S'abonner :  Newsletters    Magazines
Avis sur les produits Avis sur les logiciels Avis sur les jeux Actualités A propos de 01net
722 utilisateurs connectés
Forum de 01net / Sécurité / Spyware recalcitrant Virtu monde

Spyware recalcitrant Virtu monde

piotr12 le 18 janvier 2009 à 18h28
Bonjour,

Je suis apparemment infecté par le trojan Virtumonde.
J'ai teste Ad Aware, Spy bot, le scan symantec, egalement en monde sans echec et sans restauration systeme.
Ca a l'aire de marcher avec IE mais des que j'ouvre firefox ca repart...

Merci de votre aide
répondre
dédétraqué le 18 janvier 2009 à 18h53
Salut piotr12


On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt à la fin de l’analyse


@++ :)
répondre
piotr12 le 19 janvier 2009 à 21h11
Bonjour, desolé je ne retrouvais plus mon sujet voici les rapports :
_____

Logfile of random's system information tool 1.05 (written by random/random)
Run by user at 2009-01-19 20:09:58
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (26%) free of 25 GB
Total RAM: 1023 MB (7% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:20, on 19/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
D:\Mesdocs\Bureau\RSIT.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxybiblio.hec.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C10D8A-FBD5-4924-8B6A-554E9A7D16B2} - (no file)
O2 - BHO: (no name) - {2AE2AEE8-C05C-4EAA-B691-63B25685B696} - (no file)
O2 - BHO: (no name) - {52C0C75D-09CD-4E78-A81F-2186892DDAB5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcYSkKB.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: (no name) - {B9CE1E0A-B989-496A-97AA-600A264A3A6A} - (no file)
O2 - BHO: (no name) - {D284632D-548C-4DEF-9585-35946BEA3976} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {ECBF01B5-2A1C-4F7E-B03C-84986FF1DEE0} - C:\WINDOWS\system32\ddcDvwXR.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1035] command /c del "C:\WINDOWS\system32\lyrbgbeg.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: zpkdmb.dll golxkx.dll abzdez.dll
O20 - Winlogon Notify: efcYSkKB - C:\WINDOWS\SYSTEM32\efcYSkKB.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11980 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\nfbwzaxx.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{3F7F9831-88E7-45DB-AAC5-BE543C105491}.job
C:\WINDOWS\tasks\uviruuwu.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08C10D8A-FBD5-4924-8B6A-554E9A7D16B2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AE2AEE8-C05C-4EAA-B691-63B25685B696}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52C0C75D-09CD-4E78-A81F-2186892DDAB5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\efcYSkKB.dll [2009-01-15 36352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]
ActivationManager Class - C:\Program Files\ActivationManager\ActivationManager.dll [2008-04-12 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9CE1E0A-B989-496A-97AA-600A264A3A6A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D284632D-548C-4DEF-9585-35946BEA3976}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECBF01B5-2A1C-4F7E-B03C-84986FF1DEE0}]
C:\WINDOWS\system32\ddcDvwXR.dll [2009-01-15 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-30 88203]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.exe [2006-01-16 53248]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-10 761945]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-02 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-02-22 40960]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-01-23 802816]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]
"Network Associates Error Reporting Service"=C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-10 136600]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-11-20 180269]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
""= []
"Mp4 Player"=C:\Program Files\Mp4 Player\Mp4Player.exe hmw []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-01-11 342848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB1035"=command /c del C:\WINDOWS\system32\lyrbgbeg.dll_old []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\user\Menu Démarrer\Programmes\Démarrage
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="zpkdmb.dll golxkx.dll abzdez.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-02 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcYSkKB]
C:\WINDOWS\system32\efcYSkKB.dll [2009-01-15 36352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\efcYSkKB.dll [2009-01-15 36352]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ddcDvwXR

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\Novell\GroupWise\grpwise.exe"="C:\Novell\GroupWise\grpwise.exe:*:Enabled:GroupWise"
"C:\Novell\GroupWise\notify.exe"="C:\Novell\GroupWise\notify.exe:*:Enabled:GroupWise Notify"
"C:\Documents and Settings\user\Local Settings\Temp\Répertoire temporaire 3 pour lanscan.zip\LanSC\LanScan.exe"="C:\Documents and Settings\user\Local Settings\Temp\Répertoire temporaire 3 pour lanscan.zip\LanSC\LanScan.exe:*:Enabled:LanScanner"
"D:\Mesdocs\Bureau\lanscan\LanSC\LanScan.exe"="D:\Mesdocs\Bureau\lanscan\LanSC\LanScan.exe:*:Enabled:LanScanner"
"C:\Program Files\lanscan\LanSC\LanScan.exe"="C:\Program Files\lanscan\LanSC\LanScan.exe:*:Enabled:LanScanner"
"C:\Program Files\zSlide\Podmailer\podmailer.exe"="C:\Program Files\zSlide\Podmailer\podmailer.exe:*:Enabled:Podmailer"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Java\j2re1.4.2_11\javaws\javaws.exe"="C:\Program Files\Java\j2re1.4.2_11\javaws\javaws.exe:*:Enabled:Java Web Start"
"C:\Program Files\AoE (à copier dans program files)\empires2.exe"="C:\Program Files\AoE (à copier dans program files)\empires2.exe:*:Disabled:Age of Empires II"
"C:\Program Files\SecondLife\SecondLife.exe"="C:\Program Files\SecondLife\SecondLife.exe:*:Disabled:SecondLife.exe"
"C:\Program Files\Veoh Networks\Veoh\Affiliate.exe"="C:\Program Files\Veoh Networks\Veoh\Affiliate.exe:*:Enabled:Affiliate.exe"
"C:\Program Files\Veoh Networks\Veoh\BsSndRpt.exe"="C:\Program Files\Veoh Networks\Veoh\BsSndRpt.exe:*:Enabled:BsSndRpt.exe"
"C:\Program Files\7-Zip\7zFM.exe"="C:\Program Files\7-Zip\7zFM.exe:*:Enabled:7-Zip File Manager"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:LocalSubNet:Enabled:Veoh Client"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Google\Google Updater\GoogleUpdater.exe"="C:\Program Files\Google\Google Updater\GoogleUpdater.exe:*:Enabled:GoogleUpdater.exe"
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe:*:Enabled:GoogleUpdaterService.exe"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"D:\StubInstaller.exe"="D:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11468ecf-f419-11dc-a758-001302578d37}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat
shell\ɱ¶¾(&K)\command - H:\delautorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11fd4f1f-6fff-11db-a4df-0016417ffc6b}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc547a3-481d-11db-998b-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24b789d0-fe4c-11dc-a763-001302578d37}]
shell\AutoRun\command - G:\EmDesk.exe
shell\EmDesk\command - G:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40d578a3-4caf-11db-8748-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4277d5c6-c08d-11dc-a712-001302578d37}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{691bb0a3-4d5d-11db-a0e4-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4727c2-c2be-11dc-a716-001302578d37}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat
shell\ɱ¶¾(&K)\command - G:\delautorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ff6c423-4d67-11db-9dc2-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9d091c9-4d74-11db-8c71-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1230ded-d37e-11dd-a87e-0016417ffc6b}]
shell\AutoRun\command - G:\EmDesk.exe
shell\EmDesk\command - G:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1b4fbec-ddc8-11db-a5d6-001302578d37}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc1742a3-4d71-11db-a6da-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1d8d449-4d76-11db-842d-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1e97cef-ad2a-11db-a577-0016417ffc6b}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c78ac8-9252-11dd-a829-0016417ffc6b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat
shell\ɱ¶¾(&K)\command - G:\delautorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea91676e-42e3-11db-b29b-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a13cec-bc75-11db-a58e-0016417ffc6b}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a13ced-bc75-11db-a58e-0016417ffc6b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat
shell\ɱ¶¾(&K)\command - H:\delautorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db36ef-4d64-11db-a65d-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2009-01-19 20:09:59 ----D---- C:\Program Files\trend micro
2009-01-19 20:09:58 ----D---- C:\rsit
2009-01-19 19:05:49 ----SH---- C:\WINDOWS\system32\ugjwuiom.ini
2009-01-19 19:05:46 ----A---- C:\WINDOWS\system32\moiuwjgu.dll
2009-01-19 19:03:34 ----A---- C:\WINDOWS\system32\abzdez.dll
2009-01-19 19:03:33 ----A---- C:\WINDOWS\system32\obdyvjmb.dll
2009-01-18 13:34:59 ----ASH---- C:\WINDOWS\system32\RXwvDcdd.ini2
2009-01-18 13:13:18 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-18 11:19:02 ----A---- C:\WINDOWS\system32\lyymvjad.dll
2009-01-18 11:17:57 ----A---- C:\WINDOWS\system32\golxkx.dll
2009-01-18 11:17:56 ----A---- C:\WINDOWS\system32\pnkphfyc.dll
2009-01-17 11:02:33 ----D---- C:\VundoFix Backups
2009-01-17 11:02:33 ----A---- C:\VundoFix.txt
2009-01-17 10:20:28 ----A---- C:\WINDOWS\system32\fnlxkaoe.dll
2009-01-17 10:20:25 ----A---- C:\WINDOWS\system32\zpkdmb.dll
2009-01-17 10:20:24 ----A---- C:\WINDOWS\system32\lrkkqqrd.dll
2009-01-16 08:06:53 ----A---- C:\WINDOWS\system32\stu2.exe
2009-01-15 22:18:57 ----A---- C:\WINDOWS\system32\mfgwph.dll
2009-01-15 22:18:55 ----A---- C:\WINDOWS\system32\egrupglc.dll
2009-01-15 22:18:11 ----A---- C:\WINDOWS\system32\185f160c-.txt
2009-01-15 22:17:26 ----ASH---- C:\WINDOWS\system32\RXwvDcdd.ini
2009-01-15 22:17:14 ----A---- C:\WINDOWS\system32\ddcDvwXR.dll
2009-01-15 22:11:50 ----A---- C:\WINDOWS\system32\efcYSkKB.dll
2009-01-14 23:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-11 16:13:07 ----D---- C:\Documents and Settings\user\Application Data\BitTorrent
2009-01-11 16:12:49 ----D---- C:\Program Files\DNA
2009-01-11 16:12:49 ----D---- C:\Documents and Settings\user\Application Data\DNA
2009-01-11 16:12:48 ----D---- C:\Program Files\BitTorrent
2009-01-10 10:36:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-10 10:36:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-10 10:36:36 ----A---- C:\WINDOWS\system32\java.exe
2009-01-10 10:36:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-09 23:24:34 ----D---- C:\Documents and Settings\user\Application Data\Google
2008-12-27 15:14:01 ----D---- C:\Program Files\iPod
2008-12-27 15:13:53 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-27 15:13:52 ----D---- C:\Program Files\iTunes
2008-12-27 14:34:42 ----D---- C:\Program Files\Bonjour
2008-12-27 14:31:35 ----D---- C:\Program Files\Apple Software Update

======List of files/folders modified in the last 1 months======

2009-01-19 20:10:02 ----D---- C:\WINDOWS\Prefetch
2009-01-19 20:09:59 ----RD---- C:\Program Files
2009-01-19 19:54:51 ----D---- C:\WINDOWS\Temp
2009-01-19 19:11:37 ----D---- C:\WINDOWS
2009-01-19 19:09:36 ----A---- C:\WINDOWS\WPCMAPI.INI
2009-01-19 19:07:49 ----D---- C:\Program Files\Mozilla Firefox
2009-01-19 19:05:52 ----D---- C:\WINDOWS\system32
2009-01-19 19:04:55 ----D---- C:\quarantine
2009-01-19 19:02:50 ----D---- C:\WINDOWS\SMINST
2009-01-19 08:25:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-18 21:07:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-18 13:50:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-18 00:24:57 ----D---- C:\Documents and Settings\user\Application Data\Skype
2009-01-18 00:10:25 ----HD---- C:\WINDOWS\inf
2009-01-17 21:58:41 ----D---- C:\Documents and Settings\user\Application Data\dvdcss
2009-01-17 12:07:23 ----SHD---- C:\System Volume Information
2009-01-17 12:07:23 ----D---- C:\WINDOWS\system32\Restore
2009-01-16 19:21:40 ----A---- C:\WINDOWS\wininit.ini
2009-01-16 07:53:07 ----SD---- C:\WINDOWS\Tasks
2009-01-14 23:22:56 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-14 23:22:56 ----D---- C:\WINDOWS\system32\drivers
2009-01-14 23:22:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-10 10:37:30 ----SHD---- C:\WINDOWS\Installer
2009-01-10 10:37:08 ----HD---- C:\Config.Msi
2009-01-10 10:34:29 ----D---- C:\Program Files\Java
2009-01-10 01:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-02 18:46:42 ----D---- C:\WINDOWS\network diagnostic
2008-12-29 21:48:43 ----D---- C:\Program Files\Research Insight
2008-12-27 15:14:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-27 14:34:22 ----D---- C:\Program Files\QuickTime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-09 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-30 1120352]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-02 1480704]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-10 130048]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-02-09 142720]
R3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-02-15 401664]
R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-02-15 30363]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
R3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-02-15 148168]
R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-02-15 30189]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-10 191936]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-02-01 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-02-01 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-02-01 21568]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-07-06 561152]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-02 405504]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2006-02-15 258103]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-01-10 98304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-10 152984]
R2 McAfeeFramework;Service Framework McAfee; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-19 20:10:27

