11 10:16:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-01-11 10:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-11 10:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-01-11 10:15:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-01-11 10:15:21 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-01-11 10:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-11 10:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-01-11 10:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-01-11 10:14:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-11 10:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2010-01-11 10:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-11 10:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-11 10:13:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-01-11 10:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-01-11 10:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-01-11 10:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-11 10:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-11 10:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-01-11 10:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-01-11 10:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-01-11 10:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-11 10:12:03 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-01-11 10:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-11 10:11:36 ----D---- C:\WINDOWS\ServicePackFiles
2010-01-11 10:11:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-01-11 10:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-01-11 10:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-11 10:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-01-11 10:10:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-01-11 10:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-01-11 10:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-01-11 10:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-01-11 10:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-01-11 10:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-11 10:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-11 10:09:44 ----A---- C:\WINDOWS\imsins.BAK
2010-01-11 10:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-11 08:48:00 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-01-10 03:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-10 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-01-10 03:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-08 17:08:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-08 17:08:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-08 17:02:50 ----D---- C:\WINDOWS\BDOSCAN8
2010-01-08 16:52:39 ----A---- C:\WINDOWS\system32\MSGR3EN.DLL
2010-01-08 16:51:58 ----A---- C:\WINDOWS\system32\srchctls.dll
2010-01-08 16:50:04 ----A---- C:\WINDOWS\srchui.dll
2010-01-08 16:49:07 ----A---- C:\WINDOWS\srchctls.dll
2010-01-08 16:47:46 ----A---- C:\WINDOWS\MSGR3EN.dll
2010-01-08 03:01:08 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-01-07 17:10:03 ----D---- C:\AVGTemp
2010-01-07 16:28:31 ----D---- C:\Program Files\Avira
2010-01-07 16:28:31 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2010-01-07 16:06:39 ----D---- C:\WINDOWS\avxoscan
2010-01-07 14:08:49 ----D---- C:\WINDOWS\dell
2010-01-07 13:53:32 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-01-07 13:45:52 ----D---- C:\WINDOWS\Prefetch
2010-01-07 13:30:15 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-01-07 13:27:54 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-01-07 13:19:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-01-07 13:19:13 ----A---- C:\WINDOWS\system32\irclass.dll
2010-01-07 13:19:00 ----RA---- C:\WINDOWS\SETF7.tmp
2010-01-07 13:19:00 ----RA---- C:\WINDOWS\SETF6.tmp
2010-01-07 13:18:54 ----RA---- C:\WINDOWS\SETBB.tmp
2010-01-07 13:18:49 ----RA---- C:\WINDOWS\SETAF.tmp
2010-01-07 13:18:47 ----RA---- C:\WINDOWS\SETAE.tmp
2010-01-07 09:07:44 ----D---- C:\Program Files\Enigma Software Group
2010-01-07 08:25:03 ----A---- C:\WINDOWS\system32\12382.exe
2010-01-07 08:05:03 ----A---- C:\WINDOWS\system32\292.exe
2010-01-07 07:45:03 ----A---- C:\WINDOWS\system32\153.exe
2010-01-07 07:25:03 ----A---- C:\WINDOWS\system32\3902.exe
2010-01-07 07:05:02 ----A---- C:\WINDOWS\system32\14604.exe
2010-01-07 06:45:02 ----A---- C:\WINDOWS\system32\32391.exe
2010-01-07 06:25:02 ----A---- C:\WINDOWS\system32\5436.exe
2010-01-07 06:05:02 ----A---- C:\WINDOWS\system32\4827.exe
2010-01-07 05:45:02 ----A---- C:\WINDOWS\system32\11942.exe
2010-01-07 05:25:01 ----A---- C:\WINDOWS\system32\2995.exe
2010-01-07 05:05:01 ----A---- C:\WINDOWS\system32\491.exe
2010-01-07 04:45:01 ----A---- C:\WINDOWS\system32\9961.exe
2010-01-07 04:25:01 ----A---- C:\WINDOWS\system32\16827.exe
2010-01-07 03:24:58 ----A---- C:\WINDOWS\system32\5705.exe
2010-01-07 03:04:58 ----A---- C:\WINDOWS\system32\24464.exe
2010-01-07 02:44:58 ----A---- C:\WINDOWS\system32\26962.exe
2010-01-07 02:24:57 ----A---- C:\WINDOWS\system32\29358.exe
2010-01-07 02:04:57 ----A---- C:\WINDOWS\system32\11478.exe
2010-01-07 01:44:57 ----A---- C:\WINDOWS\system32\15724.exe
2010-01-05 17:16:51 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-01-05 15:15:35 ----A---- C:\WINDOWS\Poetadm.INI
2010-01-05 12:58:06 ----A---- C:\WINDOWS\system32\NLl7-I6.exe
2010-01-05 12:57:15 ----SHD---- C:\Documents and Settings\Administrateur\Application Data\SystemProc
2010-01-05 10:07:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-01-05 10:07:20 ----D---- C:\Program Files\Alky for Applications
2010-01-04 09:55:21 ----D---- C:\WINDOWS\system32\NtmsData
2009-12-17 03:00:26 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-12-15 17:02:56 ----D---- C:\Program Files\EDISYS

