Infection W32.Myzor.FK@yf aide !

Bonjour

Mon PC est infecté depuis hier par le virus W32.Myzor.FK@yf, suite à l’infection par un Trojan Zlob (normalement supprimé maintenant par Avira)… j’espère en tous cas

J’ai essayé de lancer Hijack mais je recois ce message d’erreur “For some reason the system denied access to the host file” et je ne recois pas le log, une page du bloc note souvre c’est tout… Une fenetre souvre disant “Impossible de trouver le fichier C:\Program Files\Trend Micro\HighjackThis\highjackthis.log”

Je suis loin d’être une pro en informatique, de l’aide serait la bienvenue
Merci d’avance!

Salut,

essai sa:

==>Télécharge random’s system information tool (RSIT) et enregistre le sur ton bureau.

==>Double clique sur RSIT.exe pour lancer l’outil.

==>Clique sur ’ continue ’ à l’écran Disclaimer.

==>Si l’outil HIjackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur,RSIT le téléchargera et tu devras accepter la licence.

==>Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Merci, ca a bien marché

Le log.txt

Logfile of random’s system information tool 1.04 (written by random/random)
Run by Marine at 2008-12-11 10:25:00
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 19 GB (21%) free of 92 GB
Total RAM: 2046 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:14, on 11/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marine\Desktop\RSIT.exe
C:\Program Files\trend micro\Marine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.asus.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.23.16.20:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [SystrayORAHSS] “C:\Program Files\OrangeHSS\Systray\SystrayApp.exe”
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM…\Run: [Skytel] Skytel.exe
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM…\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM…\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM…\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM…\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM…\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKLM…\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 - Capture d’écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - www.iexplorsecurity.com… (file missing)
O9 - Extra ‘Tools’ menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - www.iexplorsecurity.com… (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

–
End of file - 12136 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{B3BC89DB-AA60-4909-83AB-2937EDBB6DEA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
C:\Program Files\WebMediaViewer\hpmun.dll [2008-12-09 38645]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-10-31 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-20 71192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-10-31 2436160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
“SystrayORAHSS”=C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [2006-12-12 90112]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
“SMSERIAL”=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
“Skytel”=C:\Windows\Skytel.exe [2007-04-13 1822720]
“RtHDVCpl”=C:\Windows\RtHDVCpl.exe [2007-04-25 4444160]
“PowerForPhone”=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-06-26 778240]
“NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-26 161328]
“InCD”=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-03-26 1057328]
“IFXSPMGT”=C:\Windows\system32\ifxspmgt.exe [2007-02-26 677408]
“IAAnotif”=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
“GrooveMonitor”=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
“CognizanceTS”=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-21 17920]
“avast!”=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
“ATKMEDIA”=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
“ASUS Screen Saver Protector”=C:\Windows\ASScrPro.exe [2007-09-17 33136]
“ASUS Camera ScreenSaver”=C:\Windows\ASScrProlog.exe [2007-09-17 37232]
“SunJavaUpdateSched”=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
“NvSvc”=C:\Windows\system32\nvsvc.dll [2007-04-28 86016]
“NvCplDaemon”=C:\Windows\system32\NvCpl.dll [2007-04-28 8429568]
“NvMediaCenter”=C:\Windows\system32\NvMcTray.dll [2007-04-28 81920]
“QuickTime Task”=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
“iTunesHelper”=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“VMware hptray”=C:\Program Files\WebMediaViewer\hpmon.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
“swg”=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-10-31 171448]
“SpybotSD TeaTimer”=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
“Skype”=C:\Program Files\Skype\Phone\Skype.exe [2008-06-03 21718312]

C:\Users\Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
OneNote 2007 - Capture d’écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=“APSHook.dll”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“notification packages”=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe”=“C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1ddc3088-0148-11dd-b29a-001d6008e26d}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4d3811d1-07cc-11dd-8248-001d6008e26d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4e42314a-e6a5-11dc-a08c-001d6008e26d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4e42314d-e6a5-11dc-a08c-001d6008e26d}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{599ae6e4-1677-11dd-bc89-001d603bc6f9}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{83f337f7-31fd-11dd-8c44-001d603bc6f9}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{913e7898-a738-11dc-977b-001d6008e26d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9e7a23dc-a996-11dd-bfda-001d603bc6f9}]
shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bc520e33-8644-11dc-ba42-001d6008e26d}]
shell\AutoRun\command - EXPLORER.EXE
shell\explore\command - EXPLORER.EXE
shell\open\command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e9bca38b-ca6a-11dc-aac3-806e6f6e6963}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ed1b1acc-58dd-11dd-8b34-001d603bc6f9}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f6c32db8-2f2b-11dd-af2f-001d603bc6f9}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

======List of files/folders created in the last 1 months======

2008-12-11 10:25:00 ----D---- C:\rsit
2008-12-10 21:00:52 ----A---- C:\Windows\ntbtlog.txt
2008-12-10 20:54:22 ----D---- C:\Program Files\Trend Micro
2008-12-09 22:33:32 ----D---- C:\Program Files\WebMediaViewer
2008-11-26 18:23:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 18:23:19 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 18:23:18 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 18:23:17 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 18:23:11 ----A---- C:\Windows\system32\connect.dll
2008-11-25 18:48:35 ----D---- C:\ProgramData\WindowsSearch
2008-11-14 19:51:32 ----A---- C:\Windows\system32\wups2.dll
2008-11-14 19:51:32 ----A---- C:\Windows\system32\wucltux.dll
2008-11-14 19:51:32 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-14 19:51:31 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-14 19:50:55 ----A---- C:\Windows\system32\wups.dll
2008-11-14 19:50:55 ----A---- C:\Windows\system32\wudriver.dll
2008-11-14 19:50:55 ----A---- C:\Windows\system32\wuapi.dll
2008-11-14 19:50:47 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-14 19:50:46 ----A---- C:\Windows\system32\wuapp.exe
2008-11-12 21:53:12 ----A---- C:\Windows\system32\msxml3.dll
2008-11-12 21:53:05 ----A---- C:\Windows\system32\msxml6.dll