======Uninstall list======

-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
ActivationManager-->"C:\Program Files\ActivationManager\Uninstall.exe"
Ad-Aware 2007-->MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Installer 4.00.B5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe" -l0x40c
Astuce du jour GroupWise C3PO-->C:\Novell\GroupWise\gwtip.exe /uninstall
ATI Catalyst Control Center-->MsiExec.exe /I{DFEDA4ED-E67D-4E5E-8FDE-C628B4DCA01B}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Diaporama version 3.0.0.1-->"C:\Program Files\SoftChris\Diaporama\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Favorit-->"c:\documents and settings\user\local settings\application data\wasya.exe" -uninstall
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
FinePixViewer Resource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x40c
FinePixViewer Ver.5.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x40c
Fingerprint Sensor Minimum Install-->MsiExec.exe /I{2F0D3C9E-4FB6-4A14-B0C4-42328F570177}
Free Mp3 Wma Converter V 1.7.2-->"C:\Program Files\Free Audio Pack\unins000.exe"
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GroupWise-->C:\WINDOWS\IsUn040c.exe -fC:\Novell\GroupWise\DeIsL1.isu -cC:\WINDOWS\system32\gwuninst.dll
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Mobile Data Protection System-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75ECB75A-522C-4312-8DE7-597CDA9D96A3}\setup.exe" -l0x40c UNINSTALL
HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Quick Launch Buttons 6.00 D2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c -removeonly uninst
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Support Phone Numbers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7485CE5-C004-44D6-AA3E-7EE4DFE2B70E}\setup.exe" -l0x40c -removeonly
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
ImageMixer VCD2 LE for FinePix-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x40c
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java 2 Runtime Environment, SE v1.4.2_11-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142110}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
McAfee VirusScan Enterprise-->MsiExec.exe /I{4DCA2739-9D16-4B55-808C-E72CD70A5BD3}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{9017040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Momindum Studio version 1.0.2-->"C:\Program Files\Momindum Studio\unins000.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG2 Codec(libmpeg2/mad)-->"C:\Program Files\GNU\MPEG2\Uninstall.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Paint Shop Pro 7 Try And Buy-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Paint.NET v3.20-->MsiExec.exe /X{C1CAAF9E-2A80-4AD0-8D9A-B4327966249F}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Rainlendar (remove only)-->"C:\Program Files\Rainlendar\uninst.exe"
RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x40c
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Research Insight-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8959B4B5-ED48-11D4-8909-0001023E247F}\Setup.exe" anything
Scribus 1.3.4-->C:\Program Files\Scribus 1.3.4\uninst.exe
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly
SPSS 14.0 for Windows-->MsiExec.exe /X{0AE19D89-17A9-404D-932A-FAAF43F3C77E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1036
The Economist Screen Saver-->C:\WINDOWS\system32\The Economist.scr /u
vanBasco's Karaoke Player-->C:\Program Files\vanBasco's Karaoke Player\uninst.exe
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows NT Messaging-->RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

System event log

Computer Name: PIERRE
Event Code: 1003
Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001302578D37. Il s'est
produit l'erreur suivante :
L'opération a été annulée par l'utilisateur.
.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Record Number: 283418
Source Name: Dhcp
Time Written: 20090116190404.000000+000
Event Type: Avertissement
User:

Computer Name: PIERRE
Event Code: 1003
Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001302578D37. Il s'est
produit l'erreur suivante :
L'opération a été annulée par l'utilisateur.
.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Record Number: 283417
Source Name: Dhcp
Time Written: 20090116190401.000000+000
Event Type: Avertissement
User:

Computer Name: PIERRE
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 283416
Source Name: EventLog
Time Written: 20090116190359.000000+000
Event Type: Informations
User:

Computer Name: PIERRE
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 283415
Source Name: EventLog
Time Written: 20090116190359.000000+000
Event Type: Informations
User:

Computer Name: PIERRE
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : arrêté.

Record Number: 283414
Source Name: Service Control Manager
Time Written: 20090112222617.000000+000
Event Type: Informations
User:

Application event log

Computer Name: PIERRE
Event Code: 2200
Message: Démarrage réussi de Déclencheurs Message Queuing.

Record Number: 5
Source Name: MSMQTriggers
Time Written: 20081001231649.000000+060
Event Type: Informations
User:

Computer Name: PIERRE
Event Code: 2028
Message: Le service Message Queuing a démarré.

Record Number: 4
Source Name: MSMQ
Time Written: 20081001231649.000000+060
Event Type: Informations
User:

Computer Name: PIERRE
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20081001231649.000000+060
Event Type: Informations
User:

Computer Name: PIERRE
Event Code: 0
Message:
Record Number: 2
Source Name: btwdins
Time Written: 20081001231643.000000+060
Event Type: Informations
User:

Computer Name: PIERRE
Event Code: 2444
Message: MS DTC a été lancé avec les paramètres suivants :



Configuration de la sécurité (Désactivée = 0 et Activée = 1) :

Administration réseau des transactions = 0,

Clients réseau = 0,

Transactions entrantes distribuées à l'aide du protocole MSDTC natif = 0,

Transactions sortantes distribuées à l'aide du protocole MSDTC natif = 0,

TIP (Transactio
répondre
dédétraqué le 20 janvier 2009 à 00h02
Salut piotr12


1)
  • Télécharge UsbFix (de Chiquitine29) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix sur ton Bureau.
  • Choisis l'option Nettoyage.
  • Le PC va redémarrer.
  • Après redémarrage, poste le rapport UsbFix.txt

    • Note : le rapport UsbFix.txt est sauvegardé à la racine du disque C:\UsbFix.txt.


    -----

    2)
    Télécharge SDFix par AndyManchesta sur le Bureau :

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe


    Double clic sur SDFix.exe sur le bureau et clic sur Install , choisi le bureau pour l’intallation et un dossier sera créer sur le bureau.


    Redémarre ton PC en mode sans échec :

    Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur.


    Ouvre le dossier SDFix sur le bureau et double clique sur RunThis.bat, appuie sur Y pour lancer le nettoyage.

    Il y aura redémarrage, quand Finished s’affichera appuie sur un touche pour terminer.

    Poste le rapport qui se trouve dans le dossier SDFix sous le nom de Report.txt dans ta prochaine réponse.


    -----

    3)
    Télécharge combofix.exe (de sUBs) sur le bureau :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://subs.geekstogo.com/ComboFix.exe

    Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
    http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm


    ==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

    Double clique sur combofix.exe, clique sur OUI et valide par Entrée

    Il te sera demandé d’installer la console si elle n’est pas installer, clique sur NON

    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\ Combofix.txt

    Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


    @++ :)
    répondre
    piotr12 le 20 janvier 2009 à 00h19
    ok merci beaucoup je reviens avec les resultats demain soir !
    répondre
    piotr12 le 20 janvier 2009 à 22h37
    Hello,

    le lien pour USBfix ne fonctionne pas, cela dit je n'ai pas de disque dur extern et n'utilise que tres peu ma clef usb...

    voici le rapport SDFix


    SDFix: Version 1.240
    Run by user on 20/01/2009 at 21:14

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\efcYSkKB.dll - Deleted
    C:\DOCUME~1\user\LOCALS~1\Temp\TMP1B.tmp - Deleted
    C:\DOCUME~1\user\LOCALS~1\Temp\TMP1D.tmp - Deleted
    C:\DOCUME~1\user\LOCALS~1\Temp\TMP1E.tmp - Deleted
    C:\DOCUME~1\user\LOCALS~1\Temp\TMP1F.tmp - Deleted
    C:\DOCUME~1\user\LOCALS~1\Temp\TMP20.tmp - Deleted
    C:\DOCUME~1\user\LOCALS~1\Temp\TMP24.tmp - Deleted
    C:\DOCUME~1\user\LOCALS~1\Temp\TMP35.tmp - Deleted
    C:\DOCUME~1\user\LOCALS~1\Temp\TMP3A.tmp - Deleted
    C:\DOCUME~1\user\LOCALS~1\Temp\TMP3E.tmp - Deleted
    C:\DOCUME~1\user\LOCALS~1\Temp\TMP3F.tmp - Deleted
    C:\DOCUME~1\user\LOCALS~1\Temp\TMP67.tmp - Deleted





    Removing Temp Files

    ADS Check :
    répondre
    piotr12 le 20 janvier 2009 à 22h57
    ComboFix

    ComboFix 09-01-19.05 - user 2009-01-20 21:40:58.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.467 [GMT 0:00]
    Lancé depuis: D:\Mesdocs\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\user\Local Settings\Application Data\wasya.dat
    C:\Documents and Settings\user\Local Settings\Application Data\wasya_nav.dat
    C:\Documents and Settings\user\Local Settings\Application Data\wasya_navps.dat
    C:\Program Files\ActivationManager
    C:\Program Files\ActivationManager\ActivationManager.dll
    C:\Program Files\ActivationManager\Uninstall.exe
    C:\WINDOWS\system32\abzdez.dll
    C:\WINDOWS\system32\adrnln.bin
    C:\WINDOWS\system32\ddcDvwXR.dll
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\eadrajlm.dll
    C:\WINDOWS\system32\egrupglc.dll
    C:\WINDOWS\system32\fnlxkaoe.dll
    C:\WINDOWS\system32\golxkx.dll
    C:\WINDOWS\system32\lrkkqqrd.dll
    C:\WINDOWS\system32\lyymvjad.dll
    C:\WINDOWS\system32\mljardae.ini
    C:\WINDOWS\system32\moiuwjgu.dll
    C:\WINDOWS\system32\nsprs.dll
    C:\WINDOWS\system32\obdyvjmb.dll
    C:\WINDOWS\system32\Packet.dll
    C:\WINDOWS\system32\pnkphfyc.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\RXwvDcdd.ini
    C:\WINDOWS\system32\RXwvDcdd.ini2
    C:\WINDOWS\system32\serauth1.dll
    C:\WINDOWS\system32\serauth2.dll
    C:\WINDOWS\system32\ugjwuiom.ini
    C:\WINDOWS\system32\WanPacket.dll
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\zpkdmb.dll
    C:\WINDOWS\Tasks\nfbwzaxx.job
    C:\WINDOWS\Tasks\uviruuwu.job

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://childhe.com
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Legacy_OREANS32
    -------\Service_NPF
    -------\Service_oreans32


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-20 au 2009-01-20 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-20 21:10 . 2009-01-20 21:10 <REP> d-------- C:\WINDOWS\ERUNT
    2009-01-20 20:59 . 2009-01-20 21:31 <REP> d-------- C:\SDFix
    2009-01-19 20:09 . 2009-01-19 20:10 <REP> d-------- C:\rsit
    2009-01-19 20:09 . 2009-01-19 20:10 <REP> d-------- C:\Program Files\trend micro
    2009-01-17 11:02 . 2009-01-17 11:02 <REP> d-------- C:\VundoFix Backups
    2009-01-16 08:08 . 2009-01-16 08:08 8,640 --a------ C:\WINDOWS\system32\msvtch.sys
    2009-01-16 08:06 . 2008-04-14 02:34 26,624 --a------ C:\WINDOWS\system32\stu2.exe
    2009-01-11 16:13 . 2009-01-19 23:35 <REP> d-------- C:\Documents and Settings\user\Application Data\BitTorrent
    2009-01-11 16:12 . 2009-01-20 21:45 <REP> d-------- C:\Program Files\DNA
    2009-01-11 16:12 . 2009-01-11 16:13 <REP> d-------- C:\Program Files\BitTorrent
    2009-01-11 16:12 . 2009-01-20 21:45 <REP> d-------- C:\Documents and Settings\user\Application Data\DNA
    2009-01-10 10:36 . 2009-01-10 10:34 410,984 --a------ C:\WINDOWS\system32\deploytk.dll
    2008-12-27 15:14 . 2008-12-27 15:14 <REP> d-------- C:\Program Files\iPod
    2008-12-27 15:13 . 2008-12-27 15:14 <REP> d-------- C:\Program Files\iTunes
    2008-12-27 15:13 . 2008-12-27 15:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-27 14:34 . 2008-12-27 14:34 <REP> d-------- C:\Program Files\Bonjour
    2008-12-27 14:31 . 2008-12-27 14:31 <REP> d-------- C:\Program Files\Apple Software Update

