Bonne Annee !! Au secours : PC poussif [résolu]

Bonojur a tous et Bonne et heureuse annee.
La mienne commence avec un PC lent et poussif. Qui porrait me faire la cadeau sympa d'un diagnostic. Mon hijack :

Logfile of HijackThis v1.99.1
Scan saved at 12:25:29, on 02/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)

EDITION MODERATEUR : Règle du forum à respecter :

Pas de rapport avant qu'il ne soit demandé !!!

Veuillez lire l'article suivant :

http://forum.telecharger.com/telecharger/securite_virus_et_assimiles/forum_te(...)

Merci d'en prendre connaissance.



Merci par avance.
J.

Salut jaku1


Supprime cette vieille version de HJT, télécharge Hijackthis V 2.02 sur le bureau :

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe


- Double clique sur HJTInstall.exe sur le bureau

- Clique sur Install ensuite sur I Accept

- ferme toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).

- double clique sur le raccourci d'HijackThis sur ton Bureau
(Pour Vista, clique droit sur le raccourci d'HijackThis sur ton Bureau, puis "Exécuter en tant qu'administrateur".
- et clique sur Do a system scan and save a logfile pour lancer le scan

Quand le rapport apparaît dans le bloc note, allez dans Edition, puis Sélectionner Tout, le texte est alors sélectionné, retourne dans Edition toujours en laissant le texte sélectionné, et cliquez sur copier.

Dans ta prochaine réponse, faire un clic droit et coller, je procéderai a son analyse.
Ferme le bloc note et la fenêtre de HJT


Aide : http://forum.telecharger.01net.com/microhebdo/questions-techniques-diverses/t(...)


@++

Merci Dedetraque,

J'ai obtenu ceci :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:37, on 02/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Canal Widget] "c:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\System32\aspimgr.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - c:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10021 bytes

C'est grave docteur ?

J.

Salut jaku1


Rien de concret, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt à la fin de l’analyse


-----

Télécharge Toolbar-S&D (de la Team IDN) sur ton Bureau.

http://eric.71.mespages.googlepages.com/ToolBarSD.exe

- Double clique l’icône ToolBar S&D sur le bureau
- Choisi F pour français et valide
- Au menu principal de ToolBar S&D choisi l’option 1 (Recherche)
- Le menu Démarrer et les icônes vont disparaîtrent, c'est normal
- La recherche s'effectue, cela peut prendre plusieurs minutes, ne touche à rien.
- Une fois l'analyse terminée, le rapport de recherche s'ouvre dans le Bloc-Note. (Dans le cas où le rapport ne s'ouvre pas, ce dernier se trouve sur C:\TB.txt)


Copier/coller le rapport dans ton prochain poste


@++

Salut,

Voila les 3 fichiers demandes :

log.txt :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jean-Francois at 2009-01-02 14:29:10
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 610 MB (3%) free of 19 GB
Total RAM: 511 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:15, on 02/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Softwares\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jean-Francois.exe

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Canal Widget] "c:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\System32\aspimgr.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - c:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10007 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1 Copernic Intra-Daily ~YOUR-Q94BJVTL0R Jean-Francois.job
C:\WINDOWS\tasks\2 Copernic Daily ~YOUR-Q94BJVTL0R Jean-Francois.job
C:\WINDOWS\tasks\3 Copernic Weekly ~YOUR-Q94BJVTL0R Jean-Francois.job
C:\WINDOWS\tasks\4 Copernic Monthly ~YOUR-Q94BJVTL0R Jean-Francois.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5E8EFA59-067B-48A7-8868-9BCEFD962138}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-25 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-08-15 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-08-15 325048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre1.dll [2008-05-17 1470488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-08-15 2403392]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre1.dll [2008-05-17 1470488]
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Copernic Agent - C:\Program Files\Copernic Agent\CopernicAgentExt.dll [2004-12-02 1142744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=NvQTwk []
"nwiz"=nwiz.exe /installquiet []
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2002-07-15 126976]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2001-08-03 73728]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2002-07-31 126976]
"Tpwrtray"=C:\WINDOWS\system32\TPWRTRAY.EXE [2002-03-20 217088]
"TFncKy"=TFncKy.exe /Type 20 []
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2002-01-23 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2001-08-18 44032]
"MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [2002-08-29 59392]
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Autoconfigurateur WiFi Neuf"=C:\Program Files\Neuf\Kit\WiFi\9wifi.exe [2007-04-23 181752]
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-02-23 126976]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-25 185896]
"Canal Widget"=c:\Program Files\Canal\Canal Widget\Launcher.exe [2008-12-28 105528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe [2006-05-08 81920]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]
"CanalPlayer"=C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe []
"Livestation"=C:\Program Files\Livestation\Livestation.exe [2008-10-02 1789952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]
"{650CA63D-4A01-4BF8-A608-9B1EBB36292E}"=C:\WINDOWS\System32\pRDfOMpJ.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\System32\ursrp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:μTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68336f03-6397-11db-9363-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-01-02 14:29:10 ----D---- C:\rsit
2009-01-02 14:13:58 ----D---- C:\Program Files\Trend Micro
2008-12-31 18:30:29 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-30 21:08:23 ----D---- C:\Program Files\GIBCOM
2008-12-30 21:08:09 ----A---- C:\WINDOWS\system32\FM20FRA.DLL
2008-12-30 20:59:47 ----D---- C:\Program Files\MP3Gain
2008-12-06 17:59:56 ----D---- C:\downloads
2008-12-06 17:59:56 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\GrabPro
2008-12-06 17:59:45 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\Orbit
2008-12-06 17:54:53 ----D---- C:\Program Files\IVCsoft