======List of files/folders modified in the last 1 months======

2008-12-11 10:25:06 ----D---- C:\Windows\Temp
2008-12-11 10:14:45 ----D---- C:\Windows\System32
2008-12-11 10:14:45 ----D---- C:\Windows\inf
2008-12-11 10:14:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-11 10:12:58 ----D---- C:\Windows\system32\drivers
2008-12-11 10:12:45 ----D---- C:\Windows\system32\catroot
2008-12-11 10:12:42 ----D---- C:\Windows\system32\catroot2
2008-12-11 10:12:40 ----D---- C:\Windows\winsxs
2008-12-11 10:08:50 ----D---- C:\Users\Marine\AppData\Roaming\skypePM
2008-12-10 22:42:09 ----A---- C:\Windows\system32\acovcnt.exe
2008-12-10 22:36:16 ----RD---- C:\Program Files
2008-12-10 22:34:58 ----HD---- C:\ProgramData
2008-12-10 21:10:54 ----SD---- C:\Windows\Downloaded Program Files
2008-12-10 21:00:52 ----D---- C:\Windows
2008-12-10 20:54:55 ----D---- C:\Windows\system32\Tasks
2008-12-10 20:38:08 ----SHD---- C:\System Volume Information
2008-12-09 22:49:17 ----D---- C:\Windows\Prefetch
2008-12-07 19:30:53 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-07 19:30:53 ----D---- C:\Program Files\ASUS
2008-11-29 05:37:46 ----D---- C:\Users\Marine\AppData\Roaming\Skype
2008-11-28 18:20:58 ----SHD---- C:\Windows\Installer
2008-11-28 18:20:58 ----D---- C:\ProgramData\Microsoft Help
2008-11-26 18:21:30 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-25 18:35:15 ----SHD---- C:$Recycle.Bin
2008-11-20 21:53:30 ----D---- C:\Windows\rescache
2008-11-18 00:20:18 ----D---- C:\Program Files\Lavasoft
2008-11-18 00:20:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-18 00:15:39 ----D---- C:\ProgramData\Lavasoft
2008-11-18 00:09:54 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-15 12:42:28 ----D---- C:\Windows\system32\fr-FR

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-26 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2007-03-26 37040]
R1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2007-03-26 39472]
R1 ItSDisk;ItSDisk; C:\Windows\System32\Drivers\ItSDisk.sys [2006-05-16 23496]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [2007-01-23 39080]
R2 ASMMAP;ASMMAP; ??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-02-05 11632]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-29 140424]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-25 1771944]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-30 2219520]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-04-28 7496256]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
R3 TPM;Module de plateforme sécurisée (TPM); C:\Windows\system32\drivers\tpm.sys [2008-01-19 45624]
R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2007-03-26 108592]
S2 ghaio;ghaio; ??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-11-16 15216]
S3 BthEnum;Service d’énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2; C:\Windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 ASBroker;Courtier de session de connexion; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-05-15 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-04-16 647168]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2006-12-12 57344]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\Windows\system32\ifxspmgt.exe [2007-02-26 677408]
R2 IFXTCS;Trusted Platform Core Service; C:\Windows\system32\ifxtcs.exe [2007-02-22 849440]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-03-26 864816]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 PersonalSecureDriveService;Personal Secure Drive Service; C:\Windows\system32\IfxPsdSv.exe [2007-02-22 140832]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-04-16 327680]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-30 809296]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2006-12-29 123248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-20 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-31 138168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-26 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-26 267824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Le info.txt