======List of files/folders modified in the last 1 months======

2010-01-14 11:59:51 ----SD---- C:\Program Files
2010-01-14 11:41:58 ----D---- C:\Program Files\Mozilla Firefox
2010-01-14 11:16:32 ----D---- C:\WINDOWS\Temp
2010-01-14 08:30:58 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-14 08:24:15 ----D---- C:\WINDOWS\system32
2010-01-14 03:18:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-14 03:18:01 ----D---- C:\WINDOWS
2010-01-14 03:17:36 ----D---- C:\WINDOWS\AppPatch
2010-01-14 03:16:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 03:01:28 ----HD---- C:\WINDOWS\inf
2010-01-14 03:01:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-14 03:01:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 18:29:27 ----SHD---- C:\WINDOWS\Installer
2010-01-13 18:29:24 ----HD---- C:\Config.Msi
2010-01-13 03:19:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-13 03:18:13 ----D---- C:\WINDOWS\system32\drivers
2010-01-13 03:02:23 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-13 03:01:48 ----D---- C:\Program Files\Internet Explorer
2010-01-12 17:36:45 ----A---- C:\WINDOWS\win.ini
2010-01-12 17:35:34 ----D---- C:\Program Files\Fichiers communs
2010-01-12 17:34:11 ----D---- C:\Program Files\HP
2010-01-12 17:33:49 ----D---- C:\WINDOWS\twain_32
2010-01-12 17:18:47 ----D---- C:\WINDOWS\security
2010-01-12 17:08:21 ----SD---- C:\WINDOWS\Web
2010-01-12 17:06:16 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2010-01-12 16:51:19 ----D---- C:\Documents and Settings\Administrateur\Application Data\Image Zone Express
2010-01-12 14:48:47 ----SHD---- C:\System Volume Information
2010-01-12 14:07:18 ----D---- C:\WINDOWS\srchasst
2010-01-12 13:54:23 ----D---- C:\Program Files\AVG
2010-01-12 13:54:23 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-12 11:45:43 ----D---- C:\Program Files\pdfforge Toolbar
2010-01-12 11:14:16 ----D---- C:\WINDOWS\system32\config
2010-01-11 10:35:45 ----D---- C:\WINDOWS\system32\wbem
2010-01-11 10:35:44 ----D---- C:\WINDOWS\system32\Setup
2010-01-11 10:13:08 ----D---- C:\Program Files\Outlook Express
2010-01-11 09:46:57 ----D---- C:\WINDOWS\Debug
2010-01-08 17:43:13 ----SD---- C:\WINDOWS\Tasks
2010-01-08 17:12:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-08 17:02:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-07 17:24:31 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-07 17:24:27 ----D---- C:\WINDOWS\Help
2010-01-07 16:28:30 ----D---- C:\Documents and Settings\Administrateur\Application Data\gtk-2.0
2010-01-07 14:15:14 ----D---- C:\WINDOWS\system32\usmt
2010-01-07 14:15:02 ----D---- C:\WINDOWS\ehome
2010-01-07 14:15:01 ----D---- C:\WINDOWS\ime
2010-01-07 14:15:00 ----RSD---- C:\WINDOWS\Fonts
2010-01-07 14:15:00 ----D---- C:\WINDOWS\Media
2010-01-07 14:14:49 ----D---- C:\WINDOWS\PeerNet
2010-01-07 14:14:37 ----D---- C:\WINDOWS\system32\npp
2010-01-07 14:14:29 ----D---- C:\WINDOWS\msagent
2010-01-07 14:11:38 ----D---- C:\WINDOWS\system32\1036
2010-01-07 14:10:32 ----D---- C:\WINDOWS\system32\icsxml
2010-01-07 14:09:55 ----D---- C:\WINDOWS\system32\1033
2010-01-07 14:08:49 ----D---- C:\WINDOWS\Driver Cache
2010-01-07 13:48:27 ----D---- C:\WINDOWS\system32\Restore
2010-01-07 13:47:23 ----D---- C:\WINDOWS\Registration
2010-01-07 13:31:07 ----A---- C:\WINDOWS\ODBCINST.INI
2010-01-07 13:30:44 ----D---- C:\WINDOWS\system32\ias
2010-01-07 13:30:15 ----SD---- C:\WINDOWS\OCCACHE
2010-01-07 13:30:09 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-07 13:29:50 ----D---- C:\WINDOWS\system32\oobe
2010-01-07 13:29:46 ----D---- C:\Program Files\Windows Media Player
2010-01-07 13:29:41 ----D---- C:\Program Files\Movie Maker
2010-01-07 13:29:31 ----D---- C:\Program Files\NetMeeting
2010-01-07 13:29:28 ----D---- C:\Program Files\Fichiers communs\System
2010-01-07 13:28:26 ----D---- C:\WINDOWS\system32\Com
2010-01-07 13:27:57 ----D---- C:\Program Files\Windows NT
2010-01-07 13:26:57 ----SH---- C:\boot.ini
2010-01-07 13:26:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-07 13:19:18 ----A---- C:\WINDOWS\system.ini
2010-01-07 13:19:12 ----D---- C:\WINDOWS\system
2010-01-07 13:19:01 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-01-07 13:18:19 ----D---- C:\WINDOWS\WinSxS
2010-01-07 09:33:21 ----D---- C:\Program Files\Zylom Games
2009-12-15 03:04:46 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-15 03:04:41 ----RSD---- C:\WINDOWS\assembly
2009-12-15 03:03:36 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-12-15 03:03:12 ----D---- C:\Program Files\Microsoft Works

