warning dangerous spyware

Bonjour
Je vois que je ne suis pas le seul à avoir ce problème mais je n'arrive pas à enlever le message sur le bureau.je ne sais pas ce qu'il faut faire.J'ai essayer de redémarrer l'ordinateur mais le message est toujours la. Si quelqu'un veut bien m'aider ça serait super sympa.

Salut djobidjoba


On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

Les rapports sont dans le dossier ici C:\rsit


@++

bonjour dédétraqué

voici le rapport log.txt:


Logfile of random's system information tool 1.06 (written by random/random)
Run by David at 2009-03-26 18:13:22
Microsoft Windows XP Édition familiale Service Pack 2
System drive F: has 5 GB (21%) free of 25 GB
Total RAM: 511 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:35, on 26/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\System32\FTRTSVC.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\runservice.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Spyware Doctor\pctsAuxs.exe
F:\Program Files\Spyware Doctor\pctsSvc.exe
F:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\WINDOWS\system32\LVCOMSX.EXE
F:\PROGRA~1\Wanadoo\TaskBarIcon.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\ULI5289\ULi5289.exe
F:\Program Files\Spyware Doctor\pctsTray.exe
F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
F:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\IEXPOLES.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\SAGEM WiFi manager\WLANUTL.exe
F:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
F:\PROGRA~1\Wanadoo\ComComp.exe
F:\PROGRA~1\Wanadoo\Toaster.exe
F:\PROGRA~1\Wanadoo\Inactivity.exe
F:\PROGRA~1\Wanadoo\PollingModule.exe
F:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\PROGRA~1\Wanadoo\Watch.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\RSIT.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
C:\David.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - F:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [WOOWATCH] F:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] F:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ULiRaid5289] F:\Program Files\ULI5289\ULi5289.exe
O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [OpwareSE2] "F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [System Restore] IEXPOLES.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] F:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-507921405-1788223648-725345543-1004\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'taponat')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-507921405-1788223648-725345543-1004 Startup: OpenOffice.org 3.0.lnk = F:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'taponat')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{438A8666-4B4B-41B9-99B3-725012EE3572}: NameServer = 192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - F:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - F:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 11912 bytes

======Scheduled tasks folder======

F:\WINDOWS\tasks\AppleSoftwareUpdate.job
F:\WINDOWS\tasks\dfrg.job
F:\WINDOWS\tasks\Google Software Updater.job
F:\WINDOWS\tasks\MP Scheduled Scan.job
F:\WINDOWS\tasks\Norton Security Scan for taponat.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - F:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-29 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2007-10-08 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - F:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-29 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - F:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-29 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"LVCOMSX"=F:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]
"WOOWATCH"=F:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]
"WOOTASKBARICON"=F:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]
"NvCplDaemon"=F:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=F:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"SoundMan"=F:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"ULiRaid5289"=F:\Program Files\ULI5289\ULi5289.exe [2005-06-07 409600]
"ISTray"=F:\Program Files\Spyware Doctor\pctsTray.exe [2008-02-01 1103240]
"OpwareSE2"=F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"SunJavaUpdateSched"=F:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"AppleSyncNotifier"=F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-06 177472]
"QuickTime Task"=F:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Adobe Reader Speed Launcher"=F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"System Restore"=F:\WINDOWS\IEXPOLES.exe [2009-03-24 57906]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=F:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"WOOKIT"=F:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880]
"msnmsgr"=F:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]
F:\Program Files\ULI5289\ALi5289.exe [2005-06-07 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-06 177472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-25 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
F:\Program Files\Spyware Doctor\pctsTray.exe [2008-02-01 1103240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
F:\Program Files\Logitech\Video\ManifestEngine.exe [2004-10-08 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
F:\Program Files\Logitech\Video\ISStart.exe [2004-10-08 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
F:\Program Files\Logitech\Video\LogiTray.exe [2004-10-08 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
F:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
F:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-14 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
F:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
F:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2009-03-26 161776]

F:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk - F:\Program Files\SAGEM WiFi manager\WLANUTL.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
F:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=F:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Program Files\Windows Live\Messenger\msnmsgr.exe"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\Program Files\Windows Live\Messenger\livecall.exe"="F:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\Program Files\Mozilla Firefox\firefox.exe"="F:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"F:\Program Files\Bonjour\mDNSResponder.exe"="F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Program Files\Windows Live\Messenger\msnmsgr.exe"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\Program Files\Windows Live\Messenger\livecall.exe"="F:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-03-26 18:13:22 ----D---- F:\rsit
2009-03-25 15:24:48 ----A---- F:\ComboFix.txt
2009-03-25 14:46:56 ----D---- F:\ComboFix
2009-03-25 14:39:53 ----D---- F:\Qoobox
2009-03-25 12:42:11 ----D---- F:\Documents and Settings\David\Application Data\Malwarebytes
2009-03-25 12:42:01 ----D---- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-24 19:56:51 ----RSH---- F:\WINDOWS\IEXPOLES.exe
2009-03-11 18:22:12 ----HDC---- F:\WINDOWS\$NtUninstallKB960225$
2009-03-11 18:22:06 ----HDC---- F:\WINDOWS\$NtUninstallKB958690$
2009-03-11 18:21:50 ----A---- F:\WINDOWS\imsins.BAK
2009-03-11 18:21:40 ----HDC---- F:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-01 11:41:10 ----D---- F:\WINDOWS\system32\Lang

======List of files/folders modified in the last 1 months======

2009-03-26 18:13:14 ----D---- F:\WINDOWS\Prefetch
2009-03-26 18:13:09 ----D---- F:\WINDOWS\temp
2009-03-26 18:12:20 ----D---- F:\Program Files\Wanadoo
2009-03-26 18:05:21 ----AD---- F:\Documents and Settings\All Users\Application Data\TEMP
2009-03-26 18:03:39 ----A---- F:\WINDOWS\NeroDigital.ini
2009-03-26 17:56:46 ----SD---- F:\WINDOWS\Tasks
2009-03-26 17:46:55 ----SHD---- F:\WINDOWS\Installer
2009-03-26 17:42:30 ----D---- F:\WINDOWS\system32\drivers
2009-03-25 18:26:45 ----A---- F:\WINDOWS\SchedLgU.Txt
2009-03-25 18:26:36 ----D---- F:\WINDOWS\system32\CatRoot2
2009-03-25 15:25:23 ----D---- F:\WINDOWS\system32
2009-03-25 15:25:07 ----D---- F:\WINDOWS
2009-03-25 15:16:20 ----A---- F:\WINDOWS\system.ini
2009-03-25 15:11:08 ----D---- F:\WINDOWS\system32\config
2009-03-25 15:10:53 ----D---- F:\WINDOWS\erdnt
2009-03-25 15:08:32 ----D---- F:\WINDOWS\AppPatch
2009-03-25 15:08:31 ----D---- F:\Program Files\Fichiers communs
2009-03-25 14:15:02 ----D---- F:\Program Files
2009-03-24 20:54:16 ----D---- F:\Program Files\Mozilla Firefox
2009-03-24 19:04:55 ----D---- F:\Documents and Settings\All Users\Application Data\Google Updater
2009-03-21 12:11:09 ----D---- F:\WINDOWS\Debug
2009-03-16 19:15:18 ----D---- F:\Documents and Settings
2009-03-15 17:59:26 ----D---- F:\WINDOWS\system32\RR3_COUPE dir
2009-03-15 16:46:12 ----HD---- F:\WINDOWS\inf
2009-03-13 18:00:04 ----D---- F:\Program Files\Norton Security Scan
2009-03-11 18:22:14 ----RSHDC---- F:\WINDOWS\system32\dllcache
2009-03-11 16:06:21 ----HD---- F:\WINDOWS\$hf_mig$
2009-03-08 12:09:58 ----D---- F:\WINDOWS\system32\LogFiles
2009-03-07 21:03:28 ----D---- F:\Program Files\Spyware Doctor
2009-03-07 17:12:23 ----D---- F:\WINDOWS\Minidump
2009-03-06 18:36:01 ----ASD---- F:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-06 18:35:59 ----D---- F:\Program Files\Fichiers communs\Microsoft Shared
2009-03-01 11:37:54 ----D---- F:\Program Files\Bonjour