======List of files/folders modified in the last 1 months======

2009-01-02 14:29:08 ----D---- C:\WINDOWS\Prefetch
2009-01-02 14:13:58 ----RD---- C:\Program Files
2009-01-02 14:11:56 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\uTorrent
2009-01-02 12:45:35 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-02 11:51:00 ----D---- C:\Program Files\Mozilla Firefox
2009-01-02 10:43:03 ----D---- C:\WINDOWS\Temp
2009-01-02 10:41:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-02 01:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-01 22:29:10 ----SHD---- C:\WINDOWS\Installer
2009-01-01 22:29:10 ----D---- C:\Config.Msi
2009-01-01 10:11:29 ----D---- C:\WINDOWS
2008-12-31 22:05:54 ----D---- C:\Program Files\eMule
2008-12-31 20:57:10 ----D---- C:\WINDOWS\system32\drivers
2008-12-31 20:57:08 ----D---- C:\WINDOWS\system32
2008-12-31 18:30:56 ----HD---- C:\WINDOWS\inf
2008-12-30 21:37:45 ----A---- C:\WINDOWS\ODBC.INI
2008-12-30 21:37:42 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-30 21:08:07 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-30 21:07:31 ----A---- C:\WINDOWS\NAVIGMA.INI
2008-12-15 07:49:45 ----D---- C:\Program Files\Zattoo
2008-12-06 16:55:46 ----RSD---- C:\WINDOWS\assembly
2008-12-06 16:53:52 ----D---- C:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-07-18 45376]
R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2008-11-26 75072]
R1 FsVga;FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [2001-08-18 12160]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 284184]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 91672]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [2005-04-01 66048]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-04 87424]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\System32\drivers\tmcomm.sys []
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2002-05-16 63501]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-11-16 119808]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-04-18 911661]
R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\wg111v2.sys [2006-03-16 167808]
R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 TOSHIBASoftModem;TOSHIBA Software Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 799816]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device; C:\WINDOWS\system32\drivers\yacxgc.sys [2002-07-25 202880]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-02-16 85713]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver; C:\WINDOWS\System32\Drivers\hcw95bda.sys [2008-09-09 562176]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []
S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 15111]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-04-04 23392]
S3 USB_RNDIS;AOLbox; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\System32\DRIVERS\wlluc48.sys [2002-08-29 154624]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2006-07-18 1205784]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-04-18 61440]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S2 aspimgr;Microsoft ASPI Manager; C:\WINDOWS\System32\aspimgr.exe []
S2 CanalPlus.VOD;CanalPlus.VOD; c:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2008-12-28 61440]
S2 RdnaoFlSvc;RdnaoFlSvc; C:\Program Files\rnamfler\naofsvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-15 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-04-27 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-04-27 69718]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2006-05-08 69632]
S4 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-04-27 49241]

-----------------EOF-----------------


Puis info.txt :

info.txt logfile of random's system information tool 1.05 2009-01-02 14:29:28

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->Dummy
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
μTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
Acoustica CD Label Maker 1.10-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader Japanese Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\System32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Adobe\SHOCKW~1\Install.log
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AxCrypt (Remove Only)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{40EF8CEA-ACC4-4C03-824C-55AF8B8EAAE6}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BSPlayer-->"C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
CANAL WIDGET-->MsiExec.exe /X{04DA096D-6236-4A5D-8FB6-3081E67009BA}
Copernic Agent Professional-->"C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat"
CoupeFichier 1.1-->"C:\Program Files\CoupeFichier\uninstall.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
foobar2000-->"C:\Program Files\foobar2000\uninstall.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Galswin-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F131DCE7-7D20-11D5-BC42-00A0C9E23766}\setup.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iWizz-->C:\Program Files\iWizz\uninstall.exe
iWizz-->C:\Program Files\iWizz\uninstall.exe
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KC Softwares KFK-->"C:\Program Files\KC Softwares\KFK\unins000.exe"
K-Lite Codec Pack 2.77 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lame ACM MP3 Codec-->"C:\WINDOWS\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFU153.inf
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lecteur Windows Media?10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Livestation-->MsiExec.exe /X{EED949A1-E2FC-442C-B5F6-C794F05E74DD}
Mario Forever v 2.16 !-->C:\Program Files\Mario\UnMario.exe
Micro Application - KIPULKAI The legend of the 3 Masks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{129AB175-D071-4D06-A6C2-A13E4375F33C}\Setup.exe" -remove
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mortimer Beckett And The Time Paradox FINAL 1.00-->C:\Program Files\Games\Mortimer Beckett And The Time Paradox FINAL\Uninstall.exe
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Sound Cutter 1.40-->C:\PROGRA~1\MP3CUT~1\UNWISE.EXE C:\PROGRA~1\MP3CUT~1\INSTALL.LOG
mp3DirectCut 2.03-->"C:\Program Files\mp3DirectCut\uninstall.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MTP Porting Kit-->MsiExec.exe /I{353B1E6D-7073-4450-8C80-699BD8FCFB49}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Network Device Switch 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{364F2A4B-C161-4E2C-8627-1440BC2E8030}\Setup.exe"
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
Neuf Giga Drive v2.8.0-->"C:\Program Files\Neuf\Neuf Giga Drive\unins000.exe"
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvts.inf
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenMG AAC Add-on Module 1.0.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
OpenMG Limited Patch 4.5-06-05-12-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RSSOwl-->C:\Program Files\RSSOwl\Uninstall.exe
Samsung Media Studio-->C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\Setup.exe -runfromtemp -l0x0011 -removeonly
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
SonicStage 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SonicStage Simple Burner 1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0E8EB8-85C9-461A-B0C1-0DB7C21FA89A}\setup.exe" -l0x9 /UNINSTALL
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Sunbelt Kerio Personal Firewall-->MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F38D0EB174}
TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -uninst
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe"
Toshiba Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Power Saver-->TPWRDEL.EXE
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA TouchPad On/Off Utility V2.04.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities-->tutildel.exe
TV sur PC-->C:\Program Files\Neuf\TV_PC\uninstall.exe
Uninstall La Malediction-->D:\UNWISE.EXE C:\PROGRA~1\Papyrus\INSTALL.LOG
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WG111v2 Configuration Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0F252A6-DE85-4E93-A93B-DFC3537B3965}\setup.exe" -l0x9 REMOVE -removeonly
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\Setup.exe"
YAMAHA AC-XG WDM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3663DDE0-D8AE-11D3-9850-00C04F7AC096}\setup.exe" maintenance