info.txt logfile of random’s system information tool 1.04 2008-12-11 10:25:18

======Uninstall list======

–>C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
–>C:\Program Files\OrangeHSS\Uninstall\Bas_Debit_CustoUpdate\Shell.exe MainUninstall.shl
–>C:\Windows\NuNInst.exe /UNINSTALL
–>C:\Windows\UNNeroBackItUp.exe /UNINSTALL
–>C:\Windows\UNRecode.exe /UNINSTALL
–>MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0015-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0019-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {741A792D-4ED8-4C66-B32E-A47865FA1163}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-006E-0410-0000-0000000FF1CE} /uninstall {B9896689-DF51-4A16-AAD5-002622D86C72}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall PROHYBRIDR /dll OSETUP.DLL
ABN AMRO e.dentifier2 software–>MsiExec.exe /X{D820BECD-97D3-4942-B6CF-1B670CA7690C}
Activation Assistant for the 2007 Microsoft Office suites–>“C:\ProgramData{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe” REMOVE=TRUE MODIFY=FALSE
Ad-Aware–>MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0–>MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Common File Installer–>MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player ActiveX–>C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.0–>MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop CS2–>msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Premiere Pro 2.0–>msiexec /I {FA17A726-B229-4116-B793-A2AB1A4EAE2E}
Adobe Reader 8.1.2–>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Stock Photos 1.0–>MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Apple Mobile Device Support–>MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update–>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live–>MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUS InstantFun–>MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
ASUS MultiFrame–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{9D48531D-2135-49FC-BC29-ACCDA5396A76}\setup.EXE” -l0x9
ASUS Security Protect Manager–>rundll32.exe “C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SetupHelper.dll”,ExecMain /Uninstall {D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}
ASUS Splendid Video Enhancement Technology–>C:\Program Files\InstallShield Installation Information{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ASUS Virtual Camera–>MsiExec.exe /I{4DFA6DA8-75D8-4F2B-A1A0-A5E7A3B779C8}
Asus_Camera_ScreenSaver–>“C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe”
ATK Generic Function Service–>C:\Program Files\InstallShield Installation Information{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey–>C:\Program Files\InstallShield Installation Information{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Media–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE” -l0x9
ATKOSD2–>C:\Program Files\InstallShield Installation Information{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly
AuthenTec Fingerprint Sensor Minimum Install–>MsiExec.exe /I{9BAF043B-82FC-43E2-96EA-5F68015F4FA2}
avast! Antivirus–>C:\Program Files\Alwil Software\Avast4\aswRunDll.exe “C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll”,RunSetup
AviSynth 2.5–>“C:\Program Files\AviSynth 2.5\Uninstall.exe”
Azureus Vuze–>C:\Program Files\Azureus\uninstall.exe
BitComet 0.59–>C:\Program Files\BitComet\uninst.exe
Bonjour–>MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Browser Toolbar–>“C:\Program Files\WebMediaViewer\browseu.exe”
DivX Content Uploader–>C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player–>C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule–>“C:\Program Files\eMule\Uninstall.exe”
Google Earth–>MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer–>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer–>regsvr32 /u /s “c:\program files\google\googletoolbar2.dll”
HijackThis 2.0.2–>“C:\Program Files\trend micro\HijackThis.exe” /uninstall
IExplorer add-on–>“C:\Program Files\WebMediaViewer\hpmun.exe”
Infineon TPM Professional Package–>MsiExec.exe /I{D104C1CF-7C12-4D32-9850-DDC99060DE5B}
Intel® Matrix Storage Manager–>C:\Windows\System32\Imsmudlg.exe
Intel® PROSet/Wireless Software–>C:\Windows\Installer\iProInst.exe
iTunes–>MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java™ 6 Update 3–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LifeFrame2–>MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
livebox–>C:\Program Files\InstallShield Installation Information{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly
mCore–>MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
mDriver–>MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mHelp–>MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB929729)–>“C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe” “C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp”
Microsoft .NET Framework 1.1–>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1–>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Access MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007–>MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (French) 2007–>MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Access MUI (German) 2007–>MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Access MUI (Italian) 2007–>MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007–>MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007–>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007–>MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007–>MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007–>MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Excel MUI (Italian) 2007–>MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007–>MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007–>MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)–>msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)–>msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007–>MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2007–>MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007–>MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007–>MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007–>MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Italian) 2007–>MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007–>MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007–>MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007–>MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Italian) 2007–>MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007–>MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007–>MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007–>MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007–>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007–>MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007–>MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007–>MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007–>MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Italian) 2007–>MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007–>MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007–>MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007–>MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Italian) 2007–>MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007–>MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007–>MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007–>MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007–>MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (Italian) 2007–>MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007–>MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007–>MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007–>MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007–>MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007–>MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (Italian) 2007–>MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE}
mMHouse–>MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola SM56 Speakerphone Modem–>rundll32.exe sm56co6a.dll,SM56UnInstaller
mPfMgr–>MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSXML 4.0 SP2 (KB927978)–>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)–>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)–>MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navigateur Orange–>C:\Program Files\OrangeHSS\Uninstall\Browser\Shell.exe MainUninstall.shl
NB Probe–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe” -l0x9
Nero 7 Essentials–>MsiExec.exe /X{97F32DF8-D66E-446A-A425-C1D7B45C1033}
NVIDIA Drivers–>C:\Windows\system32\NVUNINST.EXE UninstallGUI
Online Alert Manager–>“C:\Program Files\WebMediaViewer\qttasku.exe”
Orange - Logiciels Internet–>C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
Power4Gear eXtreme–>C:\Program Files\InstallShield Installation Information{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\SETUP.exe -runfromtemp -l0x0009 -removeonly
PowerForPhone–>C:\Program Files\InstallShield Installation Information{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.exe -runfromtemp -l0x0009 -removeonly
QuickTime–>MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver–>RtlUpd.exe -r -m
Red Eye Remover 2.0–>“C:\Program Files\Red Eye Remover\unins000.exe”
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE” -l0x9 anything
Safari–>MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for 2007 Microsoft Office System (KB951550)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for 2007 Microsoft Office System (KB955936)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office Excel 2007 (KB955470)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Office Word 2007 (KB950113)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Visio 2007 (KB947590)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skype™ 3.8–>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.5.2.20–>“C:\Windows\unins000.exe”
Spybot - Search & Destroy–>“C:\Program Files\Spybot - Search & Destroy\unins000.exe”
Synaptics Pointing Device Driver–>rundll32.exe “C:\Program Files\Synaptics\SynTP\SynISDLL.dll”,standAloneUninstall
Update for Microsoft Office Access 2007 Help (KB957241)–>msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)–>msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {535AFBFD-FBD1-4C17-8723-CFB7FDFB7928}
Update for Microsoft Office Excel 2007 Help (KB957242)–>msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office Excel 2007 Help (KB957242)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Excel 2007 Help (KB957242)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Excel 2007 Help (KB957242)–>msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {953BC502-A4D3-478D-811F-B1494A2ED9D8}
Update for Microsoft Office Outlook 2007 (KB952142)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 (KB952142)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)–>msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {40EDB4D3-A95E-413F-9578-F2E01A3D209B}
Update for Microsoft Office Outlook 2007 Help (KB957246)–>msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office Outlook 2007 Help (KB957246)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Microsoft Office Outlook 2007 Help (KB957246)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Microsoft Office Outlook 2007 Help (KB957246)–>msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {F9CE58F3-9B2B-4DE4-9506-BF82230EB84D}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)–>msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)–>msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)–>msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)–>msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
Update for Outlook 2007 Junk Email Filter (kb957829)–>msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
USB 2.0 1.3M UVC WebCam–>C:\Windows\snuninst.exe /name=‘USB 2.0 1.3M UVC WebCam’
VideoLAN VLC media player 0.8.6c–>C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 3.05–>C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
VistaFeaturePack–>C:\Program Files\InstallShield Installation Information{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}\setup.exe -runfromtemp -l0x0409
Windows Live installer–>MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger–>MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
WinFlash–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe” -l0x9
Wireless Console 2–>C:\Program Files\InstallShield Installation Information{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081124-0]
AS: Spybot - Search and Destroy
AS: Windows Defender
AS: avast! antivirus 4.8.1229 [VPS 081124-0]