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; F:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; F:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; F:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 IKSysFlt;System Filter Driver; F:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; F:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
R1 kbdhid;Pilote HID de clavier; F:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
R1 prodrv06;StarForce Protection Environment Driver v6; F:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-10 52128]
R1 StarOpen;StarOpen; F:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller; F:\WINDOWS\System32\Drivers\ALIEHCI.sys [2003-07-04 106168]
R2 aswFsBlk;aswFsBlk; F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; F:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 irda;Protocole IrDA; F:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R3 AC97ALI;Service for AC'97 Driver (WDM); F:\WINDOWS\system32\drivers\ali55wdm.sys [2004-08-27 63488]
R3 aliroothub;USB 2.0 Root Hub; F:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2003-07-04 5337]
R3 aswRdr;aswRdr; F:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; F:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Pilote de classe HID Microsoft; F:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 mouhid;Pilote HID de souris; F:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 nv;nv; F:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 Rasirda;Miniport réseau étendu (IrDA); F:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ULI5261XP;ULi M526X Ethernet NT Driver; F:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]
R3 usbccgp;Pilote parent générique USB Microsoft; F:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; F:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; F:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; F:\WINDOWS\System32\Drivers\ZDPSp50.sys [2006-01-18 17664]
S1 ovfsthrfqmqlrrswwonipxdujxvkpltlwhjckl;ovfsthrfqmqlrrswwonipxdujxvkpltlwhjckl; F:\WINDOWS\system32\drivers\ovfsthnifixqlhdasbpdewpidbbrqwpvgmhjtn.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); F:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488]
S3 aligp;USB Composite Device; F:\WINDOWS\system32\DRIVERS\AliGP.sys [2003-07-04 8668]
S3 CCDECODE;Décodeur sous-titre fermé; F:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\David\Mes documents\MediaCoder\SysInfo.sys []
S3 irsir;Pilote série infrarouge Microsoft; F:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 LVUSBSta;Logitech USB Monitor Filter; F:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-08 22016]
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; F:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; F:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; F:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\F:\WINDOWS\system32\PCANDIS5.SYS []
S3 QCMerced;Logitech QuickCam Communicate; F:\WINDOWS\system32\DRIVERS\LVCM.sys [2004-10-08 585824]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); F:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver; F:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432]
S3 SLIP;Détrameur décalage BDA; F:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 ssbcbus;SAMSUNG Mobile Composite Device (WDM); F:\WINDOWS\system32\DRIVERS\ssbcbus.sys [2007-07-05 83328]
S3 ssbcmdfl;SAMSUNG Mobile USB Modem 1.0 (Filter); F:\WINDOWS\system32\DRIVERS\ssbcmdfl.sys [2007-07-05 14848]
S3 ssbcmdm;SAMSUNG Mobile USB Modem 1.0; F:\WINDOWS\system32\DRIVERS\ssbcmdm.sys [2007-07-05 109696]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); F:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2007-05-02 83592]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; F:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; F:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; F:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; \??\F:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USB_RNDIS;Inventel Gateway; F:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 12672]
S3 USBAAPL;Apple Mobile USB Driver; F:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;Pilote USB audio (WDM); F:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; F:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
S3 usbprint;Classe d'imprimantes USB Microsoft; F:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; F:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VtcDrv;Philips SA60xx Recovery Device; F:\WINDOWS\System32\Drivers\vtcdrv.sys [2007-02-23 18560]
S3 WpdUsb;WpdUsb; F:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\F:\WINDOWS\system32\ZDCndis5.SYS []
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\F:\WINDOWS\system32\ZDPNDIS5.SYS []
S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Service Bonjour; F:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FTRTSVC;France Telecom Routing Table Service; F:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 Irmon;Moniteur infrarouge; F:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R2 JavaQuickStarterService;Java Quick Starter; F:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LicCtrlService;LicCtrl Service; F:\WINDOWS\runservice.exe [2007-07-02 2560]
R2 NVSvc;NVIDIA Display Driver Service; F:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 sdAuxService;PC Tools Auxiliary Service; F:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
R2 sdCoreService;PC Tools Security Service; F:\Program Files\Spyware Doctor\pctsSvc.exe [2008-02-01 948616]
R2 WinDefend;Windows Defender; F:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;Service de l’iPod; F:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 gusvc;Google Software Updater; F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-25 29744]
S3 ose;Office Source Engine; F:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; F:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; F:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; F:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------