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: Sunbelt Kerio Personal Firewall

System event log

Computer Name: YOUR-Q94BJVTL0R
Event Code: 7901
Message: The At17.job command failed to start due to the following error:
%%2147942402

Record Number: 85727
Source Name: Schedule
Time Written: 20081104160000.000000+060
Event Type: error
User:

Computer Name: YOUR-Q94BJVTL0R
Event Code: 7901
Message: The At16.job command failed to start due to the following error:
%%2147942402

Record Number: 85726
Source Name: Schedule
Time Written: 20081104150000.000000+060
Event Type: error
User:

Computer Name: YOUR-Q94BJVTL0R
Event Code: 7901
Message: The At15.job command failed to start due to the following error:
%%2147942402

Record Number: 85725
Source Name: Schedule
Time Written: 20081104140000.000000+060
Event Type: error
User:

Computer Name: YOUR-Q94BJVTL0R
Event Code: 7901
Message: The At14.job command failed to start due to the following error:
%%2147942402

Record Number: 85724
Source Name: Schedule
Time Written: 20081104130000.000000+060
Event Type: error
User:

Computer Name: YOUR-Q94BJVTL0R
Event Code: 7901
Message: The At13.job command failed to start due to the following error:
%%2147942402

Record Number: 85723
Source Name: Schedule
Time Written: 20081104120000.000000+060
Event Type: error
User:

Application event log

Computer Name: YOUR-Q94BJVTL0R
Event Code: 2002
Message: EAPOL service was stopped successfully

Record Number: 1044
Source Name: EAPOL
Time Written: 20080430185050.000000+120
Event Type: information
User:

Computer Name: YOUR-Q94BJVTL0R
Event Code: 2003
Message: EAPOL service is running

Record Number: 1043
Source Name: EAPOL
Time Written: 20080430185050.000000+120
Event Type: information
User:

Computer Name: YOUR-Q94BJVTL0R
Event Code: 4096
Message:
Record Number: 1042
Source Name: Avira AntiVir
Time Written: 20080430184208.000000+120
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-Q94BJVTL0R
Event Code: 1002
Message: Hanging application iexplore.exe, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1041
Source Name: Application Hang
Time Written: 20080430183605.000000+120
Event Type: error
User:

Computer Name: YOUR-Q94BJVTL0R
Event Code: 1002
Message: Hanging application iexplore.exe, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1040
Source Name: Application Hang
Time Written: 20080430183604.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------


Et le dernier TB.txt :


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Mobile Intel(R) Celeron(R) CPU 1.50GHz )
BIOS : v1.40
USER : Jean-Francois ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : Sunbelt Kerio Personal Firewall 4.3.268 T (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:18 Go (Free:0 Go)
D:\ (CD or DVD)
F:\ (Local Disk) - FAT32 - Total:55 Go (Free:13 Go)
G:\ (Local Disk) - NTFS - Total:596 Go (Free:527 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 02/01/2009|14:33 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\JEAN-F~1\LOCALS~1\Temp\nsq10.tmp
C:\DOCUME~1\JEAN-F~1\LOCALS~1\Temp\nsxF.tmp

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{56FA3F6D-C964-400E-9E39-26DA187A4251}]
DhcpNameServer REG_SZ 85.255.113.107,85.255.112.182
==> WAREOUT <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\JEAN-F~1\Application Data\uTorrent\Adobe Acrobat 8 Professional Full with keygen by ..Rock..On.torrent
C:\DOCUME~1\JEAN-F~1\Application Data\uTorrent\Easy CD and DVD Cover Design Creator 4.13+ Keygen.rar.torrent
C:\DOCUME~1\JEAN-F~1\Application Data\uTorrent\SYSTRANSOFT SYSTRAN v6 Premium Translator with Crack.torrent



1 - "C:\ToolBar SD\TB_1.txt" - 02/01/2009|14:38 - Option : [1]

-----------\\ Fin du rapport a 14:38:45.22

Bon courage !

J.

Salut jaku1


-Télécharge et installe MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

- Mets le à jour

---

- Redémarre en mode sans échec :

Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

---

- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Tutoriel pour MalwareByte's ici :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php


@++

Rebonjour,

Je reprends le fil avec beaucoup de retard (toutes mes excuses) car j'ai eu beaucoup de mal a suivre tes recommandations :

Tout d'abord : impossible de demarrer en mode sans echec. Mon PC s'arretait automatiquement des l'ouverture de ma session.
J'ai cherche des conseils sur le net et j'ai fini par trouver :
j'ai telecharge msconfig et en mode demarrage avec diagnostic, j'ai reussi a demarrer en mode sans echec.

Second probleme : j'ai fait tourner malwarebyte mais a chaque fois, a la fin, il me demande si je veux afficher les resultats. Je clique OK et puis... rien ? De plus tous les onglets de malware sont devenus inactifs, je n'ai plus qu'a fermer.

De plus, dans les parametres de malware, il est indique : "la base de donnees que vous utilisez est indisponible" ??