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-18 00:24 --------- d-----w C:\Documents and Settings\user\Application Data\Skype
    2009-01-17 21:58 --------- d-----w C:\Documents and Settings\user\Application Data\dvdcss
    2009-01-10 10:34 --------- d-----w C:\Program Files\Java
    2008-12-29 21:48 --------- d-----w C:\Program Files\Research Insight
    2008-12-27 14:34 --------- d-----w C:\Program Files\QuickTime
    2008-12-11 10:57 333,952 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-11-24 08:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-11-24 08:58 --------- d-----w C:\Program Files\Fichiers communs\Borland Shared
    2007-04-13 13:56 200,704 --sha-r C:\WINDOWS\DelAutorun.bat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:33 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 11:16 1833296]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2009-01-11 16:13 342848]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB1035"="command" [X]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11 925696]
    "AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2006-01-16 20:01 53248]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 12:43 45056]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 18:04 761945]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 13:39 131072]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 06:03 40960]
    "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 13:51 1187840]
    "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-01-23 14:11 802816]
    "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 13:43 892928]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 18:00 94208]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 01:50 139320]
    "Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 07:48 147514]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-01-10 10:34 136600]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 20:32 53248]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 14:24 54840]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-20 13:16 180269]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 09:45 63712]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-11-04 09:30 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-11-20 12:20 290088]
    "MsmqIntCert"="mqrt.dll" [2008-04-14 02:33 177152 C:\WINDOWS\system32\mqrt.dll]
    "AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 01:00 88203 C:\WINDOWS\AGRSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:33 15360]

    C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
    Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 12:31:46 118784]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-01 10:52:30 110592]
    BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-02-15 14:16:02 581693]
    Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-10-05 14:21:22 282624]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\mqsvc.exe"=
    "C:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "C:\\Novell\\GroupWise\\grpwise.exe"=
    "C:\\Novell\\GroupWise\\notify.exe"=
    "C:\\Program Files\\lanscan\\LanSC\\LanScan.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Java\\j2re1.4.2_11\\javaws\\javaws.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\BsSndRpt.exe"=
    "C:\\Program Files\\7-Zip\\7zFM.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\system32\\drivers\\svchost.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [2006-09-13 07:29:13 58464]
    R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\drivers\gtipci21.sys [2006-04-04 05:32:56 87936]
    R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\drivers\ifxtpm.sys [2005-06-10 13:26:00 35968]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11468ecf-f419-11dc-a758-001302578d37}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat
    \Shell\ɱ¶¾(&K)\command - H:\delautorun.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc547a3-481d-11db-998b-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24b789d0-fe4c-11dc-a763-001302578d37}]
    \Shell\AutoRun\command - G:\EmDesk.exe
    \Shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40d578a3-4caf-11db-8748-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4277d5c6-c08d-11dc-a712-001302578d37}]
    \Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{691bb0a3-4d5d-11db-a0e4-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4727c2-c2be-11dc-a716-001302578d37}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat
    \Shell\ɱ¶¾(&K)\command - G:\delautorun.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ff6c423-4d67-11db-9dc2-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9d091c9-4d74-11db-8c71-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1230ded-d37e-11dd-a87e-0016417ffc6b}]
    \Shell\AutoRun\command - G:\EmDesk.exe
    \Shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc1742a3-4d71-11db-a6da-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1d8d449-4d76-11db-842d-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c78ac8-9252-11dd-a829-0016417ffc6b}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat
    \Shell\ɱ¶¾(&K)\command - G:\delautorun.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea91676e-42e3-11db-b29b-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a13cec-bc75-11db-a58e-0016417ffc6b}]
    \Shell\AutoRun\command - G:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a13ced-bc75-11db-a58e-0016417ffc6b}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL delautorun.bat
    \Shell\ɱ¶¾(&K)\command - H:\delautorun.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db36ef-4d64-11db-a65d-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-01-20 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3F7F9831-88E7-45DB-AAC5-BE543C105491}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 10:58]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{08C10D8A-FBD5-4924-8B6A-554E9A7D16B2} - (no file)
    BHO-{2AE2AEE8-C05C-4EAA-B691-63B25685B696} - (no file)
    BHO-{52C0C75D-09CD-4E78-A81F-2186892DDAB5} - (no file)
    BHO-{B9CE1E0A-B989-496A-97AA-600A264A3A6A} - (no file)
    BHO-{D284632D-548C-4DEF-9585-35946BEA3976} - (no file)
    BHO-{ECBF01B5-2A1C-4F7E-B03C-84986FF1DEE0} - (no file)
    BHO-{F2EB3A13-9CBC-432C-8700-925EE466C821} - C:\WINDOWS\system32\ddcDvwXR.dll
    HKCU-Run-Mp4 Player - C:\Program Files\Mp4 Player\Mp4Player.exe
    Notify-efcYSkKB - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/ig
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = proxybiblio.hec.fr:8080
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
    FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-20 21:47:47
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???@P??????(?@???????@

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(892)
    C:\WINDOWS\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(948)
    C:\WINDOWS\system32\EntApi.dll
    .
    répondre
    dédétraqué le 21 janvier 2009 à 02h13
    Salut piotr12


    - Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

    - Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :

    KillAll::

    File::
    C:\WINDOWS\system32\stu2.exe
    C:\WINDOWS\DelAutorun.bat
    C:\WINDOWS\system32\msvtch.sys

    DirLook::

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB1035"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\drivers\\svchost.exe"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11468ecf-f419-11dc-a758-001302578d37}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4727c2-c2be-11dc-a716-001302578d37}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c78ac8-9252-11dd-a829-0016417ffc6b}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a13ced-bc75-11db-a58e-0016417ffc6b}]


    - Enregistre ce fichier sur le bureau (Impératif)

    -Nom du fichier : CFScript.txt
    -Type du fichier : tous les fichiers

    - Clique sur Enregistrer et quitte le Bloc Notes

    Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

    - Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

    < inclued picture >

    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ ComboFix.txt


    -------


    Vérifie bien ta clé USB, sinon tu vas réinfecté ton PC, voici les fichiers suspects :

    G:\delautorun.bat
    H:\delautorun.bat


    Il te faut maintenant nettoyer tes clefs USB/disques dur externes, pour cela :

    SURTOUT ne pas double-cliquer sur le disque dans le poste de travail

    * Ouvre le poste de travail
    * Clic sur le menu outils en haut à droite puis options des dossiers
    * Dans la nouvelle fenêtre, clic sur l'onglet Affichage en haut
    * Coche dans la liste "Afficher les fichiers cachés"
    * Décoche "masquer les fichier proteger du systeme d exploitation (recommandée)"
    * Tu vas recevoir un message qui te dit que cela peut endommager le système, n'en tiens pas compte.
    * Ouvrez le poste de travail
    * Pour chaque disque dans le poste de travail : Fais un clic droit sur le disque dur - surtout ne double-clic pas dessus!!!
    * Choisis ouvrir dans le menu déroulant.
    * Cherche un fichier autorun.inf et des fichiers suspects
    * Si présents, supprimez le en faisant un clic droit puis supprimer.
    * Répétez l'opération sur tous les disques se trouvant dans le poste de travail.



    @++ :)
    répondre
    piotr12 le 22 janvier 2009 à 00h10
    Bonsoir,

    merci et voici le rapport :

    ComboFix 09-01-19.05 - user 2009-01-21 22:59:21.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.677 [GMT 0:00]
    Lancé depuis: d:\mesdocs\Bureau\ComboFix.exe
    Commutateurs utilisés :: d:\mesdocs\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    c:\windows\DelAutorun.bat
    c:\windows\system32\msvtch.sys
    c:\windows\system32\stu2.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\DelAutorun.bat
    c:\windows\system32\msvtch.sys
    c:\windows\system32\stu2.exe
    .
    ---- Exécution préalable -------
    .
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\user\Local Settings\Application Data\wasya.dat
    c:\documents and settings\user\Local Settings\Application Data\wasya_nav.dat
    c:\documents and settings\user\Local Settings\Application Data\wasya_navps.dat
    c:\program files\ActivationManager
    c:\program files\ActivationManager\ActivationManager.dll
    c:\program files\ActivationManager\Uninstall.exe
    c:\windows\system32\abzdez.dll
    c:\windows\system32\adrnln.bin
    c:\windows\system32\ddcDvwXR.dll
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\eadrajlm.dll
    c:\windows\system32\egrupglc.dll
    c:\windows\system32\fnlxkaoe.dll
    c:\windows\system32\golxkx.dll
    c:\windows\system32\lrkkqqrd.dll
    c:\windows\system32\lyymvjad.dll
    c:\windows\system32\mljardae.ini
    c:\windows\system32\moiuwjgu.dll
    c:\windows\system32\nsprs.dll
    c:\windows\system32\obdyvjmb.dll
    c:\windows\system32\Packet.dll
    c:\windows\system32\pnkphfyc.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\RXwvDcdd.ini
    c:\windows\system32\RXwvDcdd.ini2
    c:\windows\system32\serauth1.dll
    c:\windows\system32\serauth2.dll
    c:\windows\system32\ugjwuiom.ini
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll
    c:\windows\system32\zpkdmb.dll
    c:\windows\Tasks\nfbwzaxx.job
    c:\windows\Tasks\uviruuwu.job

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Legacy_OREANS32
    -------\Service_NPF
    -------\Service_oreans32


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-21 au 2009-01-21 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-20 21:10 . 2009-01-20 21:10 <REP> d-------- c:\windows\ERUNT
    2009-01-20 20:59 . 2009-01-20 21:31 <REP> d-------- C:\SDFix
    2009-01-19 20:09 . 2009-01-19 20:10 <REP> d-------- C:\rsit
    2009-01-19 20:09 . 2009-01-19 20:10 <REP> d-------- c:\program files\trend micro
    2009-01-17 11:02 . 2009-01-17 11:02 <REP> d-------- C:\VundoFix Backups
    2009-01-11 16:13 . 2009-01-19 23:35 <REP> d-------- c:\documents and settings\user\Application Data\BitTorrent
    2009-01-11 16:12 . 2009-01-21 23:02 <REP> d-------- c:\program files\DNA
    2009-01-11 16:12 . 2009-01-11 16:13 <REP> d-------- c:\program files\BitTorrent
    2009-01-11 16:12 . 2009-01-21 23:02 <REP> d-------- c:\documents and settings\user\Application Data\DNA
    2009-01-10 10:36 . 2009-01-10 10:34 410,984 --a------ c:\windows\system32\deploytk.dll
    2008-12-27 15:14 . 2008-12-27 15:14 <REP> d-------- c:\program files\iPod
    2008-12-27 15:13 . 2008-12-27 15:14 <REP> d-------- c:\program files\iTunes
    2008-12-27 15:13 . 2008-12-27 15:14 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-27 14:34 . 2008-12-27 14:34 <REP> d-------- c:\program files\Bonjour
    2008-12-27 14:31 . 2008-12-27 14:31 <REP> d-------- c:\program files\Apple Software Update

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-18 00:24 --------- d-----w c:\documents and settings\user\Application Data\Skype
    2009-01-17 21:58 --------- d-----w c:\documents and settings\user\Application Data\dvdcss
    2009-01-10 10:34 --------- d-----w c:\program files\Java
    2008-12-29 21:48 --------- d-----w c:\program files\Research Insight
    2008-12-27 14:34 --------- d-----w c:\program files\QuickTime
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-11-24 08:58 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-24 08:58 --------- d-----w c:\program files\Fichiers communs\Borland Shared
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2EB3A13-9CBC-432C-8700-925EE466C821}]
    c:\windows\system32\ddcDvwXR.dll [BU]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Mp4 Player"="c:\program files\Mp4 Player\Mp4Player.exe" [BU]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-11 342848]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB1035"="command" [X]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-16 53248]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
    "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816]
    "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
    "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
    "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
    "Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-20 180269]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
    "AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 c:\windows\AGRSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\user\Menu D‚marrer\Programmes\D‚marrage\
    Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2006-01-21 118784]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-01 110592]
    BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-02-15 581693]
    Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2006-10-05 282624]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYSkKB]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "c:\\Novell\\GroupWise\\grpwise.exe"=
    "c:\\Novell\\GroupWise\\notify.exe"=
    "c:\\Program Files\\lanscan\\LanSC\\LanScan.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Java\\j2re1.4.2_11\\javaws\\javaws.exe"=
    "c:\\Program Files\\Veoh Networks\\Veoh\\BsSndRpt.exe"=
    "c:\\Program Files\\7-Zip\\7zFM.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-09-13 58464]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-04-04 87936]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-06-10 35968]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc547a3-481d-11db-998b-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24b789d0-fe4c-11dc-a763-001302578d37}]
    \Shell\AutoRun\command - G:\EmDesk.exe
    \Shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40d578a3-4caf-11db-8748-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4277d5c6-c08d-11dc-a712-001302578d37}]
    \Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{691bb0a3-4d5d-11db-a0e4-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ff6c423-4d67-11db-9dc2-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9d091c9-4d74-11db-8c71-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1230ded-d37e-11dd-a87e-0016417ffc6b}]
    \Shell\AutoRun\command - G:\EmDesk.exe
    \Shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc1742a3-4d71-11db-a6da-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1d8d449-4d76-11db-842d-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea91676e-42e3-11db-b29b-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a13cec-bc75-11db-a58e-0016417ffc6b}]
    \Shell\AutoRun\command - G:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db36ef-4d64-11db-a65d-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-01-21 c:\windows\Tasks\User_Feed_Synchronization-{3F7F9831-88E7-45DB-AAC5-BE543C105491}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{08C10D8A-FBD5-4924-8B6A-554E9A7D16B2} - (no file)
    BHO-{2AE2AEE8-C05C-4EAA-B691-63B25685B696} - (no file)
    BHO-{52C0C75D-09CD-4E78-A81F-2186892DDAB5} - (no file)
    BHO-{B9CE1E0A-B989-496A-97AA-600A264A3A6A} - (no file)
    BHO-{D284632D-548C-4DEF-9585-35946BEA3976} - (no file)
    BHO-{ECBF01B5-2A1C-4F7E-B03C-84986FF1DEE0} - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/ig
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = proxybiblio.hec.fr:8080
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-21 23:03:19
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???@P??????(?@???????@