et voici le rapport info.txt:


info.txt logfile of random's system information tool 1.06 2009-03-26 18:13:40

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->F:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->F:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->F:\WINDOWS\UNNMP.exe /UNINSTALL
-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x40c UNINSTALL
-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player-->F:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE F:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ALi mini IDE driver-->F:\WINDOWS\System32\ALi5minst.exe F:\WINDOWS\inf\mshdc.inf PCI\VEN_10B9&DEV_5229 1
ALi USB2.0 Driver-->F:\WINDOWS\system32\UnUSB20.EXE F:\WINDOWS\IsUninst.exe -fF:\WINDOWS\system32\ALiEHCI.isu
Alley 19 Bowling (Requires CD)-->D:\Remove.exe
Antares Auto-Tune Evo VST-->MsiExec.exe /X{66F49D6A-E999-4DB0-ADB6-EE546806E340}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->F:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoStudio 5.5-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitComet 1.00-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon MP Navigator 2.0-->"F:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove F:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP450-->"F:\WINDOWS\system32\CanonMP Uninstaller Information\{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}\DelDrv.exe" /U:{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD} /L0x000c
Canon Utilities Easy-PhotoPrint-->F:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DriverAgent Plugin for Netscape by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_np.inf,TVICHW32Remove
Easy-WebPrint-->F:\WINDOWS\IsUn040c.exe -f"F:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Everest Poker (Remove Only)-->F:\Program Files\Everest Poker\cstart.exe /uninstall
Football Manager 2009-->"C:\Program Files\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Désinstaller Football Manager 2009.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Desktop-->F:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google SketchUp 7-->MsiExec.exe /I{BEF106F8-2689-4530-925A-E1117836E8CD}
Google Toolbar for Internet Explorer-->"F:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Lecteur Windows Media 11-->"F:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Light Driver 2-->F:\WINDOWS\UNWISE.EXE F:\WINDOWS\LightDriver2.LOG
Livebox-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}\Setup.exe" -l0x40c
Logiciel QuickCam de Logitech-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Malwarebytes' Anti-Malware-->"C:\Malwarebytes' Anti-Malware\unins000.exe"
Media Converter for Philips-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}\Setup.exe" -l0x40c
Mega Manager-->F:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Messenger Plus! Live-->"F:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{9084040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"F:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"F:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"F:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{A14C24F6-615B-415E-84B0-610FDAD19B68}
Mozilla Firefox (3.0.1)-->F:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navilog1 Version 2.0.2-->"F:\Program Files\Navilog1\uninstall.exe"
Nero Suite-->F:\Program Files\Fichiers communs\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Norton Security Scan (Symantec Corporation)-->"F:\Program Files\Fichiers communs\Symantec Shared\NSSSetup\{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}
NVIDIA Drivers-->F:\WINDOWS\system32\nvuninst.exe UninstallGUI
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OpenOffice.org 3.0-->MsiExec.exe /I{1572F66F-F9AD-4D45-B0D2-0F45A0D5A0F6}
Outil de connexion Wanadoo-->F:\PROGRA~1\Wanadoo\MessageDesinstallation.exe Wanadoo
Outil de mise à jour Google-->"F:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Pacific Poker-->F:\PROGRA~1\PACIFI~1\UNWISE.EXE F:\PROGRA~1\PACIFI~1\INSTALL.LOG
Programme de gestion Camera de Logitech®-->"F:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek AC'97 Audio-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
RR3_COUPE Screen Saver-->F:\WINDOWS\system32\RR3_COUPE.scr /u
Runtime VB 5.0 fr-->F:\WINDOWS\ST5UNST.EXE -n "c:\ST5UNST.LOG"
SA60xx Device Manager-->F:\Program Files\InstallShield Installation Information\{8A6AD979-8170-49ED-8529-14174317B281}\setup.exe -runfromtemp -l0x040c -removeonly
Sagem Wi-Fi 11g USB adapter (driver)-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2ED60C17-4568-4CD5-830A-03C4688B09A1}\setup.exe" -l0x40c
Sagem Wi-Fi 11g USB adapter (utility)-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{AAFD22B6-A6C7-4134-AF4E-080BCBCD3493}\setup.exe" -l0x40c
SAMSUNG Mobile Composite Device Software-->F:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->F:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->F:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->F:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->F:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"F:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung PC Studio 3-->"F:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sélecteur d'installation de Microsoft Works 2005-->F:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP D:\
Shockwave-->F:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE F:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Spyware Doctor 5.5-->F:\Program Files\Spyware Doctor\unins000.exe /LOG
Storm Hip-Hop Studio-->F:\WINDOWS\unvise32.exe C:\Program Files\Arturia\Storm Hip-Hop Studio\uninstal.log
ULi AC'97 Audio Controller Driver-->F:\Program Files\InstallShield Installation Information\ULi AC'97 Audio Controller Driver\setup.exe
ULi M5289 SATA Controller Driver-->F:\Program Files\InstallShield Installation Information\ULi M5289 SATA Controller Driver\setup.exe
ULi PCI 10-100 Fast Ethernet Controller Driver-->F:\Program Files\InstallShield Installation Information\ULi PCI 10-100 Fast Ethernet Controller Driver\setup.exe
ULi PCI to AGP Controller Driver-->F:\Program Files\InstallShield Installation Information\ULi PCI to AGP Controller Driver\setup.exe
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"F:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"F:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"F:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 090325-0]