Dernier point, a chaque recherche malware, il est dtecte le Trojan suivant : Crypt.ULPM

La situation se complique donc.

En esperant que je n'use pas trop ton temps et ta patience.

Salutations.
J.

Salut jaku1


Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm


==> Sauvegarde et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée

Il te sera demandé d’installer la console si elle n’est pas installer, clique sur NON

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\ Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++

Ravi de te retrouver,

Cette fois, ca a marche. Voila le rapport :

ComboFix 09-01-01.02 - Jean-Francois 2009-01-03 16:22:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1033.18.511.252 [GMT 1:00]
Running from: c:\documents and settings\Jean-Francois\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Sunbelt Kerio Personal Firewall *disabled*
* Created a new restore point

[B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\db32.txt
c:\windows\system32\0n6mvrMD.exe.a_a
c:\windows\ws386.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASPIMGR
-------\Service_aspimgr


((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-03 16:19 . 2009-01-03 16:19 <DIR> d-------- C:\32788R22FWJFW
2009-01-03 11:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 11:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 11:01 . 2009-01-03 11:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 06:21 . 2001-08-28 14:00 147,968 --a------ c:\windows\system32\msconfig.exe
2009-01-02 18:27 . 2009-01-02 18:27 <DIR> d-------- c:\documents and settings\Jean-Francois\Application Data\Malwarebytes
2009-01-02 18:27 . 2009-01-02 18:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-02 14:32 . 2009-01-02 14:38 <DIR> d-------- C:\ToolBar SD
2009-01-02 14:29 . 2009-01-02 14:29 <DIR> d-------- C:\rsit
2009-01-02 14:13 . 2009-01-02 14:13 <DIR> d-------- c:\program files\Trend Micro
2008-12-31 18:30 . 2008-09-09 11:39 562,176 -ra------ c:\windows\system32\drivers\hcw95bda.sys
2008-12-31 18:30 . 2004-08-04 09:56 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-31 18:30 . 2008-09-09 11:41 15,616 -ra------ c:\windows\system32\drivers\hcw95rc.sys
2008-12-30 21:08 . 2008-12-30 21:08 <DIR> d-------- c:\program files\GIBCOM
2008-12-30 21:08 . 1998-09-24 13:03 171,967 --a------ c:\windows\system32\Odbcjet.hlp
2008-12-30 21:08 . 1998-10-19 12:34 37,062 --a------ c:\windows\system32\odbcinst.hlp
2008-12-30 21:08 . 1997-01-27 02:00 28,432 --a------ c:\windows\system32\FM20FRA.DLL
2008-12-30 21:08 . 1998-09-24 13:03 7,348 --a------ c:\windows\system32\Odbcjet.cnt
2008-12-30 21:08 . 1998-10-19 12:34 324 --a------ c:\windows\system32\odbcinst.cnt
2008-12-30 20:59 . 2008-12-30 21:28 <DIR> d-------- c:\program files\MP3Gain
2008-12-06 17:59 . 2008-12-06 17:59 <DIR> d-------- C:\downloads
2008-12-06 17:59 . 2008-12-07 06:49 <DIR> d-------- c:\documents and settings\Jean-Francois\Application Data\Orbit
2008-12-06 17:59 . 2008-12-06 17:59 <DIR> d-------- c:\documents and settings\Jean-Francois\Application Data\GrabPro
2008-12-06 17:54 . 2008-12-08 23:22 <DIR> d-------- c:\program files\IVCsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 12:40 8,206,601 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-01-03 12:19 --------- d-----w c:\documents and settings\Jean-Francois\Application Data\uTorrent
2008-12-31 21:05 --------- d-----w c:\program files\eMule
2008-12-30 20:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 06:49 --------- d-----w c:\program files\Zattoo
2008-11-30 11:34 --------- d-----w c:\program files\Axon Data
2008-11-30 09:29 --------- d-----w c:\program files\Magic Folders
2008-11-30 09:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-30 09:08 --------- d-----w c:\program files\Dobermann
2008-11-30 08:09 3,982 ----a-w c:\windows\kj01d.sys
2008-11-26 06:44 --------- d-----w c:\program files\adslTV
2008-11-26 06:03 --------- d-----w c:\documents and settings\Jean-Francois\Application Data\vlc
2008-11-24 05:26 --------- d-----w c:\program files\bobyte
2008-11-23 17:24 --------- d-----w c:\documents and settings\Jean-Francois\Application Data\Dragon Altar Games
2008-11-23 15:15 --------- d-----w c:\program files\Games
2008-11-21 21:34 --------- d-----w c:\program files\RSSOwl
2008-11-14 21:27 --------- d-----w c:\program files\Juice
2008-11-14 06:34 --------- d-----w c:\program files\Canal
2008-11-14 06:32 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-13 06:33 --------- d-----w c:\documents and settings\Jean-Francois\Application Data\Feedreader
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-06 18:46 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-06 18:46 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2008-07-08 05:32 24,496 ----a-w c:\documents and settings\Jean-Francois\Application Data\GDIPFONTCACHEV1.DAT
2006-08-28 19:46 278,528 ----a-w c:\program files\Common Files\FDEUnInstaller.exe
2008-11-17 06:19 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-17 06:19 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-17 06:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-17 06:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-17 06:19 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2008-05-17 1470488]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-05-17 11:07 1470488 --a------ c:\program files\free-downloads.net\tbfre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2008-05-17 1470488]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2008-05-17 1470488]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~2\SsAAD.exe" [2006-05-08 81920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Livestation"="c:\program files\Livestation\Livestation.exe" [2008-10-02 1789952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2002-07-31 126976]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-23 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-25 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
"Canal Widget"="c:\program files\Canal\Canal Widget\Launcher.exe" [2008-12-28 105528]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-04-23 181752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2002-07-15 126976]
"Tpwrtray"="TPWRTRAY.EXE" [2002-03-20 c:\windows\system32\TPWRTRAY.EXE]
"TFNF5"="TFNF5.exe" [2001-08-03 c:\windows\system32\TFNF5.exe]
"TFncKy"="TFncKy.exe" [BU]
"nwiz"="nwiz.exe" [2002-04-18 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-08-25 745472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\DRIVERS\avgntmgr.sys [2008-02-17 22336]
R0 MFX;MFX;c:\windows\system32\drivers\MFX.sys [2007-09-11 45824]
R1 avgntdd;avgntdd;c:\windows\system32\DRIVERS\avgntdd.sys [2008-02-17 45376]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2006-07-18 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2006-07-18 91672]
R2 CanalPlus.VOD;CanalPlus.VOD;"c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-10-23 61440]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2007-08-25 66048]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-08-25 167808]
R3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys [2007-08-25 13532]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2008-12-31 562176]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68336f03-6397-11db-9363-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - SJYPKT
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 c:\windows\Tasks\1 Copernic Intra-Daily ~YOUR-Q94BJVTL0R Jean-Francois.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-10-10 c:\windows\Tasks\2 Copernic Daily ~YOUR-Q94BJVTL0R Jean-Francois.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-10-10 c:\windows\Tasks\3 Copernic Weekly ~YOUR-Q94BJVTL0R Jean-Francois.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-10-10 c:\windows\Tasks\4 Copernic Monthly ~YOUR-Q94BJVTL0R Jean-Francois.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2009-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-01 c:\windows\Tasks\At1.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At10.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At11.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At12.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At13.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At14.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At15.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At16.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At17.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At18.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At19.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At2.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At20.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At21.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At22.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At23.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At24.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At3.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At4.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At5.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At6.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At7.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At8.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At9.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\User_Feed_Synchronization-{5E8EFA59-067B-48A7-8868-9BCEFD962138}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
HKCU-Run-CanalPlayer - c:\program files\Lecteur CANALPLAY\CanalPlayer.exe
HKLM-Run-ezShieldProtector for Px - c:\windows\System32\ezSP_Px.exe
ShellExecuteHooks-{650CA63D-4A01-4BF8-A608-9B1EBB36292E} - c:\windows\System32\pRDfOMpJ.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
Trusted Zone: *.canalplay.com
Trusted Zone: *.canalplusactive.com
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
FF - ProfilePath - c:\documents and settings\Jean-Francois\Application Data\Mozilla\Firefox\Profiles\beift204.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr//
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 16:42:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3293823761-1615061138-1316817595-1005\Software\Microsoft\PerfVis\Settings\Default]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3293823761-1615061138-1316817595-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FFD709F0-AF39-11D2-B854-0000F81E8872}\Control]
@DACL=(02 0000)
@SACL=
@=""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FFD709F0-AF39-11D2-B854-0000F81E8872}\Implemented Categories]
@DACL=(02 0000)
@SACL=
@=""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FFD709F0-AF39-11D2-B854-0000F81E8872}\InprocServer32]
@DACL=(02 0000)
@SACL=
@="msjava.dll"
"ThreadingModel"="Both"
"JavaClass"="com.ms.wfc.html.DhComponentWrapper$DhInnerSafeControl"