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-01-07 28520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-07-23 5632]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-07 56816]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-14 180864]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
S3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2009-11-05 62592]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-07 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-07 185089]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-12 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-06-03 92008]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

1/

Démarre Spybot, clique sur Mode, coche Mode avancé.

A gauche, clique sur Outils, puis sur Résident.

Décoche la case devant Résident "TeaTimer" :

Quitte Spybot.


2/

Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.

Double-clique sur le fichier téléchargé pour lancer le processus d'installation.

Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.

Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.

Sélectionne Exécuter un examen rapide.

Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Ferme tes navigateurs.

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Bonjour,

J'avais déjà fait ce san il y a 2 jours, je te transmet les 2 scans :

Celui d'aujourd'hui (rien trouvé)

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3559
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

14/01/2010 14:22:01
mbam-log-2010-01-14 (14-22-01).txt

Type de recherche: Examen rapide
Eléments examinés: 109543
Temps écoulé: 5 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Celui du 12.01

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3546
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

12/01/2010 13:52:06
mbam-log-2010-01-12 (13-52-06).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 159791
Temps écoulé: 17 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6391f4f2-5d7a-0493-4038-dac6a243a82f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6391f4f2-5d7a-0493-4038-dac6a243a82f} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vB035B-V7L0bc7.dll (Adware.BHO) -> Quarantined and deleted successfully.

Relance MBAM, va dans Quarantaine et supprime tout.

Refais un scan RSIT et poste le rapport log.