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(964)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(1020)
    c:\windows\system32\EntApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\scardsvr.exe
    c:\windows\system32\msdtc.exe
    c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Network Associates\Common Framework\FrameworkService.exe
    c:\program files\Network Associates\VirusScan\Mcshield.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Network Associates\VirusScan\VsTskMgr.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    c:\windows\system32\mqsvc.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\system32\mqtgsvc.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\progra~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-21 23:07:34 - La machine a redémarré [user]
    ComboFix-quarantined-files.txt 2009-01-21 23:07:26

    Avant-CF: 8,256,061,440 octets libres
    Après-CF: 8,262,823,936 octets libres

    282 --- E O F --- 2009-01-14 23:23:02
    répondre
    dédétraqué le 22 janvier 2009 à 00h27
    Salut piotr12


    Télécharge Navilog1 (de IL-MAFIOSO) sur le bureau http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    - Double clic sur Navilog1.exe afin de lancer l'installation

    - Si le fix ne lance pas automatiquement après son installation

    - Double clic sur navilog1 présent sur le bureau

    - Appuie sur F ou f valide par Entrée

    - Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

    - Choisis l'option 1 appuie sur la touche Entrée pour valider ton choix.

    - Patiente jusqu'au message : *** Analyse Termine le ..... ***

    - Le scan fini un rapport portant ce fixnavi.txt sera affiché poste le contenu de ce rapport.
    - Si le résultat du scan ne s'affiche pas tu le trouvera dans C:\fixnavi.txt.

    Note : Désactive ton Antivirus et antispyware
    http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm


    N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan


    @++ :)
    répondre
    piotr12 le 22 janvier 2009 à 00h45
    voici ce que çq donne :

    Search Navipromo version 3.7.1 commencé le 21/01/2009 à 23:37:20,32

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2400 @ 1.83GHz )
    BIOS : KBC Version 40.16
    USER : user ( Administrator )
    BOOT : Normal boot




    C:\ (Local Disk) - NTFS - Total:24 Go (Free:7 Go)
    D:\ (Local Disk) - NTFS - Total:42 Go (Free:3 Go)
    E:\ (Local Disk) - FAT32 - Total:7 Go (Free:6 Go)
    F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)


    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    Favorit

    *** Recherche dossiers dans "C:\WINDOWS" ***


    *** Recherche dossiers dans "C:\Program Files" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\user\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\user\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\user\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\user\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *



    *** Recherche fichiers ***



    *** Recherche clés spécifiques dans le Registre ***
    !! Les clés trouvées ne sont pas forcément infectées !!


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :


    * Dans "C:\Documents and Settings\user\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" :


    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group trouvé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit trouvé !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche autres dossiers et fichiers connus :



    *** Analyse terminée le 21/01/2009 à 23:44:19,00 ***
    répondre
    dédétraqué le 22 janvier 2009 à 00h50
    Salut piotr12


    Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
    Au menu principal, choisis l’option 2 (Désinfection automatique) et valide.
    Appuie sur une touche comme demandé.
    (Si ton PC ne redémarre pas automatiquement, fais le toi même)
    Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.

    Patiente jusqu'au message :
    *** Nettoyage Termine le ..... ***
    Le bloc note va s'ouvrir.
    Referme le bloc note. Ton bureau va réapparaître

    PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
    Tape explorer et valide. Cela te fera apparaître ton bureau

    Note : Désactive ton Antivirus et antispyware

    Supprime ce dossier C:\rsit

    Refais un scan avec RSIT et poste les rapports log.txt et info.txt à la fin de l’analyse.


    @++ :)
    répondre
    piotr12 le 22 janvier 2009 à 01h06
    info.txt logfile of random's system information tool 1.05 2009-01-22 00:03:25

    ======Uninstall list======

    -->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
    Ad-Aware 2007-->MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
    Agere Systems HDA Modem-->agrsmdel
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Application Installer 4.00.B5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe" -l0x40c
    Astuce du jour GroupWise C3PO-->C:\Novell\GroupWise\gwtip.exe /uninstall
    ATI Catalyst Control Center-->MsiExec.exe /I{DFEDA4ED-E67D-4E5E-8FDE-C628B4DCA01B}
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CamStudio-->C:\Program Files\CamStudio\uninstall.exe
    Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
    Diaporama version 3.0.0.1-->"C:\Program Files\SoftChris\Diaporama\unins000.exe"
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Favorit-->"c:\documents and settings\user\local settings\application data\wasya.exe" -uninstall
    FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
    FinePixViewer Resource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x40c
    FinePixViewer Ver.5.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x40c
    Fingerprint Sensor Minimum Install-->MsiExec.exe /I{2F0D3C9E-4FB6-4A14-B0C4-42328F570177}
    Free Mp3 Wma Converter V 1.7.2-->"C:\Program Files\Free Audio Pack\unins000.exe"
    FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
    GroupWise-->C:\WINDOWS\IsUn040c.exe -fC:\Novell\GroupWise\DeIsL1.isu -cC:\WINDOWS\system32\gwuninst.dll
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
    HP Mobile Data Protection System-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75ECB75A-522C-4312-8DE7-597CDA9D96A3}\setup.exe" -l0x40c UNINSTALL
    HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
    HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
    HP Quick Launch Buttons 6.00 D2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c -removeonly uninst
    HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Support Phone Numbers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7485CE5-C004-44D6-AA3E-7EE4DFE2B70E}\setup.exe" -l0x40c -removeonly
    HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
    ImageMixer VCD2 LE for FinePix-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x40c
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java 2 Runtime Environment, SE v1.4.2_11-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142110}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    McAfee VirusScan Enterprise-->MsiExec.exe /I{4DCA2739-9D16-4B55-808C-E72CD70A5BD3}
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office FrontPage 2003-->MsiExec.exe /I{9017040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Momindum Studio version 1.0.2-->"C:\Program Files\Momindum Studio\unins000.exe"
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MPEG2 Codec(libmpeg2/mad)-->"C:\Program Files\GNU\MPEG2\Uninstall.exe"
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Navilog1 3.7.1-->"C:\Program Files\Navilog1\unins000.exe"
    OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
    Paint Shop Pro 7 Try And Buy-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
    Paint.NET v3.20-->MsiExec.exe /X{C1CAAF9E-2A80-4AD0-8D9A-B4327966249F}
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Rainlendar (remove only)-->"C:\Program Files\Rainlendar\uninst.exe"
    RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x40c
    RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Research Insight-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8959B4B5-ED48-11D4-8909-0001023E247F}\Setup.exe" anything
    Scribus 1.3.4-->C:\Program Files\Scribus 1.3.4\uninst.exe
    Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
    SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly
    SPSS 14.0 for Windows-->MsiExec.exe /X{0AE19D89-17A9-404D-932A-FAAF43F3C77E}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
    Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1036
    The Economist Screen Saver-->C:\WINDOWS\system32\The Economist.scr /u
    vanBasco's Karaoke Player-->C:\Program Files\vanBasco's Karaoke Player\uninst.exe
    VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
    VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows NT Messaging-->RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    System event log

    Computer Name: PIERRE
    Event Code: 15
    Message: Broadcom NetXtreme Gigabit Ethernet: Driver initialized successfully.

    Record Number: 283419
    Source Name: b57w2k
    Time Written: 20090116190407.000000+000
    Event Type: Informations
    User:

    Computer Name: PIERRE
    Event Code: 1003
    Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
    du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001302578D37. Il s'est
    produit l'erreur suivante :
    L'opération a été annulée par l'utilisateur.
    .
    Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
    serveur d'adresse réseau (DHCP).

    Record Number: 283418
    Source Name: Dhcp
    Time Written: 20090116190404.000000+000
    Event Type: Avertissement
    User:

    Computer Name: PIERRE
    Event Code: 1003
    Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
    du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001302578D37. Il s'est
    produit l'erreur suivante :
    L'opération a été annulée par l'utilisateur.
    .
    Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
    serveur d'adresse réseau (DHCP).

    Record Number: 283417
    Source Name: Dhcp
    Time Written: 20090116190401.000000+000
    Event Type: Avertissement
    User:

    Computer Name: PIERRE
    Event Code: 6005
    Message: Le service d'Enregistrement d'événement a démarré.

    Record Number: 283416
    Source Name: EventLog
    Time Written: 20090116190359.000000+000
    Event Type: Informations
    User:

    Computer Name: PIERRE
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

    Record Number: 283415
    Source Name: EventLog
    Time Written: 20090116190359.000000+000
    Event Type: Informations
    User:

    Application event log

    Computer Name: PIERRE
    Event Code: 2200
    Message: Démarrage réussi de Déclencheurs Message Queuing.

    Record Number: 5
    Source Name: MSMQTriggers
    Time Written: 20081001231649.000000+060
    Event Type: Informations
    User:

    Computer Name: PIERRE
    Event Code: 2028
    Message: Le service Message Queuing a démarré.

    Record Number: 4
    Source Name: MSMQ
    Time Written: 20081001231649.000000+060
    Event Type: Informations
    User:

    Computer Name: PIERRE
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 3
    Source Name: SecurityCenter
    Time Written: 20081001231649.000000+060
    Event Type: Informations
    User:

    Computer Name: PIERRE
    Event Code: 0
    Message:
    Record Number: 2
    Source Name: btwdins
    Time Written: 20081001231643.000000+060
    Event Type: Informations
    User:

    Computer Name: PIERRE
    Event Code: 2444
    Message: MS DTC a été lancé avec les paramètres suivants :



    Configuration de la sécurité (Désactivée = 0 et Activée = 1) :

    Administration réseau des transactions = 0,

    Clients réseau = 0,

    Transactions entrantes distribuées à l'aide du protocole MSDTC natif = 0,

    Transactions sortantes distribuées à l'aide du protocole MSDTC natif = 0,

    TIP (Transaction Internet Protocol) = 0,

    Transactions XA = 0
    Record Number: 1
    Source Name: MSDTC
    Time Written: 20081001231642.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
    "PROCESSOR_REVISION"=0e08
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by user at 2009-01-22 00:03:14
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 8 GB (31%) free of 25 GB
    Total RAM: 1023 MB (35% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:03:21, on 22/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\AccelerometerSt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    D:\Mesdocs\Bureau\RSIT.exe
    C:\Program Files\trend micro\user.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxybiblio.hec.fr:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {F2EB3A13-9CBC-432C-8700-925EE466C821} - C:\WINDOWS\system32\ddcDvwXR.dll (file missing)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1035] command /c del "C:\WINDOWS\system32\lyrbgbeg.dll_old"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: efcYSkKB - C:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 10641 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{3F7F9831-88E7-45DB-AAC5-BE543C105491}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2EB3A13-9CBC-432C-8700-925EE466C821}]
    C:\WINDOWS\system32\ddcDvwXR.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsmqIntCert"=regsvr32 /s mqrt.dll []
    "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-30 88203]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
    "AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.exe [2006-01-16 53248]
    "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-10 761945]
    "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-02 131072]
    "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-02-22 40960]
    "Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
    "Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-01-23 802816]
    "Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
    "ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
    "McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]
    "Network Associates Error Reporting Service"=C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-10 136600]
    "REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-11-20 180269]
    "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "Mp4 Player"=C:\Program Files\Mp4 Player\Mp4Player.exe hmw []
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
    "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-01-11 342848]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB1035"=command /c del C:\WINDOWS\system32\lyrbgbeg.dll_old []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Documents and Settings\user\Menu Démarrer\Programmes\Démarrage
    Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-03-02 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcYSkKB]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=
    "NoDriveAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
    "C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
    "C:\Novell\GroupWise\grpwise.exe"="C:\Novell\GroupWise\grpwise.exe:*:Enabled:GroupWise"
    "C:\Novell\GroupWise\notify.exe"="C:\Novell\GroupWise\notify.exe:*:Enabled:GroupWise Notify"
    "C:\Program Files\lanscan\LanSC\LanScan.exe"="C:\Program Files\lanscan\LanSC\LanScan.exe:*:Enabled:LanScanner"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
    "C:\Program Files\Java\j2re1.4.2_11\javaws\javaws.exe"="C:\Program Files\Java\j2re1.4.2_11\javaws\javaws.exe:*:Enabled:Java Web Start"
    "C:\Program Files\Veoh Networks\Veoh\BsSndRpt.exe"="C:\Program Files\Veoh Networks\Veoh\BsSndRpt.exe:*:Enabled:BsSndRpt.exe"
    "C:\Program Files\7-Zip\7zFM.exe"="C:\Program Files\7-Zip\7zFM.exe:*:Enabled:7-Zip File Manager"
    "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:LocalSubNet:Enabled:Veoh Client"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc547a3-481d-11db-998b-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24b789d0-fe4c-11dc-a763-001302578d37}]
    shell\AutoRun\command - G:\EmDesk.exe
    shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40d578a3-4caf-11db-8748-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4277d5c6-c08d-11dc-a712-001302578d37}]
    shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{691bb0a3-4d5d-11db-a0e4-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ff6c423-4d67-11db-9dc2-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9d091c9-4d74-11db-8c71-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1230ded-d37e-11dd-a87e-0016417ffc6b}]
    shell\AutoRun\command - G:\EmDesk.exe
    shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc1742a3-4d71-11db-a6da-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1d8d449-4d76-11db-842d-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea91676e-42e3-11db-b29b-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a13cec-bc75-11db-a58e-0016417ffc6b}]
    shell\AutoRun\command - G:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db36ef-4d64-11db-a65d-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