[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CLSID]
@DACL=(02 0000)
@SACL=
@="{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}"

[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CurVer]
@DACL=(02 0000)
@SACL=
@="DSP.DSP.1"

[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSPDMOProp_Chorus.1\CLSID]
@DACL=(02 0000)
@SACL=
@="{6F63B172-5543-4593-91CE-EDBA65B9FACDB}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Java VM\RNIModuleFlags]
@DACL=(02 0000)
@SACL=
"mtxjava.dll"=hex:01,00,00,00
"jdbcdemo.dll"=hex:01,00,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Java VM\Security]
@DACL=(02 0000)
@SACL=
"EditCustomPermissions"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Java VM\System Properties]
@DACL=(02 0000)
@SACL=
"com.ms.applet.enable.serversockets"="false"
"http.agent"="Java 1.1"

[HKEY_LOCAL_MACHINE\software\YAMAHA\YAMAHA AC-XG WDM]
@DACL=(02 0000)
@SACL=
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\conime.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-03 16:49:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-03 15:49:08
ComboFix2.txt 2008-02-16 18:09:06

Pre-Run: 2,207,010,816 bytes free
Post-Run: 2,834,382,848 bytes free

344 --- E O F --- 2008-09-20 17:04:22


A bientot,
Jaku

Salut jaku1


- Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

- Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :



- Enregistre ce fichier sur le bureau (Impératif)

-Nom du fichier : CFScript.txt
-Type du fichier : tous les fichiers

- Clique sur Enregistrer et quitte le Bloc Notes

Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :



* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ ComboFix.txt


@++

Voila le resultat du scan :

ComboFix 09-01-01.02 - Jean-Francois 2009-01-03 19:37:15.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1033.18.511.237 [GMT 1:00]
Running from: c:\documents and settings\Jean-Francois\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Sunbelt Kerio Personal Firewall *disabled*

[B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B]
.