======System event log======

Computer Name: TAPONAT-1FBC5D0
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 13360
Source Name: Service Control Manager
Time Written: 20090303190454.000000+060
Event Type: Informations
User:

Computer Name: TAPONAT-1FBC5D0
Event Code: 7036
Message: Le service Service de l’iPod est entré dans l'état : en cours d'exécution.

Record Number: 13359
Source Name: Service Control Manager
Time Written: 20090303190454.000000+060
Event Type: Informations
User:

Computer Name: TAPONAT-1FBC5D0
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

Record Number: 13358
Source Name: Service Control Manager
Time Written: 20090303190454.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: TAPONAT-1FBC5D0
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de l’iPod.

Record Number: 13357
Source Name: Service Control Manager
Time Written: 20090303190454.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: TAPONAT-1FBC5D0
Event Code: 7036
Message: Le service avast! Mail Scanner est entré dans l'état : en cours d'exécution.

Record Number: 13356
Source Name: Service Control Manager
Time Written: 20090303190450.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: TAPONAT-1FBC5D0
Event Code: 1
Message:
Record Number: 23172
Source Name: Bonjour Service
Time Written: 20090215144222.000000+060
Event Type: Informations
User:

Computer Name: TAPONAT-1FBC5D0
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur TAPONAT-1FBC5D0\David alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 23171
Source Name: Userenv
Time Written: 20090214235612.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: TAPONAT-1FBC5D0
Event Code: 1524
Message: Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.



Record Number: 23170
Source Name: Userenv
Time Written: 20090214235610.000000+060
Event Type: Avertissement
User: TAPONAT-1FBC5D0\David

Computer Name: TAPONAT-1FBC5D0
Event Code: 101
Message: msnmsgr (2424) Le moteur de base de données est arrêté.

Record Number: 23169
Source Name: ESENT
Time Written: 20090214235132.000000+060
Event Type: Informations
User:

Computer Name: TAPONAT-1FBC5D0
Event Code: 103
Message: msnmsgr (2424) \\.\F:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Messenger\david.taponat@hotmail.fr\SharingMetadata\Working\database_C2A8_E6E5_A8E6_D747\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 23168
Source Name: ESENT
Time Written: 20090214235132.000000+060
Event Type: Informations
User:

=====Security event log=====

Computer Name: TAPONAT-1FBC5D0
Event Code: 538
Message: Fermeture de la session utilisateur :

Utilisateur : taponat

Domaine : TAPONAT-1FBC5D0

Id. de la session : (0x0,0xF73784)

Type de session : 2


Record Number: 149002
Source Name: Security
Time Written: 20090318190432.000000+060
Event Type: Succès de l'audit
User: TAPONAT-1FBC5D0\taponat