    ======List of files/folders created in the last 1 months======

    2009-01-22 00:03:14 ----D---- C:\rsit
    2009-01-22 00:03:02 ----SHD---- C:\RECYCLER
    2009-01-21 23:56:41 ----A---- C:\WINDOWS\system32\Process.exe
    2009-01-21 23:56:41 ----A---- C:\cleannavi.txt
    2009-01-21 23:37:20 ----A---- C:\fixnavi.txt
    2009-01-21 23:36:20 ----D---- C:\Program Files\Navilog1
    2009-01-21 23:07:41 ----A---- C:\ComboFix.txt
    2009-01-21 23:00:48 ----D---- C:\WINDOWS\temp
    2009-01-20 21:52:22 ----D---- C:\WINDOWS\Minidump
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\zip.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\VFIND.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\SWSC.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\SWREG.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\sed.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\grep.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\fdsv.exe
    2009-01-20 21:39:32 ----D---- C:\WINDOWS\ERDNT
    2009-01-20 21:39:32 ----D---- C:\Qoobox
    2009-01-20 21:10:10 ----D---- C:\WINDOWS\ERUNT
    2009-01-20 20:59:30 ----D---- C:\SDFix
    2009-01-19 20:09:59 ----D---- C:\Program Files\trend micro
    2009-01-18 13:13:18 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-01-17 11:02:33 ----D---- C:\VundoFix Backups
    2009-01-17 11:02:33 ----A---- C:\VundoFix.txt
    2009-01-15 22:18:11 ----A---- C:\WINDOWS\system32\185f160c-.txt
    2009-01-14 23:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-11 16:13:07 ----D---- C:\Documents and Settings\user\Application Data\BitTorrent
    2009-01-11 16:12:49 ----D---- C:\Program Files\DNA
    2009-01-11 16:12:49 ----D---- C:\Documents and Settings\user\Application Data\DNA
    2009-01-11 16:12:48 ----D---- C:\Program Files\BitTorrent
    2009-01-10 10:36:36 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-01-10 10:36:36 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-01-10 10:36:36 ----A---- C:\WINDOWS\system32\java.exe
    2009-01-10 10:36:36 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-01-09 23:24:34 ----D---- C:\Documents and Settings\user\Application Data\Google
    2008-12-27 15:14:01 ----D---- C:\Program Files\iPod
    2008-12-27 15:13:53 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-27 15:13:52 ----D---- C:\Program Files\iTunes
    2008-12-27 14:34:42 ----D---- C:\Program Files\Bonjour
    2008-12-27 14:31:35 ----D---- C:\Program Files\Apple Software Update

    ======List of files/folders modified in the last 1 months======

    2009-01-22 00:03:07 ----D---- C:\WINDOWS
    2009-01-22 00:01:29 ----D---- C:\WINDOWS\SMINST
    2009-01-21 23:59:40 ----D---- C:\WINDOWS\system32
    2009-01-21 23:58:08 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-21 23:36:20 ----RD---- C:\Program Files
    2009-01-21 23:10:44 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-21 23:07:46 ----D---- C:\WINDOWS\system32\drivers
    2009-01-21 23:06:10 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-01-21 23:03:28 ----A---- C:\WINDOWS\system.ini
    2009-01-21 23:00:27 ----D---- C:\WINDOWS\AppPatch
    2009-01-21 23:00:27 ----D---- C:\Program Files\Fichiers communs
    2009-01-20 21:43:31 ----D---- C:\WINDOWS\system32\config
    2009-01-20 21:42:03 ----SD---- C:\WINDOWS\Tasks
    2009-01-20 21:34:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-01-20 20:54:01 ----A---- C:\WINDOWS\WPCMAPI.INI
    2009-01-19 20:10:02 ----D---- C:\WINDOWS\Prefetch
    2009-01-19 19:04:55 ----D---- C:\quarantine
    2009-01-18 00:24:57 ----D---- C:\Documents and Settings\user\Application Data\Skype
    2009-01-18 00:10:25 ----HD---- C:\WINDOWS\inf
    2009-01-17 21:58:41 ----D---- C:\Documents and Settings\user\Application Data\dvdcss
    2009-01-17 12:07:23 ----SHD---- C:\System Volume Information
    2009-01-17 12:07:23 ----D---- C:\WINDOWS\system32\Restore
    2009-01-16 19:21:40 ----A---- C:\WINDOWS\wininit.ini
    2009-01-14 23:22:56 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-01-14 23:22:35 ----HD---- C:\WINDOWS\$hf_mig$
    2009-01-10 10:37:30 ----SHD---- C:\WINDOWS\Installer
    2009-01-10 10:37:08 ----HD---- C:\Config.Msi
    2009-01-10 10:34:29 ----D---- C:\Program Files\Java
    2009-01-10 01:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-01-02 18:46:42 ----D---- C:\WINDOWS\network diagnostic
    2008-12-29 21:48:43 ----D---- C:\Program Files\Research Insight
    2008-12-27 15:14:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-12-27 14:34:22 ----D---- C:\Program Files\QuickTime

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
    R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464]
    R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-09 22016]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
    R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-30 1120352]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-02 1480704]
    R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-10 130048]
    R3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-02-15 401664]
    R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-02-15 30363]
    R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
    R3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-02-15 148168]
    R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-02-15 30189]
    R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]
    R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
    R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
    R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
    R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480]
    R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-10 191936]
    R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
    S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
    S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
    S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
    S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
    S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-02-09 142720]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
    S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-02-01 49664]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-02-01 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-02-01 21568]
    S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-07-06 561152]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-02 405504]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2006-02-15 258103]
    R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-01-10 98304]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-10 152984]
    R2 McAfeeFramework;Service Framework McAfee; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
    R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191]
    R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
    R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
    S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
    S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------
    répondre
    dédétraqué le 22 janvier 2009 à 01h18
    Salut piotr12


    Tu-as bien fais l'option 2 avec Navilog1?
    Le fichier est encore présent :
    Favorit-->"c:\documents and settings\user\local settings\application data\wasya.exe" -uninstall


    @++ :)
    répondre
    piotr12 le 27 janvier 2009 à 18h20
    Salut Dedetraque,

    desole mais je n'ai pas eu acces a mon pc la semaine derniere (deplacement)
    j'ai fait Navilog1 mais la premiere fois, au moment du redemarrage j'ai eu une erreur fatale, puis la 2e fois rien au redemarrage, et rien la 3e...
    "
    Favorit-->"c:\documents and settings\user\local settings\application data\wasya.exe" -uninstall
    "
    C'est une procedure que je dois suivre ?

    Maintenant je m'apercois que j'ai toujours les fenetres de pub sur IE ("topup qqch") et Mcaffee detecte sans arret Bo:heap, debordement de la memoire tampon.
    Ma connexion internet est aussi devenue tres lente
    Y comprends tu quelque chose ?
    Mon retour sur ce poste ne se fait pas sous les meilleurs hospices apparemment...
    répondre
    dédétraqué le 28 janvier 2009 à 00h21
    Salut piotr12


    Supprime ce dossier C:\rsit

    Refais un scan avec RSIT et poste les rapports log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse


    @++ :)
    répondre
    piotr12 le 28 janvier 2009 à 08h45
    Bonjour,

    voici les rapports:


    LOG :
    Logfile of random's system information tool 1.05 (written by random/random)
    Run by user at 2009-01-28 07:43:24
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 8 GB (31%) free of 25 GB
    Total RAM: 1023 MB (27% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:43:31, on 28/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\AccelerometerSt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\WINDOWS\Creator\Remind_XP.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\internet explorer\iexplore.exe
    D:\Mesdocs\Bureau\RSIT.exe
    C:\Program Files\trend micro\user.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxybiblio.hec.fr:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {F2EB3A13-9CBC-432C-8700-925EE466C821} - C:\WINDOWS\system32\ddcDvwXR.dll (file missing)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1035] command /c del "C:\WINDOWS\system32\lyrbgbeg.dll_old"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{369872E5-9499-4D13-95DB-03D7649C115D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{588FACDB-50DC-46F9-AA48-04A06F2D5D54}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{69DC33C3-4858-44D9-BD06-33C82800D439}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - Winlogon Notify: efcYSkKB - C:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 11325 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{3F7F9831-88E7-45DB-AAC5-BE543C105491}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2EB3A13-9CBC-432C-8700-925EE466C821}]
    C:\WINDOWS\system32\ddcDvwXR.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsmqIntCert"=regsvr32 /s mqrt.dll []
    "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-30 88203]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
    "AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.exe [2006-01-16 53248]
    "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-10 761945]
    "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-02 131072]
    "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-02-22 40960]
    "Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
    "Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-01-23 802816]
    "Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
    "ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
    "McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]
    "Network Associates Error Reporting Service"=C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-10 136600]
    "REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-11-20 180269]
    "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "Mp4 Player"=C:\Program Files\Mp4 Player\Mp4Player.exe hmw []
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
    "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-01-11 342848]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB1035"=command /c del C:\WINDOWS\system32\lyrbgbeg.dll_old []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Documents and Settings\user\Menu Démarrer\Programmes\Démarrage
    Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-03-02 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcYSkKB]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=
    "NoDriveAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
    "C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
    "C:\Novell\GroupWise\grpwise.exe"="C:\Novell\GroupWise\grpwise.exe:*:Enabled:GroupWise"
    "C:\Novell\GroupWise\notify.exe"="C:\Novell\GroupWise\notify.exe:*:Enabled:GroupWise Notify"
    "C:\Program Files\lanscan\LanSC\LanScan.exe"="C:\Program Files\lanscan\LanSC\LanScan.exe:*:Enabled:LanScanner"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
    "C:\Program Files\Java\j2re1.4.2_11\javaws\javaws.exe"="C:\Program Files\Java\j2re1.4.2_11\javaws\javaws.exe:*:Enabled:Java Web Start"
    "C:\Program Files\Veoh Networks\Veoh\BsSndRpt.exe"="C:\Program Files\Veoh Networks\Veoh\BsSndRpt.exe:*:Enabled:BsSndRpt.exe"
    "C:\Program Files\7-Zip\7zFM.exe"="C:\Program Files\7-Zip\7zFM.exe:*:Enabled:7-Zip File Manager"
    "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:LocalSubNet:Enabled:Veoh Client"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc547a3-481d-11db-998b-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24b789d0-fe4c-11dc-a763-001302578d37}]
    shell\AutoRun\command - G:\EmDesk.exe
    shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40d578a3-4caf-11db-8748-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4277d5c6-c08d-11dc-a712-001302578d37}]
    shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{691bb0a3-4d5d-11db-a0e4-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ff6c423-4d67-11db-9dc2-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9d091c9-4d74-11db-8c71-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1230ded-d37e-11dd-a87e-0016417ffc6b}]
    shell\AutoRun\command - G:\EmDesk.exe
    shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc1742a3-4d71-11db-a6da-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1d8d449-4d76-11db-842d-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea91676e-42e3-11db-b29b-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a13cec-bc75-11db-a58e-0016417ffc6b}]
    shell\AutoRun\command - G:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db36ef-4d64-11db-a65d-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