======Environment variables======

“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=x86
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
"PROC

Re,

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifTélécharge et installe MalwareByte’s Anti-Malware
Malwarebyte

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifMets le à jour

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifDouble clique sur le raccourci de MalwareByte’s Anti-Malware qui est sur le bureau.

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifSélectionne Exécuter un examen complet si ce n’est pas déjà fait

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifclique sur Rechercher

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifUne fois le scan terminé, une fenêtre s’ouvre, clique sur sur Ok

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifSi MalwareByte’s n’a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifSi MalwareByte’s a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
http://forum.zebulon.fr/style_images/1/folder_post_icons/icon11.gifEnregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note :Si MalwareByte’s a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Tutoriel pour MalwareByte’s
@+

Ca y est MalwareByte’s a tourné

Voilà le log:

Malwarebytes’ Anti-Malware 1.31
Version de la base de données: 1491
Windows 6.0.6001 Service Pack 1

13/12/2008 04:32:33
mbam-log-2008-12-13 (04-32-33).txt

Type de recherche: Examen complet (C:|D:|)
Eléments examinés: 143557
Temps écoulé: 3 hour(s), 18 minute(s), 31 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\VMware hptray (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\WebMediaViewer\myc.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

Est-ce que tout est ok maintenant?
En tous cas merci beaucoup pour ton aide!
++

Re,

Alors redémarre ton pc normalement et refait un rsit et te donne la suite à faire.

merci.

Ok alors voilà le log.txt, par contre le info.txt ne s’est pas affiché.

Logfile of random’s system information tool 1.04 (written by random/random)
Run by Marine at 2008-12-13 15:42:04
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 20 GB (22%) free of 92 GB
Total RAM: 2046 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:15, on 13/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Marine\Desktop\RSIT.exe
C:\Program Files\trend micro\Marine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.asus.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.23.16.20:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [SystrayORAHSS] “C:\Program Files\OrangeHSS\Systray\SystrayApp.exe”
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM…\Run: [Skytel] Skytel.exe
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM…\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM…\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM…\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM…\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM…\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 - Capture d’écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

–
End of file - 11529 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{B3BC89DB-AA60-4909-83AB-2937EDBB6DEA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-10-31 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-20 71192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-10-31 2436160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
“SystrayORAHSS”=C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [2006-12-12 90112]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
“SMSERIAL”=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
“Skytel”=C:\Windows\Skytel.exe [2007-04-13 1822720]
“RtHDVCpl”=C:\Windows\RtHDVCpl.exe [2007-04-25 4444160]
“PowerForPhone”=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-06-26 778240]
“NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-26 161328]
“InCD”=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-03-26 1057328]
“IFXSPMGT”=C:\Windows\system32\ifxspmgt.exe [2007-02-26 677408]
“IAAnotif”=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
“GrooveMonitor”=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
“CognizanceTS”=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-21 17920]
“avast!”=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
“ATKMEDIA”=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
“ASUS Screen Saver Protector”=C:\Windows\ASScrPro.exe [2007-09-17 33136]
“ASUS Camera ScreenSaver”=C:\Windows\ASScrProlog.exe [2007-09-17 37232]
“SunJavaUpdateSched”=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
“NvSvc”=C:\Windows\system32\nvsvc.dll [2007-04-28 86016]
“NvCplDaemon”=C:\Windows\system32\NvCpl.dll [2007-04-28 8429568]
“NvMediaCenter”=C:\Windows\system32\NvMcTray.dll [2007-04-28 81920]
“QuickTime Task”=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
“iTunesHelper”=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
“swg”=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-10-31 171448]
“SpybotSD TeaTimer”=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
“Skype”=C:\Program Files\Skype\Phone\Skype.exe [2008-06-03 21718312]