Bonjour,

Ci joint le rapport log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-01-15 09:02:41
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 7 GB (24%) free of 31 GB
Total RAM: 1014 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:02:44, on 15/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trust\MI-4520T Wireless Optical Tilt Mouse\moffice.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trust\MI-4520T Wireless Optical Tilt Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Administrateur\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\WINDOWS\explorer.exe
C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4520T Wireless Optical Tilt Mouse\moffice.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Administrateur\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launch Softros Messenger.lnk = C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F804543-6758-43E1-B358-C98E4859D0C7}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{8F804543-6758-43E1-B358-C98E4859D0C7}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9282 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\SyncBack Aibtp Lundi Mercredi Vendredi.job
C:\WINDOWS\tasks\SyncBack Aibtp Mardi Jeudi.job
C:\WINDOWS\tasks\SyncBack Mail.job
C:\WINDOWS\tasks\SyncBack Saso Lundi Mercredi Vendredi.job
C:\WINDOWS\tasks\SyncBack Saso Mardi Jeudi.job
C:\WINDOWS\tasks\SyncBack SASO.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"NPSStartup"= []
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"FLMOFFICE4DMOUSE"=C:\Program Files\Trust\MI-4520T Wireless Optical Tilt Mouse\moffice.exe [2009-11-05 823296]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"F.lux"=C:\Documents and Settings\Administrateur\Local Settings\Apps\F.lux\flux.exe [2009-02-25 962560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-06-03 251240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^La Chaîne Météo.lnk]
C:\PROGRA~1\LACHAN~1\LACHAN~1.EXE []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Launch Softros Messenger.lnk - C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
SyncBack.lnk - C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe"="C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe:*:Enabled:Messenger"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe"="C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe:*:Enabled:TomTom HOME"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Top Conges\congesSrv.exe"="C:\Program Files\Top Conges\congesSrv.exe:*:Enabled:Logiciel de gestion des plannings de congés - Module serveur"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Fichiers communs\XPressUpdate\XPressUpdate.exe"="C:\Program Files\Fichiers communs\XPressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cb13a95-8cb8-11de-a4ea-001372ce7a44}]
shell\AutoRun\command - I:\
shell\explore\command - I:\RECYCLED\INFO.exe
shell\open\command - I:\RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f5afe4e-290a-11de-900f-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f45f0dff-6a10-11de-a4d9-001372ce7a44}]
shell\AutoRun\command - J:\InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2010-01-14 11:59:51 ----D---- C:\Program Files\trend micro
2010-01-14 11:59:50 ----D---- C:\rsit
2010-01-14 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-14 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-13 03:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-12 17:35:34 ----D---- C:\Program Files\Fichiers communs\HP
2010-01-12 17:33:45 ----D---- C:\Program Files\Hewlett-Packard
2010-01-12 17:19:39 ----A---- C:\WINDOWS\OEWABLog.txt
2010-01-12 17:14:35 ----A---- C:\WINDOWS\system32\msjava.dll
2010-01-12 17:07:21 ----A---- C:\WINDOWS\Fix IE Log.txt
2010-01-12 17:06:14 ----D---- C:\Program Files\Power IE
2010-01-12 14:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-01-12 14:10:22 ----D---- C:\WINDOWS\pss
2010-01-12 12:38:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2010-01-12 12:38:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-12 12:38:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-12 12:35:42 ----A---- C:\WINDOWS\system32\tmp.txt
2010-01-12 12:35:33 ----A---- C:\rapport.txt
2010-01-12 09:27:22 ----D---- C:\Program Files\Alwil Software
2010-01-11 10:45:45 ----D---- C:\Program Files\Panda Security
2010-01-11 10:38:11 ----SHD---- C:\WINDOWS\CSC
2010-01-11 10:38:03 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-11 10:19:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-01-11 10:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-01-11 10:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-01-11 10:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-01-11 10:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-11 10:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-11 10:18:22 ----D---- C:\Program Files\MSXML 6.0