((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-03 19:28 . 2009-01-03 19:29 <DIR> d-------- C:\32788R22FWJFW
2009-01-03 11:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 11:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 11:01 . 2009-01-03 11:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 06:21 . 2001-08-28 14:00 147,968 --a------ c:\windows\system32\msconfig.exe
2009-01-02 18:27 . 2009-01-02 18:27 <DIR> d-------- c:\documents and settings\Jean-Francois\Application Data\Malwarebytes
2009-01-02 18:27 . 2009-01-02 18:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-02 14:32 . 2009-01-02 14:38 <DIR> d-------- C:\ToolBar SD
2009-01-02 14:29 . 2009-01-02 14:29 <DIR> d-------- C:\rsit
2009-01-02 14:13 . 2009-01-02 14:13 <DIR> d-------- c:\program files\Trend Micro
2008-12-31 18:30 . 2008-09-09 11:39 562,176 -ra------ c:\windows\system32\drivers\hcw95bda.sys
2008-12-31 18:30 . 2004-08-04 09:56 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-31 18:30 . 2008-09-09 11:41 15,616 -ra------ c:\windows\system32\drivers\hcw95rc.sys
2008-12-30 21:08 . 2008-12-30 21:08 <DIR> d-------- c:\program files\GIBCOM
2008-12-30 21:08 . 1998-09-24 13:03 171,967 --a------ c:\windows\system32\Odbcjet.hlp
2008-12-30 21:08 . 1998-10-19 12:34 37,062 --a------ c:\windows\system32\odbcinst.hlp
2008-12-30 21:08 . 1997-01-27 02:00 28,432 --a------ c:\windows\system32\FM20FRA.DLL
2008-12-30 21:08 . 1998-09-24 13:03 7,348 --a------ c:\windows\system32\Odbcjet.cnt
2008-12-30 21:08 . 1998-10-19 12:34 324 --a------ c:\windows\system32\odbcinst.cnt
2008-12-30 20:59 . 2008-12-30 21:28 <DIR> d-------- c:\program files\MP3Gain
2008-12-06 17:59 . 2008-12-06 17:59 <DIR> d-------- C:\downloads
2008-12-06 17:59 . 2008-12-07 06:49 <DIR> d-------- c:\documents and settings\Jean-Francois\Application Data\Orbit
2008-12-06 17:59 . 2008-12-06 17:59 <DIR> d-------- c:\documents and settings\Jean-Francois\Application Data\GrabPro
2008-12-06 17:54 . 2008-12-08 23:22 <DIR> d-------- c:\program files\IVCsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 18:45 --------- d-----w c:\documents and settings\Jean-Francois\Application Data\uTorrent
2009-01-03 12:40 8,206,601 ----a-w c:\windows\system32\drivers\fwdrv.err
2008-12-31 21:05 --------- d-----w c:\program files\eMule
2008-12-30 20:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 06:49 --------- d-----w c:\program files\Zattoo
2008-11-30 11:34 --------- d-----w c:\program files\Axon Data
2008-11-30 09:29 --------- d-----w c:\program files\Magic Folders
2008-11-30 09:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-30 09:08 --------- d-----w c:\program files\Dobermann
2008-11-30 08:09 3,982 ----a-w c:\windows\kj01d.sys
2008-11-26 06:44 --------- d-----w c:\program files\adslTV
2008-11-26 06:03 --------- d-----w c:\documents and settings\Jean-Francois\Application Data\vlc
2008-11-24 05:26 --------- d-----w c:\program files\bobyte
2008-11-23 17:24 --------- d-----w c:\documents and settings\Jean-Francois\Application Data\Dragon Altar Games
2008-11-23 15:15 --------- d-----w c:\program files\Games
2008-11-21 21:34 --------- d-----w c:\program files\RSSOwl
2008-11-14 21:27 --------- d-----w c:\program files\Juice
2008-11-14 06:34 --------- d-----w c:\program files\Canal
2008-11-14 06:32 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-13 06:33 --------- d-----w c:\documents and settings\Jean-Francois\Application Data\Feedreader
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-06 18:46 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-06 18:46 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2008-07-08 05:32 24,496 ----a-w c:\documents and settings\Jean-Francois\Application Data\GDIPFONTCACHEV1.DAT
2006-08-28 19:46 278,528 ----a-w c:\program files\Common Files\FDEUnInstaller.exe
2008-11-17 06:19 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-17 06:19 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-17 06:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-17 06:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-17 06:19 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2008-05-17 1470488]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-05-17 11:07 1470488 --a------ c:\program files\free-downloads.net\tbfre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2008-05-17 1470488]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2008-05-17 1470488]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~2\SsAAD.exe" [2006-05-08 81920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Livestation"="c:\program files\Livestation\Livestation.exe" [2008-10-02 1789952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2002-07-31 126976]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-23 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-25 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
"Canal Widget"="c:\program files\Canal\Canal Widget\Launcher.exe" [2008-12-28 105528]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-04-23 181752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2002-07-15 126976]
"Tpwrtray"="TPWRTRAY.EXE" [2002-03-20 c:\windows\system32\TPWRTRAY.EXE]
"TFNF5"="TFNF5.exe" [2001-08-03 c:\windows\system32\TFNF5.exe]
"TFncKy"="TFncKy.exe" [BU]
"nwiz"="nwiz.exe" [2002-04-18 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-08-25 745472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\DRIVERS\avgntmgr.sys [2008-02-17 22336]
R0 MFX;MFX;c:\windows\system32\drivers\MFX.sys [2007-09-11 45824]
R1 avgntdd;avgntdd;c:\windows\system32\DRIVERS\avgntdd.sys [2008-02-17 45376]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2006-07-18 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2006-07-18 91672]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2007-08-25 66048]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-08-25 167808]
R3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys [2007-08-25 13532]
S2 CanalPlus.VOD;CanalPlus.VOD;"c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-10-23 61440]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2008-12-31 562176]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68336f03-6397-11db-9363-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 c:\windows\Tasks\1 Copernic Intra-Daily ~YOUR-Q94BJVTL0R Jean-Francois.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-10-10 c:\windows\Tasks\2 Copernic Daily ~YOUR-Q94BJVTL0R Jean-Francois.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-10-10 c:\windows\Tasks\3 Copernic Weekly ~YOUR-Q94BJVTL0R Jean-Francois.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2008-10-10 c:\windows\Tasks\4 Copernic Monthly ~YOUR-Q94BJVTL0R Jean-Francois.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