C:\Users\Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
OneNote 2007 - Capture d’écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=“APSHook.dll”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“notification packages”=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe”=“C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1ddc3088-0148-11dd-b29a-001d6008e26d}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4d3811d1-07cc-11dd-8248-001d6008e26d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4e42314a-e6a5-11dc-a08c-001d6008e26d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4e42314d-e6a5-11dc-a08c-001d6008e26d}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{599ae6e4-1677-11dd-bc89-001d603bc6f9}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{83f337f7-31fd-11dd-8c44-001d603bc6f9}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{913e7898-a738-11dc-977b-001d6008e26d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9e7a23dc-a996-11dd-bfda-001d603bc6f9}]
shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bc520e33-8644-11dc-ba42-001d6008e26d}]
shell\AutoRun\command - EXPLORER.EXE
shell\explore\command - EXPLORER.EXE
shell\open\command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e9bca38b-ca6a-11dc-aac3-806e6f6e6963}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ed1b1acc-58dd-11dd-8b34-001d603bc6f9}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f6c32db8-2f2b-11dd-af2f-001d603bc6f9}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

======List of files/folders created in the last 1 months======

2008-12-12 03:08:31 ----A---- C:\Windows\system32\tzres.dll
2008-12-12 00:25:34 ----A---- C:\Windows\system32\gdi32.dll
2008-12-12 00:24:07 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-12 00:24:05 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-12 00:23:29 ----A---- C:\Windows\system32\shell32.dll
2008-12-12 00:23:05 ----A---- C:\Windows\system32\mshtml.dll
2008-12-12 00:23:03 ----A---- C:\Windows\system32\urlmon.dll
2008-12-12 00:23:02 ----A---- C:\Windows\system32\ieframe.dll
2008-12-12 00:23:00 ----A---- C:\Windows\system32\wininet.dll
2008-12-12 00:22:59 ----A---- C:\Windows\system32\mstime.dll
2008-12-12 00:22:58 ----A---- C:\Windows\system32\iertutil.dll
2008-12-12 00:22:57 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-12 00:22:51 ----A---- C:\Windows\system32\mf.dll
2008-12-12 00:22:49 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-12 00:22:47 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-12 00:22:47 ----A---- C:\Windows\system32\logagent.exe
2008-12-12 00:22:35 ----A---- C:\Windows\explorer.exe
2008-12-12 00:12:33 ----D---- C:\Users\Marine\AppData\Roaming\Malwarebytes
2008-12-12 00:12:23 ----D---- C:\ProgramData\Malwarebytes
2008-12-12 00:12:23 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2008-12-11 10:25:00 ----D---- C:\rsit
2008-12-10 21:00:52 ----A---- C:\Windows\ntbtlog.txt
2008-12-10 20:54:22 ----D---- C:\Program Files\Trend Micro
2008-11-26 18:23:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 18:23:19 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 18:23:18 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 18:23:17 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 18:23:11 ----A---- C:\Windows\system32\connect.dll
2008-11-25 18:48:35 ----D---- C:\ProgramData\WindowsSearch
2008-11-14 19:51:32 ----A---- C:\Windows\system32\wups2.dll
2008-11-14 19:51:32 ----A---- C:\Windows\system32\wucltux.dll
2008-11-14 19:51:32 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-14 19:51:31 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-14 19:50:55 ----A---- C:\Windows\system32\wups.dll
2008-11-14 19:50:55 ----A---- C:\Windows\system32\wudriver.dll
2008-11-14 19:50:55 ----A---- C:\Windows\system32\wuapi.dll
2008-11-14 19:50:47 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-14 19:50:46 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 months======

2008-12-13 15:42:08 ----D---- C:\Windows\Temp
2008-12-13 15:41:17 ----D---- C:\Windows\Prefetch
2008-12-13 15:21:27 ----D---- C:\Windows\system32\drivers
2008-12-13 14:42:22 ----SHD---- C:\System Volume Information
2008-12-13 14:18:45 ----D---- C:\Windows\System32
2008-12-13 14:18:45 ----D---- C:\Windows\inf
2008-12-13 14:18:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-13 14:12:47 ----D---- C:\Users\Marine\AppData\Roaming\skypePM
2008-12-13 04:32:33 ----RD---- C:\Program Files
2008-12-12 08:17:26 ----A---- C:\Windows\system32\acovcnt.exe
2008-12-12 03:44:07 ----D---- C:\Windows\rescache
2008-12-12 03:38:18 ----D---- C:\Windows\winsxs
2008-12-12 03:28:12 ----D---- C:\Windows\system32\catroot
2008-12-12 03:25:12 ----D---- C:\Windows\system32\fr-FR
2008-12-12 03:25:12 ----D---- C:\Windows\AppPatch
2008-12-12 03:25:12 ----D---- C:\Program Files\Windows Mail
2008-12-12 03:25:11 ----D---- C:\Windows
2008-12-12 03:19:19 ----SHD---- C:\Windows\Installer
2008-12-12 03:19:19 ----D---- C:\ProgramData\Microsoft Help
2008-12-12 00:17:43 ----D---- C:\Windows\system32\catroot2
2008-12-12 00:12:23 ----HD---- C:\ProgramData
2008-12-10 21:10:54 ----SD---- C:\Windows\Downloaded Program Files
2008-12-10 20:54:55 ----D---- C:\Windows\system32\Tasks
2008-12-10 00:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-07 19:30:53 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-07 19:30:53 ----D---- C:\Program Files\ASUS
2008-11-29 05:37:46 ----D---- C:\Users\Marine\AppData\Roaming\Skype
2008-11-26 18:21:30 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-25 18:35:15 ----SHD---- C:$Recycle.Bin
2008-11-18 00:20:18 ----D---- C:\Program Files\Lavasoft
2008-11-18 00:20:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-18 00:15:39 ----D---- C:\ProgramData\Lavasoft
2008-11-18 00:09:54 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-26 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2007-03-26 37040]
R1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2007-03-26 39472]
R1 ItSDisk;ItSDisk; C:\Windows\System32\Drivers\ItSDisk.sys [2006-05-16 23496]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [2007-01-23 39080]
R2 ASMMAP;ASMMAP; ??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-02-05 11632]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-29 140424]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-25 1771944]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-30 2219520]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-04-28 7496256]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
R3 TPM;Module de plateforme sécurisée (TPM); C:\Windows\system32\drivers\tpm.sys [2008-01-19 45624]
R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2007-03-26 108592]
S2 ghaio;ghaio; ??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-11-16 15216]
S3 BthEnum;Service d’énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2; C:\Windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 ASBroker;Courtier de session de connexion; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-05-15 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-04-16 647168]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2006-12-12 57344]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\Windows\system32\ifxspmgt.exe [2007-02-26 677408]
R2 IFXTCS;Trusted Platform Core Service; C:\Windows\system32\ifxtcs.exe [2007-02-22 849440]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-03-26 864816]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 PersonalSecureDriveService;Personal Secure Drive Service; C:\Windows\system32\IfxPsdSv.exe [2007-02-22 140832]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-04-16 327680]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-30 809296]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2006-12-29 123248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-20 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-31 138168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-26 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-26 267824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Re,

1- Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

oldtimer.geekstogo.com…

! Déconnectes toi et fermes toute tes applications en cours !

Double cliques sur “OTMoveIt3.exe” pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,

[b]
:Processes
explorer.exe

:Files
c:\windows\system32\rundll32.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[reboot]
[/b]
et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d’autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l’outil …

( Note : ton bureau va disparaitre puis réapparaitre, c’est normal .)

–>Postes le contenu du rapport qui se trouve dans le dossier “C:_OTMoveIt\MovedFiles”
( " xxxx2008_xxxxxx.log " où les “x” correspondent au jour et à l’heure de l’utilisation ).

+1 log.

Re
Quand j’essaye d’installer OTMoveIt3, une alerte avast! se séclenche, disant qu’un logiciel malveillant de type Trojan est en train d’entrer dans mon ordi.
Je continue quand même ?

Re,

Oui tu désactive ton antivirus et tu me poste le rapport et refait un rsit.

merci

Voilà le rapport de MoveIt!, le rapport rsit suit dans qq minutes

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File move failed. c:\windows\system32\rundll32.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\Marine\AppData\Local\Temp~DF9838.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Marine\AppData\Local\Temp~DFB90D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Marine\AppData\Local\Temp~DFB931.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12132008_201821

Logfile of random’s system information tool 1.04 (written by random/random)
Run by Marine at 2008-12-13 20:31:32
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 21 GB (22%) free of 92 GB
Total RAM: 2046 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:04, on 13/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Marine\Desktop\RSIT.exe
C:\Program Files\trend micro\Marine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.asus.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.23.16.20:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [SystrayORAHSS] “C:\Program Files\OrangeHSS\Systray\SystrayApp.exe”
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM…\Run: [Skytel] Skytel.exe
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM…\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM…\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM…\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM…\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM…\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 - Capture d’écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

–
End of file - 11611 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{B3BC89DB-AA60-4909-83AB-2937EDBB6DEA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-10-31 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-20 71192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-10-31 2436160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
“SystrayORAHSS”=C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [2006-12-12 90112]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
“SMSERIAL”=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
“Skytel”=C:\Windows\Skytel.exe [2007-04-13 1822720]
“RtHDVCpl”=C:\Windows\RtHDVCpl.exe [2007-04-25 4444160]
“PowerForPhone”=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-06-26 778240]
“NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-26 161328]
“InCD”=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-03-26 1057328]
“IFXSPMGT”=C:\Windows\system32\ifxspmgt.exe [2007-02-26 677408]
“IAAnotif”=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
“GrooveMonitor”=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
“CognizanceTS”=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-21 17920]
“avast!”=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
“ATKMEDIA”=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
“ASUS Screen Saver Protector”=C:\Windows\ASScrPro.exe [2007-09-17 33136]
“ASUS Camera ScreenSaver”=C:\Windows\ASScrProlog.exe [2007-09-17 37232]
“SunJavaUpdateSched”=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
“NvSvc”=C:\Windows\system32\nvsvc.dll [2007-04-28 86016]
“NvCplDaemon”=C:\Windows\system32\NvCpl.dll [2007-04-28 8429568]
“NvMediaCenter”=C:\Windows\system32\NvMcTray.dll [2007-04-28 81920]
“QuickTime Task”=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
“iTunesHelper”=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
“swg”=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-10-31 171448]
“SpybotSD TeaTimer”=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
“Skype”=C:\Program Files\Skype\Phone\Skype.exe [2008-06-03 21718312]

C:\Users\Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
OneNote 2007 - Capture d’écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=“APSHook.dll”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“notification packages”=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe”=“C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1ddc3088-0148-11dd-b29a-001d6008e26d}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4d3811d1-07cc-11dd-8248-001d6008e26d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4e42314a-e6a5-11dc-a08c-001d6008e26d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4e42314d-e6a5-11dc-a08c-001d6008e26d}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{599ae6e4-1677-11dd-bc89-001d603bc6f9}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{83f337f7-31fd-11dd-8c44-001d603bc6f9}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{913e7898-a738-11dc-977b-001d6008e26d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9e7a23dc-a996-11dd-bfda-001d603bc6f9}]
shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bc520e33-8644-11dc-ba42-001d6008e26d}]
shell\AutoRun\command - EXPLORER.EXE
shell\explore\command - EXPLORER.EXE
shell\open\command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e9bca38b-ca6a-11dc-aac3-806e6f6e6963}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ed1b1acc-58dd-11dd-8b34-001d603bc6f9}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f6c32db8-2f2b-11dd-af2f-001d603bc6f9}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