2010-01-11 10:18:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-11 10:17:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-11 10:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-01-11 10:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-01-11 10:17:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-01-11 10:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-11 10:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-01-11 10:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-11 10:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-01-11 10:16:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-11 10:16:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-01-11 10:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-11 10:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-01-11 10:15:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-01-11 10:15:21 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-01-11 10:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-11 10:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-01-11 10:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-01-11 10:14:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-11 10:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2010-01-11 10:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-11 10:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-11 10:13:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-01-11 10:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-01-11 10:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-01-11 10:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-11 10:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-11 10:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-01-11 10:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-01-11 10:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-01-11 10:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-11 10:12:03 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-01-11 10:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-11 10:11:36 ----D---- C:\WINDOWS\ServicePackFiles
2010-01-11 10:11:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-01-11 10:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-01-11 10:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-11 10:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-01-11 10:10:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-01-11 10:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-01-11 10:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-01-11 10:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-01-11 10:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-01-11 10:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-11 10:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-11 10:09:44 ----A---- C:\WINDOWS\imsins.BAK
2010-01-11 10:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-11 08:48:00 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-01-10 03:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-10 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-01-10 03:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-08 17:08:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-08 17:08:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-08 17:02:50 ----D---- C:\WINDOWS\BDOSCAN8
2010-01-08 16:52:39 ----A---- C:\WINDOWS\system32\MSGR3EN.DLL
2010-01-08 16:51:58 ----A---- C:\WINDOWS\system32\srchctls.dll
2010-01-08 16:50:04 ----A---- C:\WINDOWS\srchui.dll
2010-01-08 16:49:07 ----A---- C:\WINDOWS\srchctls.dll
2010-01-08 16:47:46 ----A---- C:\WINDOWS\MSGR3EN.dll
2010-01-08 03:01:08 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-01-07 17:10:03 ----D---- C:\AVGTemp
2010-01-07 16:28:31 ----D---- C:\Program Files\Avira
2010-01-07 16:28:31 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2010-01-07 16:06:39 ----D---- C:\WINDOWS\avxoscan
2010-01-07 14:08:49 ----D---- C:\WINDOWS\dell
2010-01-07 13:53:32 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-01-07 13:45:52 ----D---- C:\WINDOWS\Prefetch
2010-01-07 13:30:15 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-01-07 13:27:54 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-01-07 13:19:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-01-07 13:19:13 ----A---- C:\WINDOWS\system32\irclass.dll
2010-01-07 13:19:00 ----RA---- C:\WINDOWS\SETF7.tmp
2010-01-07 13:19:00 ----RA---- C:\WINDOWS\SETF6.tmp
2010-01-07 13:18:54 ----RA---- C:\WINDOWS\SETBB.tmp
2010-01-07 13:18:49 ----RA---- C:\WINDOWS\SETAF.tmp
2010-01-07 13:18:47 ----RA---- C:\WINDOWS\SETAE.tmp
2010-01-07 09:07:44 ----D---- C:\Program Files\Enigma Software Group
2010-01-07 08:25:03 ----A---- C:\WINDOWS\system32\12382.exe
2010-01-07 08:05:03 ----A---- C:\WINDOWS\system32\292.exe
2010-01-07 07:45:03 ----A---- C:\WINDOWS\system32\153.exe
2010-01-07 07:25:03 ----A---- C:\WINDOWS\system32\3902.exe
2010-01-07 07:05:02 ----A---- C:\WINDOWS\system32\14604.exe
2010-01-07 06:45:02 ----A---- C:\WINDOWS\system32\32391.exe
2010-01-07 06:25:02 ----A---- C:\WINDOWS\system32\5436.exe
2010-01-07 06:05:02 ----A---- C:\WINDOWS\system32\4827.exe
2010-01-07 05:45:02 ----A---- C:\WINDOWS\system32\11942.exe
2010-01-07 05:25:01 ----A---- C:\WINDOWS\system32\2995.exe
2010-01-07 05:05:01 ----A---- C:\WINDOWS\system32\491.exe
2010-01-07 04:45:01 ----A---- C:\WINDOWS\system32\9961.exe
2010-01-07 04:25:01 ----A---- C:\WINDOWS\system32\16827.exe
2010-01-07 03:24:58 ----A---- C:\WINDOWS\system32\5705.exe
2010-01-07 03:04:58 ----A---- C:\WINDOWS\system32\24464.exe
2010-01-07 02:44:58 ----A---- C:\WINDOWS\system32\26962.exe
2010-01-07 02:24:57 ----A---- C:\WINDOWS\system32\29358.exe
2010-01-07 02:04:57 ----A---- C:\WINDOWS\system32\11478.exe
2010-01-07 01:44:57 ----A---- C:\WINDOWS\system32\15724.exe
2010-01-05 17:16:51 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-01-05 15:15:35 ----A---- C:\WINDOWS\Poetadm.INI
2010-01-05 12:58:06 ----A---- C:\WINDOWS\system32\NLl7-I6.exe
2010-01-05 12:57:15 ----SHD---- C:\Documents and Settings\Administrateur\Application Data\SystemProc
2010-01-05 10:07:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-01-05 10:07:20 ----D---- C:\Program Files\Alky for Applications
2010-01-04 09:55:21 ----D---- C:\WINDOWS\system32\NtmsData
2009-12-17 03:00:26 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2