    ======List of files/folders created in the last 1 months======

    2009-01-28 07:43:24 ----D---- C:\rsit
    2009-01-24 18:21:03 ----A---- C:\cleannavi.txt
    2009-01-22 00:03:02 ----SHD---- C:\RECYCLER
    2009-01-21 23:37:20 ----A---- C:\fixnavi.txt
    2009-01-21 23:36:20 ----D---- C:\Program Files\Navilog1
    2009-01-21 23:07:41 ----A---- C:\ComboFix.txt
    2009-01-21 23:00:48 ----D---- C:\WINDOWS\temp
    2009-01-20 21:52:22 ----D---- C:\WINDOWS\Minidump
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\zip.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\VFIND.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\SWSC.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\SWREG.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\sed.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\grep.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\fdsv.exe
    2009-01-20 21:39:32 ----D---- C:\WINDOWS\ERDNT
    2009-01-20 21:39:32 ----D---- C:\Qoobox
    2009-01-20 21:10:10 ----D---- C:\WINDOWS\ERUNT
    2009-01-20 20:59:30 ----D---- C:\SDFix
    2009-01-19 20:09:59 ----D---- C:\Program Files\trend micro
    2009-01-18 13:13:18 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-01-17 11:02:33 ----D---- C:\VundoFix Backups
    2009-01-17 11:02:33 ----A---- C:\VundoFix.txt
    2009-01-15 22:18%3
    répondre
    piotr12 le 28 janvier 2009 à 08h45
    Bonjour,

    voici les rapports:


    LOG :
    Logfile of random's system information tool 1.05 (written by random/random)
    Run by user at 2009-01-28 07:43:24
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 8 GB (31%) free of 25 GB
    Total RAM: 1023 MB (27% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:43:31, on 28/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\AccelerometerSt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\WINDOWS\Creator\Remind_XP.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\internet explorer\iexplore.exe
    D:\Mesdocs\Bureau\RSIT.exe
    C:\Program Files\trend micro\user.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxybiblio.hec.fr:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {F2EB3A13-9CBC-432C-8700-925EE466C821} - C:\WINDOWS\system32\ddcDvwXR.dll (file missing)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1035] command /c del "C:\WINDOWS\system32\lyrbgbeg.dll_old"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{369872E5-9499-4D13-95DB-03D7649C115D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{588FACDB-50DC-46F9-AA48-04A06F2D5D54}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{69DC33C3-4858-44D9-BD06-33C82800D439}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - Winlogon Notify: efcYSkKB - C:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 11325 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{3F7F9831-88E7-45DB-AAC5-BE543C105491}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2EB3A13-9CBC-432C-8700-925EE466C821}]
    C:\WINDOWS\system32\ddcDvwXR.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsmqIntCert"=regsvr32 /s mqrt.dll []
    "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-30 88203]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
    "AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.exe [2006-01-16 53248]
    "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-10 761945]
    "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-02 131072]
    "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-02-22 40960]
    "Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
    "Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-01-23 802816]
    "Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
    "ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
    "McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]
    "Network Associates Error Reporting Service"=C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-10 136600]
    "REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-11-20 180269]
    "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "Mp4 Player"=C:\Program Files\Mp4 Player\Mp4Player.exe hmw []
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
    "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-01-11 342848]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB1035"=command /c del C:\WINDOWS\system32\lyrbgbeg.dll_old []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Documents and Settings\user\Menu Démarrer\Programmes\Démarrage
    Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-03-02 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcYSkKB]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=
    "NoDriveAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
    "C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
    "C:\Novell\GroupWise\grpwise.exe"="C:\Novell\GroupWise\grpwise.exe:*:Enabled:GroupWise"
    "C:\Novell\GroupWise\notify.exe"="C:\Novell\GroupWise\notify.exe:*:Enabled:GroupWise Notify"
    "C:\Program Files\lanscan\LanSC\LanScan.exe"="C:\Program Files\lanscan\LanSC\LanScan.exe:*:Enabled:LanScanner"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
    "C:\Program Files\Java\j2re1.4.2_11\javaws\javaws.exe"="C:\Program Files\Java\j2re1.4.2_11\javaws\javaws.exe:*:Enabled:Java Web Start"
    "C:\Program Files\Veoh Networks\Veoh\BsSndRpt.exe"="C:\Program Files\Veoh Networks\Veoh\BsSndRpt.exe:*:Enabled:BsSndRpt.exe"
    "C:\Program Files\7-Zip\7zFM.exe"="C:\Program Files\7-Zip\7zFM.exe:*:Enabled:7-Zip File Manager"
    "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:LocalSubNet:Enabled:Veoh Client"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc547a3-481d-11db-998b-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24b789d0-fe4c-11dc-a763-001302578d37}]
    shell\AutoRun\command - G:\EmDesk.exe
    shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40d578a3-4caf-11db-8748-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4277d5c6-c08d-11dc-a712-001302578d37}]
    shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{691bb0a3-4d5d-11db-a0e4-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ff6c423-4d67-11db-9dc2-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9d091c9-4d74-11db-8c71-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1230ded-d37e-11dd-a87e-0016417ffc6b}]
    shell\AutoRun\command - G:\EmDesk.exe
    shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc1742a3-4d71-11db-a6da-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1d8d449-4d76-11db-842d-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea91676e-42e3-11db-b29b-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a13cec-bc75-11db-a58e-0016417ffc6b}]
    shell\AutoRun\command - G:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db36ef-4d64-11db-a65d-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


    ======List of files/folders created in the last 1 months======

    2009-01-28 07:43:24 ----D---- C:\rsit
    2009-01-24 18:21:03 ----A---- C:\cleannavi.txt
    2009-01-22 00:03:02 ----SHD---- C:\RECYCLER
    2009-01-21 23:37:20 ----A---- C:\fixnavi.txt
    2009-01-21 23:36:20 ----D---- C:\Program Files\Navilog1
    2009-01-21 23:07:41 ----A---- C:\ComboFix.txt
    2009-01-21 23:00:48 ----D---- C:\WINDOWS\temp
    2009-01-20 21:52:22 ----D---- C:\WINDOWS\Minidump
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\zip.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\VFIND.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\SWSC.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\SWREG.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\sed.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\grep.exe
    2009-01-20 21:39:37 ----A---- C:\WINDOWS\fdsv.exe
    2009-01-20 21:39:32 ----D---- C:\WINDOWS\ERDNT
    2009-01-20 21:39:32 ----D---- C:\Qoobox
    2009-01-20 21:10:10 ----D---- C:\WINDOWS\ERUNT
    2009-01-20 20:59:30 ----D---- C:\SDFix
    2009-01-19 20:09:59 ----D---- C:\Program Files\trend micro
    2009-01-18 13:13:18 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-01-17 11:02:33 ----D---- C:\VundoFix Backups
    2009-01-17 11:02:33 ----A---- C:\VundoFix.txt
    2009-01-15 22:18:11 ----A---- C:\WINDOWS\system32\185f160c-.txt
    2009-01-14 23:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-11 16:12:49 ----D---- C:\Program Files\DNA
    2009-01-11 16:12:49 ----D---- C:\Documents and Settings\user\Application Data\DNA
    2009-01-10 10:36:36 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-01-10 10:36:36 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-01-10 10:36:36 ----A---- C:\WINDOWS\system32\java.exe
    2009-01-10 10:36:36 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-01-09 23:24:34 ----D---- C:\Documents and Settings\user\Application Data\Google

    ======List of files/folders modified in the last 1 months======

    2009-01-28 07:37:29 ----D---- C:\WINDOWS
    2009-01-28 07:37:01 ----D---- C:\WINDOWS\SMINST
    2009-01-28 07:35:23 ----D---- C:\WINDOWS\system32
    2009-01-27 22:25:06 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-27 19:35:50 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-27 18:45:47 ----RD---- C:\Program Files
    2009-01-27 18:29:28 ----D---- C:\WINDOWS\Prefetch
    2009-01-26 21:07:25 ----D---- C:\WINDOWS\network diagnostic
    2009-01-26 19:04:10 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-01-22 21:24:39 ----D---- C:\WINDOWS\system32\drivers
    2009-01-22 21:24:35 ----D---- C:\quarantine
    2009-01-21 23:03:28 ----A---- C:\WINDOWS\system.ini
    2009-01-21 23:00:27 ----D---- C:\WINDOWS\AppPatch
    2009-01-21 23:00:27 ----D---- C:\Program Files\Fichiers communs
    2009-01-20 21:43:31 ----D---- C:\WINDOWS\system32\config
    2009-01-20 21:42:03 ----SD---- C:\WINDOWS\Tasks
    2009-01-20 21:34:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-01-20 20:54:01 ----A---- C:\WINDOWS\WPCMAPI.INI
    2009-01-18 00:24:57 ----D---- C:\Documents and Settings\user\Application Data\Skype
    2009-01-18 00:10:25 ----HD---- C:\WINDOWS\inf
    2009-01-17 21:58:41 ----D---- C:\Documents and Settings\user\Application Data\dvdcss
    2009-01-17 12:07:23 ----SHD---- C:\System Volume Information
    2009-01-17 12:07:23 ----D---- C:\WINDOWS\system32\Restore
    2009-01-16 19:21:40 ----A---- C:\WINDOWS\wininit.ini
    2009-01-14 23:22:56 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-01-14 23:22:35 ----HD---- C:\WINDOWS\$hf_mig$
    2009-01-10 10:37:30 ----SHD---- C:\WINDOWS\Installer
    2009-01-10 10:37:08 ----HD---- C:\Config.Msi
    2009-01-10 10:34:29 ----D---- C:\Program Files\Java
    2009-01-10 01:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-29 21:48:43 ----D---- C:\Program Files\Research Insight

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
    R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464]
    R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-09 22016]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
    R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-30 1120352]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-02 1480704]
    R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-10 130048]
    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-02-09 142720]
    R3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-02-15 401664]
    R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-02-15 30363]
    R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
    R3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-02-15 148168]
    R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-02-15 30189]
    R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]
    R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
    R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
    R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
    R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480]
    R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
    R3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-10 191936]
    R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
    S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
    S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
    S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
    S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
    S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-02-01 49664]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-02-01 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-02-01 21568]
    S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-07-06 561152]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-02 405504]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2006-02-15 258103]
    R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-01-10 98304]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-10 152984]
    R2 McAfeeFramework;Service Framework McAfee; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
    R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191]
    R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
    R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
    S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
    S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------

    INFO

    info.txt logfile of random's system information tool 1.05 2009-01-28 07:43:34

    ======Uninstall list======

    -->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
    Ad-Aware 2007-->MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
    Agere Systems HDA Modem-->agrsmdel
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Application Installer 4.00.B5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe" -l0x40c
    Astuce du jour GroupWise C3PO-->C:\Novell\GroupWise\gwtip.exe /uninstall
    ATI Catalyst Control Center-->MsiExec.exe /I{DFEDA4ED-E67D-4E5E-8FDE-C628B4DCA01B}
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CamStudio-->C:\Program Files\CamStudio\uninstall.exe
    Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
    Diaporama version 3.0.0.1-->"C:\Program Files\SoftChris\Diaporama\unins000.exe"
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Favorit-->"c:\documents and settings\user\local settings\application data\wasya.exe" -uninstall
    FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
    FinePixViewer Resource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x40c
    FinePixViewer Ver.5.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x40c
    Fingerprint Sensor Minimum Install-->MsiExec.exe /I{2F0D3C9E-4FB6-4A14-B0C4-42328F570177}
    Free Mp3 Wma Converter V 1.7.2-->"C:\Program Files\Free Audio Pack\unins000.exe"
    FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
    GroupWise-->C:\WINDOWS\IsUn040c.exe -fC:\Novell\GroupWise\DeIsL1.isu -cC:\WINDOWS\system32\gwuninst.dll
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
    HP Mobile Data Protection System-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75ECB75A-522C-4312-8DE7-597CDA9D96A3}\setup.exe" -l0x40c UNINSTALL
    HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
    HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
    HP Quick Launch Buttons 6.00 D2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c -removeonly uninst
    HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Support Phone Numbers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7485CE5-C004-44D6-AA3E-7EE4DFE2B70E}\setup.exe" -l0x40c -removeonly
    HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
    ImageMixer VCD2 LE for FinePix-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x40c
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java 2 Runtime Environment, SE v1.4.2_11-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142110}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    McAfee VirusScan Enterprise-->MsiExec.exe /I{4DCA2739-9D16-4B55-808C-E72CD70A5BD3}
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office FrontPage 2003-->MsiExec.exe /I{9017040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Momindum Studio version 1.0.2-->"C:\Program Files\Momindum Studio\unins000.exe"
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MPEG2 Codec(libmpeg2/mad)-->"C:\Program Files\GNU\MPEG2\Uninstall.exe"
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Navilog1 3.7.1-->"C:\Program Files\Navilog1\unins000.exe"
    OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
    Paint Shop Pro 7 Try And Buy-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
    Paint.NET v3.20-->MsiExec.exe /X{C1CAAF9E-2A80-4AD0-8D9A-B4327966249F}
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Rainlendar (remove only)-->"C:\Program Files\Rainlendar\uninst.exe"
    RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x40c
    RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Research Insight-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8959B4B5-ED48-11D4-8909-0001023E247F}\Setup.exe" anything
    Scribus 1.3.4-->C:\Program Files\Scribus 1.3.4\uninst.exe
    Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
    SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly
    SPSS 14.0 for Windows-->MsiExec.exe /X{0AE19D89-17A9-404D-932A-FAAF43F3C77E}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
    Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1036
    The Economist Screen Saver-->C:\WINDOWS\system32\The Economist.scr /u
    vanBasco's Karaoke Player-->C:\Program Files\vanBasco's Karaoke Player\uninst.exe
    VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
    VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows NT Messaging-->RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    System event log

    Computer Name: PIERRE
    Event Code: 7036
    Message: Le service Pml Driver HPZ12 est entré dans l'état : arrêté.