======List of files/folders created in the last 1 months======

2008-12-13 20:18:21 ----D---- C:_OTMoveIt
2008-12-12 03:08:31 ----A---- C:\Windows\system32\tzres.dll
2008-12-12 00:25:34 ----A---- C:\Windows\system32\gdi32.dll
2008-12-12 00:24:07 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-12 00:24:05 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-12 00:23:29 ----A---- C:\Windows\system32\shell32.dll
2008-12-12 00:23:05 ----A---- C:\Windows\system32\mshtml.dll
2008-12-12 00:23:03 ----A---- C:\Windows\system32\urlmon.dll
2008-12-12 00:23:02 ----A---- C:\Windows\system32\ieframe.dll
2008-12-12 00:23:00 ----A---- C:\Windows\system32\wininet.dll
2008-12-12 00:22:59 ----A---- C:\Windows\system32\mstime.dll
2008-12-12 00:22:58 ----A---- C:\Windows\system32\iertutil.dll
2008-12-12 00:22:57 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-12 00:22:51 ----A---- C:\Windows\system32\mf.dll
2008-12-12 00:22:49 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-12 00:22:47 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-12 00:22:47 ----A---- C:\Windows\system32\logagent.exe
2008-12-12 00:22:35 ----A---- C:\Windows\explorer.exe
2008-12-12 00:12:33 ----D---- C:\Users\Marine\AppData\Roaming\Malwarebytes
2008-12-12 00:12:23 ----D---- C:\ProgramData\Malwarebytes
2008-12-12 00:12:23 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2008-12-11 10:25:00 ----D---- C:\rsit
2008-12-10 21:00:52 ----A---- C:\Windows\ntbtlog.txt
2008-12-10 20:54:22 ----D---- C:\Program Files\Trend Micro
2008-11-26 18:23:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 18:23:19 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 18:23:18 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 18:23:17 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 18:23:11 ----A---- C:\Windows\system32\connect.dll
2008-11-25 18:48:35 ----D---- C:\ProgramData\WindowsSearch
2008-11-14 19:51:32 ----A---- C:\Windows\system32\wups2.dll
2008-11-14 19:51:32 ----A---- C:\Windows\system32\wucltux.dll
2008-11-14 19:51:32 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-14 19:51:31 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-14 19:50:55 ----A---- C:\Windows\system32\wups.dll
2008-11-14 19:50:55 ----A---- C:\Windows\system32\wudriver.dll
2008-11-14 19:50:55 ----A---- C:\Windows\system32\wuapi.dll
2008-11-14 19:50:47 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-14 19:50:46 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 months======

2008-12-13 20:31:39 ----D---- C:\Windows\Temp
2008-12-13 20:29:28 ----D---- C:\Windows\System32
2008-12-13 20:29:28 ----D---- C:\Windows\inf
2008-12-13 20:29:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-13 20:26:46 ----D---- C:\Windows\Prefetch
2008-12-13 20:26:20 ----A---- C:\Windows\system32\acovcnt.exe
2008-12-13 20:26:14 ----D---- C:\Windows\system32\drivers
2008-12-13 16:02:55 ----D---- C:\Users\Marine\AppData\Roaming\skypePM
2008-12-13 14:42:22 ----SHD---- C:\System Volume Information
2008-12-13 04:32:33 ----RD---- C:\Program Files
2008-12-12 03:44:07 ----D---- C:\Windows\rescache
2008-12-12 03:38:18 ----D---- C:\Windows\winsxs
2008-12-12 03:28:12 ----D---- C:\Windows\system32\catroot
2008-12-12 03:25:12 ----D---- C:\Windows\system32\fr-FR
2008-12-12 03:25:12 ----D---- C:\Windows\AppPatch
2008-12-12 03:25:12 ----D---- C:\Program Files\Windows Mail
2008-12-12 03:25:11 ----D---- C:\Windows
2008-12-12 03:19:19 ----SHD---- C:\Windows\Installer
2008-12-12 03:19:19 ----D---- C:\ProgramData\Microsoft Help
2008-12-12 00:17:43 ----D---- C:\Windows\system32\catroot2
2008-12-12 00:12:23 ----HD---- C:\ProgramData
2008-12-10 21:10:54 ----SD---- C:\Windows\Downloaded Program Files
2008-12-10 20:54:55 ----D---- C:\Windows\system32\Tasks
2008-12-10 00:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-07 19:30:53 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-07 19:30:53 ----D---- C:\Program Files\ASUS
2008-11-29 05:37:46 ----D---- C:\Users\Marine\AppData\Roaming\Skype
2008-11-26 18:21:30 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-25 18:35:15 ----SHD---- C:$Recycle.Bin
2008-11-18 00:20:18 ----D---- C:\Program Files\Lavasoft
2008-11-18 00:20:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-18 00:15:39 ----D---- C:\ProgramData\Lavasoft
2008-11-18 00:09:54 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-26 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2007-03-26 37040]
R1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2007-03-26 39472]
R1 ItSDisk;ItSDisk; C:\Windows\System32\Drivers\ItSDisk.sys [2006-05-16 23496]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [2007-01-23 39080]
R2 ASMMAP;ASMMAP; ??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-02-05 11632]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-29 140424]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-25 1771944]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-30 2219520]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-04-28 7496256]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
R3 TPM;Module de plateforme sécurisée (TPM); C:\Windows\system32\drivers\tpm.sys [2008-01-19 45624]
R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2007-03-26 108592]
S2 ghaio;ghaio; ??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-11-16 15216]
S3 BthEnum;Service d’énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2; C:\Windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 ASBroker;Courtier de session de connexion; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-05-15 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-04-16 647168]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2006-12-12 57344]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\Windows\system32\ifxspmgt.exe [2007-02-26 677408]
R2 IFXTCS;Trusted Platform Core Service; C:\Windows\system32\ifxtcs.exe [2007-02-22 849440]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-03-26 864816]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 PersonalSecureDriveService;Personal Secure Drive Service; C:\Windows\system32\IfxPsdSv.exe [2007-02-22 140832]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-04-16 327680]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-30 809296]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2006-12-29 123248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-20 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-31 138168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-26 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-26 267824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Re,