Computer Name: TAPONAT-1FBC5D0
Event Code: 683
Message: Session déconnectée de la station Windows :

Utilisateur : David

Domaine : TAPONAT-1FBC5D0

Id. de session : (0x0,0x1EF77)

Nom de session : Console

Nom de client : Unknown

Adresse de client : Unknown

Record Number: 149001
Source Name: Security
Time Written: 20090318190431.000000+060
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: TAPONAT-1FBC5D0
Event Code: 576
Message: Privilèges spéciaux assignés à la nouvelle session :

Utilisateur :

Domaine :

Id. de la session : (0x0,0xF73784)

Privilèges : SeChangeNotifyPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege

Record Number: 149000
Source Name: Security
Time Written: 20090318190421.000000+060
Event Type: Succès de l'audit
User: TAPONAT-1FBC5D0\taponat

Computer Name: TAPONAT-1FBC5D0
Event Code: 528
Message: Ouverture de session réseau réussie :

Utilisateur : taponat

Domaine : TAPONAT-1FBC5D0

Id. de la session : (0x0,0xF73784)

Type de session : 2

Processus de session : Advapi

Package d'authentification : Negotiate

Station de travail : TAPONAT-1FBC5D0

GUID d'ouv. de session : {00000000-0000-0000-0000-000000000000}

Record Number: 148999
Source Name: Security
Time Written: 20090318190421.000000+060
Event Type: Succès de l'audit
User: TAPONAT-1FBC5D0\taponat

Computer Name: TAPONAT-1FBC5D0
Event Code: 680
Message: Tentative d'ouverture de session par : MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Compte d'ouverture de session : taponat

Station de travail source : TAPONAT-1FBC5D0

Code erreur : 0x0


Record Number: 148998
Source Name: Security
Time Written: 20090318190421.000000+060
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;F:\Program Files\QuickTime\QTSystem;F:\Program Files\Samsung\Samsung PC Studio 3
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;F:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=F:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Merci de ton aide
A+

Salut djobidjoba


- Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

- Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :



- Enregistre ce fichier sur le bureau (Impératif)

-Nom du fichier : CFScript.txt
-Type du fichier : tous les fichiers

- Clique sur Enregistrer et quitte le Bloc Notes

Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :



* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ ComboFix.txt


@++

Bonour dédétraqué
voila le rapport:


ComboFix 09-03-23.01 - David 2009-03-27 18:29:17.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.107 [GMT 1:00]
Lancé depuis: c:\downloads\ComboFix.exe
Commutateurs utilisés :: f:\documents and settings\David\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090326-0] *On-access scanning disabled* (Updated)

FILE ::
f:\windows\IEXPOLES.exe
f:\windows\system32\drivers\ovfsthnifixqlhdasbpdewpidbbrqwpvgmhjtn.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\windows\IEXPOLES.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthrfqmqlrrswwonipxdujxvkpltlwhjckl


((((((((((((((((((((((((((((( Fichiers créés du 2009-02-27 au 2009-03-27 ))))))))))))))))))))))))))))))))))))
.

2009-03-26 18:13 . 2009-03-26 18:13 <REP> d-------- F:\rsit
2009-03-25 12:42 . 2009-03-25 12:42 <REP> d-------- f:\documents and settings\David\Application Data\Malwarebytes
2009-03-25 12:42 . 2009-03-25 12:42 <REP> d-------- f:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-25 12:42 . 2009-02-11 10:19 38,496 --a------ f:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 12:42 . 2009-02-11 10:19 15,504 --a------ f:\windows\system32\drivers\mbam.sys
2009-03-24 20:58 . 2009-03-24 20:58 0 --a------ f:\windows\system32\drivers\ovfsth.sys
2009-03-24 20:36 . 2009-03-25 12:49 43 --a------ f:\windows\system32\ovfstheehtgapwcncchihwbelrgxdtyjpopknl.dat
2009-03-24 20:34 . 2009-03-25 12:49 6,619 --a------ f:\windows\system32\ovfsthbmbiwbwuvnipkqvpavblxquqdgpwouin.dat
2009-03-11 18:21 . 2009-03-11 18:22 1,374 --a------ f:\windows\imsins.BAK
2009-03-01 11:41 . 2009-03-01 11:41 <REP> d-------- f:\windows\system32\Lang