    Record Number: 286134
    Source Name: Service Control Manager
    Time Written: 20090123190409.000000+000
    Event Type: Informations
    User:

    Computer Name: PIERRE
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Pml Driver HPZ12.

    Record Number: 286133
    Source Name: Service Control Manager
    Time Written: 20090123190409.000000+000
    Event Type: Informations
    User: PIERRE\user

    Computer Name: PIERRE
    Event Code: 7036
    Message: Le service Pml Driver HPZ12 est entré dans l'état : en cours d'exécution.

    Record Number: 286132
    Source Name: Service Control Manager
    Time Written: 20090123190409.000000+000
    Event Type: Informations
    User:

    Computer Name: PIERRE
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Pml Driver HPZ12.

    Record Number: 286131
    Source Name: Service Control Manager
    Time Written: 20090123190404.000000+000
    Event Type: Informations
    User: PIERRE\user

    Computer Name: PIERRE
    Event Code: 7036
    Message: Le service Pml Driver HPZ12 est entré dans l'état : en cours d'exécution.

    Record Number: 286130
    Source Name: Service Control Manager
    Time Written: 20090123190404.000000+000
    Event Type: Informations
    User:

    Application event log

    Computer Name: PIERRE
    Event Code: 2200
    Message: Démarrage réussi de Déclencheurs Message Queuing.

    Record Number: 5
    Source Name: MSMQTriggers
    Time Written: 20081001231649.000000+060
    Event Type: Informations
    User:

    Computer Name: PIERRE
    Event Code: 2028
    Message: Le service Message Queuing a démarré.

    Record Number: 4
    Source Name: MSMQ
    Time Written: 20081001231649.000000+060
    Event Type: Informations
    User:

    Computer Name: PIERRE
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 3
    Source Name: SecurityCenter
    Time Written: 20081001231649.000000+060
    Event Type: Informations
    User:

    Computer Name: PIERRE
    Event Code: 0
    Message:
    Record Number: 2
    Source Name: btwdins
    Time Written: 20081001231643.000000+060
    Event Type: Informations
    User:

    Computer Name: PIERRE
    Event Code: 2444
    Message: MS DTC a été lancé avec les paramètres suivants :



    Configuration de la sécurité (Désactivée = 0 et Activée = 1) :

    Administration réseau des transactions = 0,

    Clients réseau = 0,

    Transactions entrantes distribuées à l'aide du protocole MSDTC natif = 0,

    Transactions sortantes distribuées à l'aide du protocole MSDTC natif = 0,

    TIP (Transaction Internet Protocol) = 0,

    Transactions XA = 0
    Record Number: 1
    Source Name: MSDTC
    Time Written: 20081001231642.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
    "PROCESSOR_REVISION"=0e08
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------

    répondre
    dédétraqué le 28 janvier 2009 à 12h28
    Salut piotr12


    Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
    Au menu principal, choisis l’option 2 (Désinfection automatique) et valide.
    Appuie sur une touche comme demandé.
    (Si ton PC ne redémarre pas automatiquement, fais le toi même)
    Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.

    Patiente jusqu'au message :
    *** Nettoyage Termine le ..... ***
    Le bloc note va s'ouvrir.
    Referme le bloc note. Ton bureau va réapparaître

    PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
    Tape explorer et valide. Cela te fera apparaître ton bureau

    Note : Désactive ton Antivirus et antispyware

    Poste le rapport cleannavi.txt.


    @++ :)
    répondre
    piotr12 le 28 janvier 2009 à 19h26

    Bonjour,

    Navilog me dit que le nettoyage au redemarage est impossible, que le mode sans echec est imperatif. Que dois-je faire ?
    répondre
    dédétraqué le 29 janvier 2009 à 01h58
    Salut piotr12


    - Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

    - Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :

    KillAll::

    File::
    C:\WINDOWS\system32\drivers\svchost.exe
    c:\documents and settings\user\local settings\application data\wasya.exe
    C:\Program Files\Mp4 Player\Mp4Player.exe
    C:\Program Files\Mp4 Player

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2EB3A13-9CBC-432C-8700-925EE466C821}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Mp4 Player"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcYSkKB]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\drivers\svchost.exe"=-


    - Enregistre ce fichier sur le bureau (Impératif)

    -Nom du fichier : CFScript.txt
    -Type du fichier : tous les fichiers

    - Clique sur Enregistrer et quitte le Bloc Notes

    Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

    - Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

    < inclued picture >

    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ ComboFix.txt


    @++ :)
    répondre
    piotr12 le 30 janvier 2009 à 01h04
    Bonsoir dedetraque,

    voici le rapport :

    ComboFix 09-01-21.04 - user 2009-01-29 23:56:09.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.498 [GMT 0:00]
    Lancé depuis: d:\mesdocs\Bureau\ComboFix.exe
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Mozilla Firefox\components\iamfamous.dll
    c:\windows\system32\drivers\gaopdxvysmhtkx.sys
    c:\windows\system32\gaopdxwviqshgf.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_gaopdxserv.sys


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-29 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-28 07:43 . 2009-01-28 07:43 <REP> d-------- C:\rsit
    2009-01-21 23:36 . 2009-01-28 18:26 <REP> d-------- c:\program files\Navilog1
    2009-01-20 21:10 . 2009-01-20 21:10 <REP> d-------- c:\windows\ERUNT
    2009-01-20 20:59 . 2009-01-20 21:31 <REP> d-------- C:\SDFix
    2009-01-19 20:09 . 2009-01-28 07:43 <REP> d-------- c:\program files\trend micro
    2009-01-17 11:02 . 2009-01-17 11:02 <REP> d-------- C:\VundoFix Backups
    2009-01-11 16:12 . 2009-01-29 20:27 <REP> d-------- c:\program files\DNA
    2009-01-11 16:12 . 2009-01-29 23:53 <REP> d-------- c:\documents and settings\user\Application Data\DNA
    2009-01-10 10:36 . 2009-01-10 10:34 410,984 --a------ c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-18 00:24 --------- d-----w c:\documents and settings\user\Application Data\Skype
    2009-01-17 21:58 --------- d-----w c:\documents and settings\user\Application Data\dvdcss
    2009-01-10 10:34 --------- d-----w c:\program files\Java
    2008-12-29 21:48 --------- d-----w c:\program files\Research Insight
    2008-12-27 15:14 --------- d-----w c:\program files\iTunes
    2008-12-27 15:14 --------- d-----w c:\program files\iPod
    2008-12-27 15:14 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-27 14:34 --------- d-----w c:\program files\QuickTime
    2008-12-27 14:34 --------- d-----w c:\program files\Bonjour
    2008-12-27 14:31 --------- d-----w c:\program files\Apple Software Update
    2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-21_23.06.26.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-29 23:55:02 16,384 ----atw c:\windows\temp\Perflib_Perfdata_274.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2EB3A13-9CBC-432C-8700-925EE466C821}]
    c:\windows\system32\ddcDvwXR.dll [BU]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Mp4 Player"="c:\program files\Mp4 Player\Mp4Player.exe" [BU]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-11 342848]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB1035"="command" [X]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-16 53248]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
    "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816]
    "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
    "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
    "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
    "Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-20 180269]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
    "AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 c:\windows\AGRSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\user\Menu D‚marrer\Programmes\D‚marrage\
    Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2006-01-21 118784]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-01 110592]
    BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-02-15 581693]
    Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2006-10-05 282624]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYSkKB]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "c:\\Novell\\GroupWise\\grpwise.exe"=
    "c:\\Novell\\GroupWise\\notify.exe"=
    "c:\\Program Files\\lanscan\\LanSC\\LanScan.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Java\\j2re1.4.2_11\\javaws\\javaws.exe"=
    "c:\\Program Files\\Veoh Networks\\Veoh\\BsSndRpt.exe"=
    "c:\\Program Files\\7-Zip\\7zFM.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-09-13 58464]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-04-04 87936]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-06-10 35968]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc547a3-481d-11db-998b-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24b789d0-fe4c-11dc-a763-001302578d37}]
    \Shell\AutoRun\command - G:\EmDesk.exe
    \Shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40d578a3-4caf-11db-8748-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4277d5c6-c08d-11dc-a712-001302578d37}]
    \Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{691bb0a3-4d5d-11db-a0e4-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ff6c423-4d67-11db-9dc2-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9d091c9-4d74-11db-8c71-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1230ded-d37e-11dd-a87e-0016417ffc6b}]
    \Shell\AutoRun\command - G:\EmDesk.exe
    \Shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc1742a3-4d71-11db-a6da-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1d8d449-4d76-11db-842d-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea91676e-42e3-11db-b29b-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a13cec-bc75-11db-a58e-0016417ffc6b}]
    \Shell\AutoRun\command - G:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db36ef-4d64-11db-a65d-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-01-29 c:\windows\Tasks\User_Feed_Synchronization-{3F7F9831-88E7-45DB-AAC5-BE543C105491}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/ig
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = proxybiblio.hec.fr:8080
    uInternet Settings,ProxyOverride = *.local
    TCP: {369872E5-9499-4D13-95DB-03D7649C115D} = 208.67.220.220,208.67.222.222
    TCP: {588FACDB-50DC-46F9-AA48-04A06F2D5D54} = 208.67.220.220,208.67.222.222
    TCP: {69DC33C3-4858-44D9-BD06-33C82800D439} = 208.67.220.220,208.67.222.222
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
    FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-29 23:58:36
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???@P??????(?@???????@

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(948)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(1004)
    c:\windows\system32\EntApi.dll
    .
    Heure de fin: 2009-01-30 0:00:20
    ComboFix-quarantined-files.txt 2009-01-30 00:00:17
    ComboFix2.txt 2009-01-21 23:07:41

    Avant-CF: 8,123,121,664 octets libres
    Après-CF: 8,156,270,592 octets libres

    208 --- E O F --- 2009-01-14 23:23:02
    ______________________________________________________

    il y a toujours un programme system32 qui s'ouvre au demarage de windows...

    A+
    répondre
    dédétraqué le 30 janvier 2009 à 12h01
    Salut piotr12


    - Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

    - Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :

    KillAll::

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2EB3A13-9CBC-432C-8700-925EE466C821}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Mp4 Player"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYSkKB]


    - Enregistre ce fichier sur le bureau (Impératif)

    -Nom du fichier : CFScript.txt
    -Type du fichier : tous les fichiers

    - Clique sur Enregistrer et quitte le Bloc Notes

    Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

    - Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

    < inclued picture >

    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ ComboFix.txt


    @++ :)
    répondre
    piotr12 le 02 février 2009 à 00h33
    Hello,

    voici le rapport combo fix :

    ComboFix 09-01-21.04 - user 2009-01-29 23:56:09.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.498 [GMT 0:00]
    Lancé depuis: d:\mesdocs\Bureau\ComboFix.exe
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Mozilla Firefox\components\iamfamous.dll
    c:\windows\system32\drivers\gaopdxvysmhtkx.sys
    c:\windows\system32\gaopdxwviqshgf.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_gaopdxserv.sys