2009-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-01 c:\windows\Tasks\At1.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At10.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At11.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At12.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At13.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At14.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At15.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At16.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At17.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At18.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At19.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At2.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At20.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At21.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At22.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At23.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At24.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At3.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At4.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At5.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At6.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\At7.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At8.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-02 c:\windows\Tasks\At9.job
- c:\windows\System32\0n6mvrMD.exe []

2009-01-03 c:\windows\Tasks\User_Feed_Synchronization-{5E8EFA59-067B-48A7-8868-9BCEFD962138}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
Trusted Zone: *.canalplay.com
Trusted Zone: *.canalplusactive.com
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
FF - ProfilePath - c:\documents and settings\Jean-Francois\Application Data\Mozilla\Firefox\Profiles\beift204.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr//
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 19:45:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\ieframe.dll
.
Completion time: 2009-01-03 19:48:50
ComboFix-quarantined-files.txt 2009-01-03 18:48:39
ComboFix2.txt 2009-01-03 15:49:34
ComboFix3.txt 2008-02-16 18:09:06

Pre-Run: 2,839,425,024 bytes free
Post-Run: 2,825,265,152 bytes free

258 --- E O F --- 2008-09-20 17:04:22

Salut jaku1


On va faire autrement, télécharge OTMoveIt3 (de Old_Timer) sur le bureau :

http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt3.exe sur le bureau

- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

- Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved



- Clique sur MoveIt! pour lancer la suppression.
- Ferme OTMoveIt3

Ton PC va redémarrer pour finir la suppression

Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.


@++

Ca m'a l'air mieux :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
C:\32788R22FWJFW moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01032009_201932

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Salut jaku1


Super

On va vérifier si rien de caché :

Fais un scan en ligne ici http://webscanner.kaspersky.fr/ (A faire avec Internet Explorer)

- Désactive ton Antivirus avant le scan
- En bas à droite clique sur Démarrer Online-scanner dans la nouvelle fenêtre qui s'affiche clique sur J'accepte
- Accepte les Contrôle ActivX

- Choisis Poste de travail pour le scan. Celui-ci terminé clique sur Enregistrer rapport sous (Choisis fichier texte)
- Poste le rapport

- Pour t'aider à utiliser le scan en ligne http://forum.pcastuces.com/kaspersky_online_scanner___tutoriel-f31s10.htm

P.S. : Si tu as un problème pour l'installation du Contrôle ActivX lis ceci http://www.inoculer.com/activex.php3


NOTE : Si tu reçoit le message "La licence de Kaspersky On-line Scanner est périmée"
Via Ajout/Suppression de programmes supprime Kaspersky Online Scanner et refaire l’installation.


@++

J'espere que la nuit fut bonne.

De mon cote, j'ai bataille avec Kaspersky mais, meme en suivant tes conseils, pas moyen de lancer le scan. L'installation mouline et rien ne demarre apres deux heures !!
J'ai abandonne.

??????

Jaku

Salut jaku1


Pas grave, on va faire autrement

Mettre à jour Antivir, faire un scan en mode sans échec et poste le rapport après avoir démarré en mode normal.

Aide : http://www.malekal.com/tutorial_antivir.php


@++

Rebonjour a toi,

ANTIVIR m'a donne le rapport suivant :



Avira AntiVir Personal
Report file date: 04 January 2009 16:48

Scanning for 1145719 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Jean-Francois
Computer name: YOUR-Q94BJVTL0R

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008/11/18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008/11/26 18:30:07
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008/07/18 16:44:35
LUKE.DLL : 8.1.4.5 164097 Bytes 2008/07/18 16:44:36
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008/07/18 16:44:36
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008/10/27 04:00:19
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 2008/12/24 15:26:09
ANTIVIR2.VDF : 7.1.1.60 318976 Bytes 2009/01/02 15:27:30
ANTIVIR3.VDF : 7.1.1.68 54784 Bytes 2009/01/04 15:27:24
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008/10/15 18:23:11
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 2008/12/11 18:29:10
AESCN.DLL : 8.1.1.5 123251 Bytes 2008/11/08 18:26:36
AERDL.DLL : 8.1.1.3 438645 Bytes 2008/11/06 18:28:43
AEPACK.DLL : 8.1.3.4 393591 Bytes 2008/11/11 18:25:26
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2008/12/11 18:29:08
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 2008/12/11 18:29:07
AEHELP.DLL : 8.1.2.0 119159 Bytes 2008/11/18 18:26:56
AEGEN.DLL : 8.1.1.8 323956 Bytes 2008/12/11 18:28:58
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008/10/15 18:22:51
AECORE.DLL : 8.1.5.2 172405 Bytes 2008/11/28 18:27:53
AEBB.DLL : 8.1.0.3 53618 Bytes 2008/10/15 18:22:43
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008/07/18 16:44:35
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008/07/18 16:44:35
AVREP.DLL : 8.0.0.2 98344 Bytes 2008/07/31 16:36:05
AVREG.DLL : 8.0.0.1 33537 Bytes 2008/07/18 16:44:35
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008/04/19 17:48:30
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008/07/18 16:44:35
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008/04/19 17:48:32
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008/07/18 16:44:36
NETNT.DLL : 8.0.0.1 7937 Bytes 2008/04/19 17:48:32
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008/07/18 16:44:27
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008/07/18 16:44:27

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:, G:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 04 January 2009 16:48

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'userinit.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\' <S3A1192D001>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\' <LOCAL>
Begin scan in 'G:\' <Iomega_HDD>


End of the scan: 04 January 2009 18:39
Used time: 1:51:13 Hour(s)

The scan has been done completely.