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 17:38 --------- d-----w f:\program files\Wanadoo
2009-03-27 17:37 --------- d---a-w f:\documents and settings\All Users\Application Data\TEMP
2009-03-26 17:57 --------- d-----w f:\documents and settings\All Users\Application Data\Google Updater
2009-03-13 17:00 --------- d-----w f:\program files\Norton Security Scan
2009-03-07 20:03 --------- d-----w f:\program files\Spyware Doctor
2009-03-01 10:37 --------- d-----w f:\program files\Bonjour
2009-02-22 17:11 --------- d-----w f:\program files\Fichiers communs\Symantec Shared
2009-02-20 22:51 --------- d-----w f:\program files\Fichiers communs\Adobe
2009-02-19 10:22 --------- d-----w f:\program files\Fichiers communs\PACE Anti-Piracy
2009-02-19 10:22 --------- d-----w f:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-02-11 09:42 --------- d--h--w f:\program files\InstallShield Installation Information
2008-09-08 09:37 278,528 -c--a-w f:\program files\Fichiers communs\FDEUnInstaller.exe
2008-02-24 11:48 3,356 -c--a-w f:\documents and settings\taponat\Application Data\wklnhst.dat
2007-12-27 14:02 81,496 -c--a-w f:\documents and settings\taponat\Application Data\GDIPFONTCACHEV1.DAT
2007-07-09 12:46 14 -c--a-w f:\documents and settings\taponat\getfile.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-25_15.22.44.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-27 17:35:38 16,384 ----atw f:\windows\temp\Perflib_Perfdata_164.dat
+ 2009-03-27 17:35:32 16,384 ----atw f:\windows\temp\Perflib_Perfdata_658.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"WOOKIT"="f:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"msnmsgr"="f:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"LVCOMSX"="f:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"WOOWATCH"="f:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="f:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"ULiRaid5289"="f:\program files\ULI5289\ULi5289.exe" [2005-06-07 409600]
"ISTray"="f:\program files\Spyware Doctor\pctsTray.exe" [2008-02-01 1103240]
"OpwareSE2"="f:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AppleSyncNotifier"="f:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz"="nwiz.exe" [2008-05-16 f:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 f:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"DWQueuedReporting"="f:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

f:\documents and settings\taponat\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - f:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

f:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - f:\program files\SAGEM WiFi manager\WLANUTL.exe [2007-09-22 925696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=f:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=f:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=f:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=f:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 f:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]
--a--c--- 2005-06-07 14:16 409600 f:\program files\ULI5289\ALi5289.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2009-02-06 16:27 177472 f:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-08-25 11:06 29744 f:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 11:55 1103240 f:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2004-10-08 11:06 196608 f:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a--c--- 2004-10-08 11:31 458752 f:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a--c--- 2004-10-08 11:24 217088 f:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 f:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 f:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-14 11:12 68856 f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"f:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14410:TCP"= 14410:TCP:BitComet 14410 TCP
"14410:UDP"= 14410:UDP:BitComet 14410 UDP
"12731:TCP"= 12731:TCP:BitComet 12731 TCP
"12731:UDP"= 12731:UDP:BitComet 12731 UDP