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-29 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-28 07:43 . 2009-01-28 07:43 <REP> d-------- C:\rsit
    2009-01-21 23:36 . 2009-01-28 18:26 <REP> d-------- c:\program files\Navilog1
    2009-01-20 21:10 . 2009-01-20 21:10 <REP> d-------- c:\windows\ERUNT
    2009-01-20 20:59 . 2009-01-20 21:31 <REP> d-------- C:\SDFix
    2009-01-19 20:09 . 2009-01-28 07:43 <REP> d-------- c:\program files\trend micro
    2009-01-17 11:02 . 2009-01-17 11:02 <REP> d-------- C:\VundoFix Backups
    2009-01-11 16:12 . 2009-01-29 20:27 <REP> d-------- c:\program files\DNA
    2009-01-11 16:12 . 2009-01-29 23:53 <REP> d-------- c:\documents and settings\user\Application Data\DNA
    2009-01-10 10:36 . 2009-01-10 10:34 410,984 --a------ c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-18 00:24 --------- d-----w c:\documents and settings\user\Application Data\Skype
    2009-01-17 21:58 --------- d-----w c:\documents and settings\user\Application Data\dvdcss
    2009-01-10 10:34 --------- d-----w c:\program files\Java
    2008-12-29 21:48 --------- d-----w c:\program files\Research Insight
    2008-12-27 15:14 --------- d-----w c:\program files\iTunes
    2008-12-27 15:14 --------- d-----w c:\program files\iPod
    2008-12-27 15:14 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-27 14:34 --------- d-----w c:\program files\QuickTime
    2008-12-27 14:34 --------- d-----w c:\program files\Bonjour
    2008-12-27 14:31 --------- d-----w c:\program files\Apple Software Update
    2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-21_23.06.26.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-29 23:55:02 16,384 ----atw c:\windows\temp\Perflib_Perfdata_274.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2EB3A13-9CBC-432C-8700-925EE466C821}]
    c:\windows\system32\ddcDvwXR.dll [BU]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Mp4 Player"="c:\program files\Mp4 Player\Mp4Player.exe" [BU]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-11 342848]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB1035"="command" [X]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-16 53248]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
    "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816]
    "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
    "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
    "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
    "Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-20 180269]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
    "AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 c:\windows\AGRSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\user\Menu D‚marrer\Programmes\D‚marrage\
    Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2006-01-21 118784]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-01 110592]
    BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-02-15 581693]
    Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2006-10-05 282624]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYSkKB]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "c:\\Novell\\GroupWise\\grpwise.exe"=
    "c:\\Novell\\GroupWise\\notify.exe"=
    "c:\\Program Files\\lanscan\\LanSC\\LanScan.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Java\\j2re1.4.2_11\\javaws\\javaws.exe"=
    "c:\\Program Files\\Veoh Networks\\Veoh\\BsSndRpt.exe"=
    "c:\\Program Files\\7-Zip\\7zFM.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-09-13 58464]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-04-04 87936]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-06-10 35968]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc547a3-481d-11db-998b-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24b789d0-fe4c-11dc-a763-001302578d37}]
    \Shell\AutoRun\command - G:\EmDesk.exe
    \Shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40d578a3-4caf-11db-8748-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4277d5c6-c08d-11dc-a712-001302578d37}]
    \Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{691bb0a3-4d5d-11db-a0e4-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ff6c423-4d67-11db-9dc2-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9d091c9-4d74-11db-8c71-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1230ded-d37e-11dd-a87e-0016417ffc6b}]
    \Shell\AutoRun\command - G:\EmDesk.exe
    \Shell\EmDesk\command - G:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc1742a3-4d71-11db-a6da-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1d8d449-4d76-11db-842d-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea91676e-42e3-11db-b29b-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a13cec-bc75-11db-a58e-0016417ffc6b}]
    \Shell\AutoRun\command - G:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db36ef-4d64-11db-a65d-806d6172696f}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-01-29 c:\windows\Tasks\User_Feed_Synchronization-{3F7F9831-88E7-45DB-AAC5-BE543C105491}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/ig
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = proxybiblio.hec.fr:8080
    uInternet Settings,ProxyOverride = *.local
    TCP: {369872E5-9499-4D13-95DB-03D7649C115D} = 208.67.220.220,208.67.222.222
    TCP: {588FACDB-50DC-46F9-AA48-04A06F2D5D54} = 208.67.220.220,208.67.222.222
    TCP: {69DC33C3-4858-44D9-BD06-33C82800D439} = 208.67.220.220,208.67.222.222
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
    FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-29 23:58:36
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???@P??????(?@???????@

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(948)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(1004)
    c:\windows\system32\EntApi.dll
    .
    Heure de fin: 2009-01-30 0:00:20
    ComboFix-quarantined-files.txt 2009-01-30 00:00:17
    ComboFix2.txt 2009-01-21 23:07:41

    Avant-CF: 8,123,121,664 octets libres
    Après-CF: 8,156,270,592 octets libres

    208 --- E O F --- 2009-01-14 23:23:02
    répondre
    dédétraqué le 02 février 2009 à 00h39
    Salut piotr12


    On va vérifier si rien de caché :

    Fais un scan en ligne ici http://webscanner.kaspersky.fr/ (A faire avec Internet Explorer)

    - Désactive ton Antivirus avant le scan
    http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm
    - En bas à droite clique sur Démarrer Online-scanner dans la nouvelle fenêtre qui s'affiche clique sur J'accepte
    - Accepte les Contrôle ActivX

    - Choisis Poste de travail pour le scan. Celui-ci terminé clique sur Enregistrer rapport sous (Choisis fichier texte)
    - Poste le rapport

    - Pour t'aider à utiliser le scan en ligne http://forum.pcastuces.com/kaspersky_online_scanner___tutoriel-f31s10.htm

    P.S. : Si tu as un problème pour l'installation du Contrôle ActivX lis ceci http://www.inoculer.com/activex.php3


    NOTE : Si tu reçoit le message "La licence de Kaspersky On-line Scanner est périmée"
    Via Ajout/Suppression de programmes supprime Kaspersky Online Scanner et refaire l’installation.


    @++ :)
    répondre
    piotr12 le 02 février 2009 à 23h35
    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Monday, February 02, 2009 10:34:12 PM
    Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.84.2
    Dernière mise à jour de la base antivirus Kaspersky : 2/02/2009
    Enregistrements dans la base antivirus Kaspersky : 1565714
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    C:\
    D:\
    E:\
    F:\

    Statistiques de l'analyse:
    Total d'objets analysés: 159852
    Nombre de virus trouvés: 11
    Nombre d'objets infectés: 24 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 01:47:17

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20090202_Time-140828640_EnterceptExceptions.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20090202_Time-140828640_EnterceptRules.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_PIERRE.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_PIERRE.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Invité\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Invité\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Invité\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Invité\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Invité\Local Settings\Historique\History.IE5\MSHist012009011220090119\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Invité\Local Settings\Historique\History.IE5\MSHist012009020220090203\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Invité\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Invité\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\Invité\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\cert8.db L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\content-prefs.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\cookies.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\downloads.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\formhistory.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\key3.db L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\parent.lock L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\permissions.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\places.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\places.sqlite-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\search.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\urlclassifier3.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Historique\History.IE5\MSHist012009020220090203\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\temp\etilqs_SudYc8h8fKQ0QMAFbegN L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\temp\hpodvd09.log L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\temp\Perflib_Perfdata_13a4.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\temp\Perflib_Perfdata_ed8.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\user\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Qoobox\Quarantine\C\Program Files\ActivationManager\ActivationManager.dll.vir Infecté : Trojan.Win32.BHO.bjn ignoré
    C:\Qoobox\Quarantine\C\WINDOWS\DelAutorun.bat.vir Infecté : Worm.Win32.AutoRun.xzc ignoré
    C:\Qoobox\Quarantine\C\WINDOWS\system32\eadrajlm.dll.vir Infecté : Trojan.Win32.Monder.areo ignoré
    C:\Qoobox\Quarantine\C\WINDOWS\system32\egrupglc.dll.vir Infecté : Trojan.Win32.Agent2.bkd ignoré
    C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxwviqshgf.dll.vir Infecté : Trojan-PSW.Win32.Agent.lqj ignoré
    C:\Qoobox\Quarantine\C\WINDOWS\system32\golxkx.dll.vir Infecté : Trojan.Win32.Monder.asxw ignoré
    C:\Qoobox\Quarantine\C\WINDOWS\system32\lyymvjad.dll.vir Infecté : Trojan.Win32.Monder.asxx ignoré
    C:\Qoobox\Quarantine\C\WINDOWS\system32\pnkphfyc.dll.vir Infecté : Trojan.Win32.Monder.asxw ignoré
    C:\Qoobox\Quarantine\C\WINDOWS\system32\WanPacket.dll.vir Infecté : Backdoor.Win32.ForBot.am ignoré
    C:\quarantine\Av-test.txt.Vir Infecté : EICAR-Test-File ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\tracking.log L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP2\A0001189.dll Infecté : Trojan.Win32.Agent2.bkd ignoré
    C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP3\A0001283.dll Infecté : Trojan.Win32.BHO.bjn ignoré
    C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP3\A0001292.dll Infecté : Trojan.Win32.Monder.areo ignoré
    C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP3\A0001293.dll Infecté : Trojan.Win32.Agent2.bkd ignoré
    C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP3\A0001295.dll Infecté : Trojan.Win32.Monder.asxw ignoré
    C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP3\A0001297.dll Infecté : Trojan.Win32.Monder.asxx ignoré
    C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP3\A0001301.dll Infecté : Trojan.Win32.Monder.asxw ignoré
    C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP3\A0001307.dll Infecté : Backdoor.Win32.ForBot.am ignoré
    C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP5\A0002520.bat Infecté : Worm.Win32.AutoRun.xzc ignoré
    C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP5\A0002686.dll Infecté : Trojan-PSW.Win32.Agent.lqj ignoré
    C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP5\A0002702.dll Infecté : Trojan.Win32.Agent.avjo ignoré
    C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP6\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\MsDtc\MSDTC.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\msmq\storage\QMLog L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\temp\Perflib_Perfdata_2d8.dat L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    D:\Mesdocs\Bureau\VideoActiveX3085.exe/stream/data0001 Infecté : Packed.Win32.Tdss.a ignoré
    D:\Mesdocs\Bureau\VideoActiveX3085.exe/stream Infecté : Packed.Win32.Tdss.a ignoré
    D:\Mesdocs\Bureau\VideoActiveX3085.exe NSIS: infecté - 2 ignoré
    D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

    Analyse terminée.
    répondre
    piotr12 le 02 février 2009 à 23h36
    Bonsoir Dedetraque,

    je viens de poster le rapport, (ça a duré environ 1h30!)

    ciao
    répondre
    dédétraqué le 03 février 2009 à 00h29
    Salut piotr12


    Télécharge OTMoveIt3 (de Old_Timer) sur le bureau :

    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    Double-clique sur OTMoveIt3.exe sur le bureau

    - Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

    - Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved

    :processes
    explorer.exe

    :files
    D:\Mesdocs\Bureau\VideoActiveX3085.exe
    C:\Qoobox
    C:\quarantine

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


    - Clique sur MoveIt! pour lancer la suppression.
    - Ferme OTMoveIt3

    Ton PC va redémarrer pour finir la suppression

    Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.


    @++ :)
    répondre
    piotr12 le 03 février 2009 à 23h33
    Bonsoir,

    voici le rapport, mais il faut noter que Mcafee s'est declenche au moment de l'execution est a suprime des fichiers apparemment...

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File/Folder D:\Mesdocs\Bureau\VideoActiveX3085.exe not found.
    File/Folder C:\Qoobox not found.
    File/Folder C:\quarantine not found.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\etilqs_B3d9fkB8EWCH1D81tI1B scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_388.dat scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_dac.dat scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_8dc.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02032009_222345

    Files moved on Reboot...
    File C:\Qoobox\Quarantine\C\WINDOWS\system32 not found!
    File C:\Qoobox\Quarantine\C\WINDOWS not found!
    File C:\Qoobox\Quarantine\C not found!
    File C:\Qoobox\Quarantine not found!
    File C:\Qoobox not found!
    File C:\quarantine not found!
    File C:\DOCUME~1\user\LOCALS~1\Temp\etilqs_B3d9fkB8EWCH1D81tI1B not found!
    C:\DOCUME~1\user\LOCALS~1\Temp\hpodvd09.log moved successfully.
    File C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_388.dat not found!
    File C:\DOCUME~1\user\LOCALS~1\Temp\Perflib_Perfdata_dac.dat not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_8dc.dat not found!
    File C:\WINDOWS\temp\WFV2.tmp not found!
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\f3y4c10g.default\XUL.mfl moved successfully.

    __________

    répondre
    dédétraqué le 04 février 2009 à 00h06
    Salut piotr12


    Désactive la restauration système sur tous les lecteurs :

    - Clique droit sur le Poste de travail sur le bureau, dans propriété tu cliques sur l'onglet Restauration système

    - Coche la case désactiver la restauration et applique

    Redémarre l’ordinateur et réactive la restauration système.

    Tutoriel : http://www.libellules.ch/desactiver_restauration.php


    - Supprime C:\_OTMoveIt <== ce dossier
    - Vide la corbeille


    Refais un scan en ligne avec Kaspersky pour vérification


    @++ :)
    répondre


    PRODUITS

    TÉLÉCHARGER - LOGICIELS

    JEUX VIDÉOS

    LOISIRS

    01NET PRO

    AVIS ET COMMENTAIRES

    A PROPOS DE 01NET

    Forum de 01net / Sécurité / Spyware recalcitrant Virtu monde
    publicité
    > Logiciel : F-Secure
    Internet Security 2010
    Profitez de notre offre promotionnelle de - 20 %!

    Service 01net
    Newsletters 01net
    abonnez vous gratuitement !
    Actus
    Voir le dernier numéro
    Entreprise
    Voir le dernier numéro
      
    01Informatique
    01 INFORMATIQUE
    L'hebdo de référence des décideurs informatiques.
    Micro Hebdo
    MICRO HEBDO
    L'hebdo qui vous simplifie la micro
    et Internet.
    L'Ordinateur Individuel
    L'ORDINATEUR INDIVIDUEL
    Le mensuel informatique qui vous informe et vous conseille.
    Nous contacter  |  Charte de confiance  |  Voir notice légale

    01net.  -  01men  -  RMC  -  BFM Radio  -  BFM TV  -  TousLesPodcasts  -  01informatique.fr  -  Association RMC-BFM
    Tous droits réservés © 1999 - 2009 Internext - 01net.