======List of files/folders modified in the last 1 months======

2010-01-15 09:01:02 ----D---- C:\Program Files\Mozilla Firefox
2010-01-15 08:40:53 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-14 14:57:50 ----D---- C:\WINDOWS\Temp
2010-01-14 14:57:41 ----D---- C:\WINDOWS\system32
2010-01-14 11:59:51 ----SD---- C:\Program Files
2010-01-14 03:18:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-14 03:18:01 ----D---- C:\WINDOWS
2010-01-14 03:17:36 ----D---- C:\WINDOWS\AppPatch
2010-01-14 03:16:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 03:01:28 ----HD---- C:\WINDOWS\inf
2010-01-14 03:01:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-14 03:01:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 18:29:27 ----SHD---- C:\WINDOWS\Installer
2010-01-13 18:29:24 ----HD---- C:\Config.Msi
2010-01-13 03:19:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-13 03:18:13 ----D---- C:\WINDOWS\system32\drivers
2010-01-13 03:02:23 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-13 03:01:48 ----D---- C:\Program Files\Internet Explorer
2010-01-12 17:36:45 ----A---- C:\WINDOWS\win.ini
2010-01-12 17:35:34 ----D---- C:\Program Files\Fichiers communs
2010-01-12 17:34:11 ----D---- C:\Program Files\HP
2010-01-12 17:33:49 ----D---- C:\WINDOWS\twain_32
2010-01-12 17:18:47 ----D---- C:\WINDOWS\security
2010-01-12 17:08:21 ----SD---- C:\WINDOWS\Web
2010-01-12 17:06:16 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2010-01-12 16:51:19 ----D---- C:\Documents and Settings\Administrateur\Application Data\Image Zone Express
2010-01-12 14:48:47 ----SHD---- C:\System Volume Information
2010-01-12 14:07:18 ----D---- C:\WINDOWS\srchasst
2010-01-12 13:54:23 ----D---- C:\Program Files\AVG
2010-01-12 13:54:23 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-12 11:45:43 ----D---- C:\Program Files\pdfforge Toolbar
2010-01-12 11:14:16 ----D---- C:\WINDOWS\system32\config
2010-01-11 10:35:45 ----D---- C:\WINDOWS\system32\wbem
2010-01-11 10:35:44 ----D---- C:\WINDOWS\system32\Setup
2010-01-11 10:13:08 ----D---- C:\Program Files\Outlook Express
2010-01-11 09:46:57 ----D---- C:\WINDOWS\Debug
2010-01-08 17:43:13 ----SD---- C:\WINDOWS\Tasks
2010-01-08 17:12:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-08 17:02:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-07 17:24:31 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-07 17:24:27 ----D---- C:\WINDOWS\Help
2010-01-07 16:28:30 ----D---- C:\Documents and Settings\Administrateur\Application Data\gtk-2.0
2010-01-07 14:15:14 ----D---- C:\WINDOWS\system32\usmt
2010-01-07 14:15:02 ----D---- C:\WINDOWS\ehome
2010-01-07 14:15:01 ----D---- C:\WINDOWS\ime
2010-01-07 14:15:00 ----RSD---- C:\WINDOWS\Fonts
2010-01-07 14:15:00 ----D---- C:\WINDOWS\Media
2010-01-07 14:14:49 ----D---- C:\WINDOWS\PeerNet
2010-01-07 14:14:37 ----D---- C:\WINDOWS\system32\npp
2010-01-07 14:14:29 ----D---- C:\WINDOWS\msagent
2010-01-07 14:11:38 ----D---- C:\WINDOWS\system32\1036
2010-01-07 14:10:32 ----D---- C:\WINDOWS\system32\icsxml
2010-01-07 14:09:55 ----D---- C:\WINDOWS\system32\1033
2010-01-07 14:08:49 ----D---- C:\WINDOWS\Driver Cache
2010-01-07 13:48:27 ----D---- C:\WINDOWS\system32\Restore
2010-01-07 13:47:23 ----D---- C:\WINDOWS\Registration
2010-01-07 13:31:07 ----A---- C:\WINDOWS\ODBCINST.INI
2010-01-07 13:30:44 ----D---- C:\WINDOWS\system32\ias
2010-01-07 13:30:15 ----SD---- C:\WINDOWS\OCCACHE
2010-01-07 13:30:09 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-07 13:29:50 ----D---- C:\WINDOWS\system32\oobe
2010-01-07 13:29:46 ----D---- C:\Program Files\Windows Media Player
2010-01-07 13:29:41 ----D---- C:\Program Files\Movie Maker
2010-01-07 13:29:31 ----D---- C:\Program Files\NetMeeting
2010-01-07 13:29:28 ----D---- C:\Program Files\Fichiers communs\System
2010-01-07 13:28:26 ----D---- C:\WINDOWS\system32\Com
2010-01-07 13:27:57 ----D---- C:\Program Files\Windows NT
2010-01-07 13:26:57 ----SH---- C:\boot.ini
2010-01-07 13:26:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-07 13:19:18 ----A---- C:\WINDOWS\system.ini
2010-01-07 13:19:12 ----D---- C:\WINDOWS\system
2010-01-07 13:19:01 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-01-07 13:18:19 ----D---- C:\WINDOWS\WinSxS
2010-01-07 09:33:21 ----D---- C:\Program Files\Zylom Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-01-07 28520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-07-23 5632]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-07 56816]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-14 180864]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
S3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2009-11-05 62592]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-07 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-07 185089]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-12 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-06-03 92008]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

Double-clique sur AD-R situé sur ton Bureau pour le lancer.
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)

Choisis la langue F pour français.