6705 Scanning directories
268816 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
268814 Files not concerned
6570 Archives were scanned
2 Warnings
0 Notes

A priori plutot encourageant.
Jaku

Salut jaku1


Ton rapport est propre

On va faire un ménage des outils téléchargés pour la désinfection, télécharge Tools Cleaner sur le bureau :

http://pc-system.fr/TC/ToolsCleaner2.exe


- Double clique sur ToolsCleaner2.exe sur le bureau
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options facultatives.
- Clique sur Quitter pour obtenir le rapport.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
- Si des outils restes après le passage de Tools Cleaner, tu pourras les supprimer manuellement ainsi que tous les rapports qui on été généré lors de la désinfection.


-----


Mettre à jour Windows(catégories critique, Services Pack et Services Release) ici : http://www.windowsupdate.com/

Faire un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités et mettre à jour :
http://www.malekal.com/scan_vulnerabilite.php


Tiens moi au courant


@++

Missions accomplies :

Voici le rapport Toolcleaner :

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\VundoFix.txt: trouv・!
C:\Combofix.txt: trouv・!
C:\TB.txt: trouv・!
C:\FixWareOut: trouv・!
C:\!Killbox: trouv・!
C:\Qoobox: trouv・!
C:\_OtMoveIt: trouv・!
C:\Toolbar SD: trouv・!
C:\Rsit: trouv・!
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouv・!
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouv・!
C:\Documents and Settings\Jean-Francois\Desktop\HijackThis.lnk: trouv・!
C:\Documents and Settings\Jean-Francois\Desktop\ComboFix.exe: trouv・!
C:\Documents and Settings\Jean-Francois\Desktop\Combofix.txt: trouv・!
C:\Documents and Settings\Jean-Francois\Desktop\OTMoveIt3.exe: trouv・!
C:\fixwareout\SUB\Bfu.exe: trouv・!
C:\Program Files\Trend Micro\HijackThis: trouv・!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouv・!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouv・!
C:\WINDOWS\Gmer.exe: trouv・!


Restauration annul馥 !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprim・!
C:\Documents and Settings\Jean-Francois\Desktop\HijackThis.lnk: supprim・!
C:\Documents and Settings\Jean-Francois\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\fixwareout\SUB\Bfu.exe: supprim・!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprim・!
C:\WINDOWS\Gmer.exe: supprim・!
C:\VundoFix.txt: supprim・!
C:\Combofix.txt: supprim・!
C:\TB.txt: supprim・!
C:\Documents and Settings\Jean-Francois\Desktop\Combofix.txt: supprim・!
C:\Documents and Settings\Jean-Francois\Desktop\OTMoveIt3.exe: supprim・!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprim・!
C:\FixWareOut: supprim・!
C:\!Killbox: supprim・!
C:\Qoobox: supprim・!
C:\_OtMoveIt: supprim・!
C:\Toolbar SD: supprim・!
C:\Rsit: supprim・!
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprim・!
C:\Program Files\Trend Micro\HijackThis: supprim・!


J'ai aussi mis a jour Windows et, suite au scan de securite, Adobe Flash Player, Macromedia Flash Player et Sun Java JRE.

Jaku

Salut jaku1


As-tu d'autre souci?


@++

Salut Dédétraqué,

Mon dernier souci est de savoir comment te dire merci.

Encore une fois, Bonne année et, meme si j'ai apprecie ton efficacite, j'espere que virus et autre saloperie me laisseront tranquille et que je n'aurais pas a revenir dans ce forum.

Merci et bon vent.
Jaku

Salut jaku1


Bien de rien, je te donne quelques consignes de sécurité :

- Windows Update parfaitement à jour http://www.windowsupdate.com/ (catégories critique, Services Pack et Services Release)
- pare-feu bien paramétré
- antivirus bien paramétré et mis à jour régulièrement (quotidiennement s'il le faut) avec un scan complet régulier (journalier s'il le faut).
- une attitude prudente vis à vis de la navigation (pas de sites douteux : cracks, warez, sexe...) et vis à vis de la messagerie (fichiers joints aux messages doivent être scannés avant d'être ouverts)
- pas de téléchargement illégal, qui est le principal facteur d’infection (µTorrent, BitTorrent, eMule, Limewire, etc..) Le danger des cracks !
- une attitude vigilante (être à l'affût d'un fonctionnement inhabituel de son système)
- nettoyage hebdomadaire du système (suppression des fichiers inutiles, nettoyage de la base de registre, scandisk, defrag)
- scan hebdomadaire antispyware ( je conseil MalwareByte's Anti-Malware)
- un contrôle régulier de la console JAVA pour s'assurer qu'elle est à jour http://www.java.com/en/download/help/testvm.xml
- un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités :
http://www.malekal.com/scan_vulnerabilite.php


------ Ton infection, tu la dénonces ? :

Tu n'es pas obligé mais ce serait bien que tu prennes 5 minutes et que tu rapportes ton infection sur Malware Complaints pour condamner les auteurs.

Ton(tes) infection(s) : Trojan.DNSChanger.

Si tu ne la trouves pas dans la liste, poste dans Autres infections.

Aide : Comment dénoncer mon infection sur Malware Complaints.


De bonne lecture :
http://www.malekal.com/menu_windows_general.php
http://www.malekal.com/menu_windows_securite.php


Si tu considère ton problème comme résolu, édite avec le crochet ton premier poste et ajoute [résolu] dans le titre.


Bonne journée et bon surf


@++