R0 aliidex;aliidex;f:\windows\system32\drivers\aliidex.sys [2008-09-08 7040]
R0 aliperf;aliperf;f:\windows\system32\drivers\aliperf.sys [2008-09-08 7168]
R0 m5289;m5289;f:\windows\system32\drivers\m5289.sys [2008-09-08 52480]
R0 uliagpkx;ULi AGP Bus Filter Driver;f:\windows\system32\drivers\AGPKX.SYS [2008-09-08 45056]
R1 aswSP;avast! Self Protection;f:\windows\system32\drivers\aswSP.sys [2008-04-06 111184]
R2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;f:\windows\system32\drivers\AliEhci.sys [2008-09-08 106168]
R2 aswFsBlk;aswFsBlk;f:\windows\system32\drivers\aswFsBlk.sys [2008-04-06 20560]
R2 LicCtrlService;LicCtrl Service;f:\windows\Runservice.exe [2007-07-02 2560]
R2 sdAuxService;PC Tools Auxiliary Service;f:\program files\Spyware Doctor\pctsAuxs.exe [2008-08-25 747912]
R2 WinDefend;Windows Defender;f:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 AC97ALI;Service for AC'97 Driver (WDM);f:\windows\system32\drivers\ali55wdm.sys [2008-09-08 63488]
R3 aliroothub;USB 2.0 Root Hub;f:\windows\system32\drivers\AliRtHub.sys [2008-09-08 5337]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;f:\windows\system32\drivers\ULILAN51.SYS [2008-09-08 28672]
S3 aligp;USB Composite Device;f:\windows\system32\drivers\AliGP.sys [2008-09-08 8668]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\david\Mes documents\MediaCoder\SysInfo.sys --> c:\david\Mes documents\MediaCoder\SysInfo.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;f:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-25 29744]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;f:\windows\system32\drivers\WlanBZXP.sys [2007-09-22 402432]
S3 ssbcbus;SAMSUNG Mobile Composite Device (WDM);f:\windows\system32\drivers\ssbcbus.sys [2008-08-12 83328]
S3 ssbcmdfl;SAMSUNG Mobile USB Modem 1.0 (Filter);f:\windows\system32\drivers\ssbcmdfl.sys [2008-08-12 14848]
S3 ssbcmdm;SAMSUNG Mobile USB Modem 1.0;f:\windows\system32\drivers\ssbcmdm.sys [2008-08-12 109696]
S3 VtcDrv;Philips SA60xx Recovery Device;f:\windows\system32\drivers\vtcdrv.sys [2007-07-21 18560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\f:\windows\system32\ZDCndis5.SYS --> f:\windows\system32\ZDCndis5.SYS [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'

2009-02-27 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-25 f:\windows\Tasks\dfrg.job
- f:\windows\system32\dfrg.msc [2004-08-05 13:00]

2009-03-27 f:\windows\Tasks\Google Software Updater.job
- f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 17:56]

2009-03-27 f:\windows\Tasks\MP Scheduled Scan.job
- f:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-03-27 f:\windows\Tasks\Norton Security Scan for taponat.job
- f:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.wanadoo.fr
mStart Page = hxxp://lo.st
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Easy-WebPrint Ajouter à la liste d'impressions - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: { - f:\program files\Messenger\msmsgs.exe
TCP: {438A8666-4B4B-41B9-99B3-725012EE3572} = 192.168.1.1
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 18:39:26
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81,b1,a5,77,31,f5,50,d6,e8

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:62,34,e6,ef,1c,9d,6e,dc,ff,11,6d,2b,93,17,13,97,88,9b,c5,6b,cc,d8,17,
09,32,68,4b,e9,6a,11,a3,b9,6c,15,8c,c1,b6,17,20,4f,11,92,ad,60,67,24,a5,6f,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:a8,38,0a,c8,17,00,07,c2,aa,6c,72,5a,76,14,00,db,b6,a5,82,c8,02,c5,6e,
61,08,57,18,03,35,78,2b,18,1e,bf,8a,28,fe,bb,62,13,af,b2,14,3a,b2,c3,fb,94,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:07,96,b3,35,9e,5a,1a,0b
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
f:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\windows\system32\FTRTSVC.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\windows\system32\nvsvc32.exe
f:\program files\Spyware Doctor\pctsSvc.exe
f:\progra~1\Wanadoo\TaskBarIcon.exe
f:\windows\system32\rundll32.exe
f:\windows\system32\msiexec.exe
f:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-03-27 18:42:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-27 17:42:21
ComboFix2.txt 2009-03-25 14:24:48

Avant-CF: 6 245 310 464 octets libres
Après-CF: 5,451,382,784 octets libres

258 --- E O F --- 2009-03-27 16:59:04



Merci de ton aide
a+

Salut djobidjoba


- Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

- Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :



- Enregistre ce fichier sur le bureau (Impératif)

-Nom du fichier : CFScript.txt
-Type du fichier : tous les fichiers

- Clique sur Enregistrer et quitte le Bloc Notes

Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :



* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ ComboFix.txt


@++