Au menu principal, choisis l'option L.

/!\ Laisse travailler l'outil /!\

Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Voici le rapport :

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_H | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 14.01.2010 à 18:48
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 14:07:10, 15/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: NATH | Utilisateur actuel: Administrateur

.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\Program Files\Mozilla FireFox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
C:\Program Files\Mozilla FireFox\extensions\search@searchsettings.com
C:\Program Files\pdfforge Toolbar
C:\DOCUME~1\ADMINI~1\APPLIC~1\pdfforge
C:\DOCUME~1\ADMINI~1\APPLIC~1\Search Settings
C:\Windows\Installer\bcac5e6.msi

(!) -- Fichiers temporaires supprimés.

.
HKCU\software\appdatalow\software\pdfforge
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\software\pdfforge
HKCU\software\Search Settings
HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\software\classes\installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\377026901A2D8744A8423A983B50E0D1
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B278DBFACA5AB424DA79915F3A109F9A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B3B348F18694F1949B4D6BD9507F2886
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E48E3A6D380B2EC4ABCEB3BA048D767F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F715D253BF28D554C9C0F60ABA8585CF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKLM\software\microsoft\windows\currentversion\uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
HKLM\software\pdfforge
HKLM\software\Search Settings
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.7 [fr] *
.
Nom du profil: ubjth8ir.default (Administrateur)
.
(ADMINI~1, prefs.js) Browser.download.lastDir, D:\NATH
(ADMINI~1, prefs.js) Browser.startup.homepage, hxxp://www.google.fr/
(ADMINI~1, prefs.js) Extensions.enabledItems, fsonlinescanner@f-secure.com:1.01,{8CE11043-9A15-4207-A565-0C94C42D590D}:1.0,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,{ba281f76-bc35-9711-dc48-12c5e5eaa688}:4.6.6.2,{20a82645-c095-46ed-80e3-08825760534b}:1.1,search@searchsettings.com:1.2.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
.
.
.
* Internet Explorer Version 6.0.2900.2180 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\windows\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 0 (0x0)
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions: yes
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 0 (0x0)
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
5162 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
231 Fichier(s) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
9 Fichier(s) - C:\WINDOWS\Temp
11 Fichier(s) - C:\WINDOWS\Prefetch
.
19 Fichier(s) - C:\Ad-Remover\BACKUP
74 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 14:17:39 | 15/01/2010 - CLEAN[1]
.
============== E.O.F ==============
.

Désinstalle Ad-Remover.

Télécharge OTM (OldTimer) sur ton Bureau.

Double-clique sur OTM.exe afin de le lancer.

Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cb13a95-8cb8-11de-a4ea-001372ce7a44}]

:files
C:\Documents and Settings\Administrateur\Application Data\SystemProc
C:\WINDOWS\system32\NLl7-I6.exe
C:\WINDOWS\system32\12382.exe
C:\WINDOWS\system32\292.exe
C:\WINDOWS\system32\153.exe
C:\WINDOWS\system32\3902.exe
C:\WINDOWS\system32\14604.exe
C:\WINDOWS\system32\32391.exe
C:\WINDOWS\system32\5436.exe
C:\WINDOWS\system32\4827.exe
C:\WINDOWS\system32\11942.exe
C:\WINDOWS\system32\2995.exe
C:\WINDOWS\system32\491.exe
C:\WINDOWS\system32\9961.exe
C:\WINDOWS\system32\16827.exe
C:\WINDOWS\system32\5705.exe
C:\WINDOWS\system32\24464.exe
C:\WINDOWS\system32\26962.exe
C:\WINDOWS\system32\29358.exe
C:\WINDOWS\system32\11478.exe
C:\WINDOWS\system32\15724.exe

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

Clique maintenant sur le bouton MoveIt! puis ferme OTM.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log

Et voici le rapport :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cb13a95-8cb8-11de-a4ea-001372ce7a44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cb13a95-8cb8-11de-a4ea-001372ce7a44}\ not found.
========== FILES ==========
C:\Documents and Settings\Administrateur\Application Data\SystemProc folder moved successfully.
C:\WINDOWS\system32\NLl7-I6.exe moved successfully.
C:\WINDOWS\system32\12382.exe moved successfully.
C:\WINDOWS\system32\292.exe moved successfully.
C:\WINDOWS\system32\153.exe moved successfully.
C:\WINDOWS\system32\3902.exe moved successfully.
C:\WINDOWS\system32\14604.exe moved successfully.
C:\WINDOWS\system32\32391.exe moved successfully.
C:\WINDOWS\system32\5436.exe moved successfully.
C:\WINDOWS\system32\4827.exe moved successfully.
C:\WINDOWS\system32\11942.exe moved successfully.
C:\WINDOWS\system32\2995.exe moved successfully.
C:\WINDOWS\system32\491.exe moved successfully.
C:\WINDOWS\system32\9961.exe moved successfully.
C:\WINDOWS\system32\16827.exe moved successfully.
C:\WINDOWS\system32\5705.exe moved successfully.
C:\WINDOWS\system32\24464.exe moved successfully.
C:\WINDOWS\system32\26962.exe moved successfully.
C:\WINDOWS\system32\29358.exe moved successfully.
C:\WINDOWS\system32\11478.exe moved successfully.
C:\WINDOWS\system32\15724.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 59496024 bytes
->Temporary Internet Files folder emptied: 39294 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92022467 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4499630 bytes
%systemroot%\System32 .tmp files removed: 297984 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 253980 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23932274 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 162987 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 172.00 mb


OTM by OldTimer - Version 3.1.5.0 log created on 01152010_154648

Files moved on Reboot...

Registry entries deleted on Reboot...

Il te reste quel(s) souci(s) ?

Merci pour toute l'aide,

Oui j'ai tjs le même problème Explorer Internet en rade, la fonction recherche et le scan qui ne fonctionne pas.
Mais si tu penses que mon ordi est "propre", je peux faire une réparation xp avec le cd, peut être cela me corrigera t'il ces petits problemes.

Merci encore

Nathalie

C'est Internet Explorer 8 que tu essaies d'installer ?

Je ne sais pas quelle version j'ai (qui ne marche pas), mais quand j'essaie de télécharger et d'installer la version 8, il me boule car je n'ai pas acces à internet avec l'explorer seulement avec firefox et donc il ne peux pas l'installer, quand je lance internet -> Microsoft m'indique "iexplorer.exe a rencontré un pb sérieux , ..... " fichier en cause urlmon.dll.

Merci encore, je dois m'absenter pour le we, retour lundi matin ... avec les ennuis informatiques.

Bon week end

Nathalie

http://www.commentcamarche.net/forum/affich-1190314-url...

Bonjour,

Lorsque je veux remplacer le fichier urlmon.dll, j'ai un message "impossible de copier le fichier ..., cette ressource est utilisée par une autre personne ou un autre programme"

La semaine dernière j'avais déjà ré-essayé de corrigé ce pb via le cd de xp en faisant une réinstallation de internet explorer mais sans succès.

Merci

Nathalie

Idem en mode sans échec

Bonjour,

Sous Firefox, certaines pages sont détournées vers des pubs. Il reste encore des petites choses qui doivent se balader...

Re,

Bon ca y'est je crois que tout est rentré dans l'ordre j'ai fait une manip sur le registre pour la ré-installation de l'internet explorer, et j'ai pu ré-installer correctement. Ca marche. Mon scan et la recherche Windows aussi.
J'ai refait un petit tour de MBAM, supprimer les choses qui l'a trouvé dans le fichier quarantaine.
Un petit tour de Spybot, j'ai aussi éliminé ce qu'il a trouvé.
Et pour l'instant tout fonctionne ....

Merci encore pour toute l'aide apportée.

Nathalie

1/

Désinstalle HijackThis et Java(TM) 6 Update 15.

Mets à jour Java.

Mets à jour Adobe Reader.

Mets à jour Internet Explorer.

Télécharge ToolsCleaner2 sur ton Bureau.

Double-clique sur ToolsCleaner2.exe pour le lancer.

Clique sur Recherche et laisse le scan agir.

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options Facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

Télécharge et installe CCleaner Slim.

Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....

Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.


3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


==Prévention==

Pour supprimer les popups d'AntiVir : Lien

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


==Problème résolu ?==

--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer .

Ajoute la mention [Résolu] devant le titre.

Clique ensuite sur Valider votre message.


Sois plus vigilant(e) sur Internet