COMBOFIX

Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts…

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :

Fais un clic droit sur ce lien et choisis “enregistrer la cible sous …” : dans la fenêtre qui s’ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis…)

—> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre…

Tuto ici : TUTO

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n’utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l’ordi —> si un message d’erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer[/color]

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

Ok le programme est installé. Le tutorial conseille d’installer une console de récupération… Je continue sans le faire?

Re,

Oui tu peut le faire sans mais bon te conseil vivement de l’installer en cas de problème.

@+

Re

Voilà le rapport Combofix, en espérant que tout s’est bien passé…

ComboFix 08-12-13.03 - Marine 2008-12-14 15:14:57.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.44.1036.18.2046.1207 [GMT 1:00]
Running from: c:\users\Marine\Desktop\C-Fix.exe

• Created a new restore point
  .

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-13 20:18 . 2008-12-13 20:18 d-------- C:_OTMoveIt
2008-12-12 03:08 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-12 00:25 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-12 00:24 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-12 00:24 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-12 00:23 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-12 00:22 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-12 00:22 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-12 00:22 . 2008-10-16 03:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-12 00:22 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-12 00:22 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-12 00:12 . 2008-12-12 00:12 d-------- c:\users\Marine\AppData\Roaming\Malwarebytes
2008-12-12 00:12 . 2008-12-12 00:12 d-------- c:\programdata\Malwarebytes
2008-12-12 00:12 . 2008-12-12 00:12 d-------- c:\program files\Malwarebytes’ Anti-Malware
2008-12-12 00:12 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-12 00:12 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-11 10:25 . 2008-12-11 10:25 d-------- C:\rsit
2008-12-10 20:54 . 2008-12-13 20:31 d-------- c:\program files\Trend Micro
2008-11-26 18:23 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 18:23 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 18:23 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 18:23 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 18:23 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 18:48 . 2008-11-25 18:48 d-------- c:\programdata\WindowsSearch
2008-11-14 19:51 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 19:51 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 19:51 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 19:51 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 19:50 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-14 19:50 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 19:50 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-14 19:50 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-14 19:50 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 14:01 --------- d-----w c:\users\Marine\AppData\Roaming\Skype
2008-12-14 13:54 --------- d-----w c:\users\Marine\AppData\Roaming\skypePM
2008-12-12 02:25 --------- d-----w c:\program files\Windows Mail
2008-12-12 02:19 --------- d-----w c:\programdata\Microsoft Help
2008-12-07 18:30 --------- d–h--w c:\program files\InstallShield Installation Information
2008-12-07 18:30 --------- d-----w c:\program files\ASUS
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-17 23:20 --------- d-----w c:\program files\Lavasoft
2008-11-17 23:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-17 23:15 --------- d-----w c:\programdata\Lavasoft
2008-11-17 23:09 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-07-06 21:57 174 --sha-w c:\program files\desktop.ini
2008-07-03 16:58 13,072 ----a-w c:\users\Marine\AppData\Roaming\nvModes.dat
2008-06-19 17:49 56 —ha-w c:\programdata\ezsidmv.dat
2008-09-06 14:58 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-06 14:58 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-06 14:58 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe” [2007-10-18 5724184]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-10-31 171448]
“SpybotSD TeaTimer”=“c:\program files\Spybot - Search & Destroy\TeaTimer.exe” [2008-09-16 1833296]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-06-03 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SystrayORAHSS”=“c:\program files\OrangeHSS\Systray\SystrayApp.exe” [2006-12-12 90112]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2007-03-01 857648]
“SMSERIAL”=“c:\program files\Motorola\SMSERIAL\sm56hlpr.exe” [2006-11-22 630784]
“PowerForPhone”=“c:\program files\PowerForPhone\PowerForPhone.exe” [2007-06-26 778240]
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-26 161328]
“InCD”=“c:\program files\Nero\Nero 7\InCD\InCD.exe” [2007-03-26 1057328]
“IFXSPMGT”=“c:\windows\system32\ifxspmgt.exe” [2007-02-26 677408]
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2007-02-12 174872]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2007-08-24 33648]
“CognizanceTS”=“c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll” [2003-12-21 17920]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-26 81000]
“ATKMEDIA”=“c:\program files\ASUS\ATK Media\DMEDIA.EXE” [2006-11-02 61440]
“ASUS Screen Saver Protector”=“c:\windows\ASScrPro.exe” [2007-09-17 33136]
“ASUS Camera ScreenSaver”=“c:\windows\ASScrProlog.exe” [2007-09-17 37232]
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“NvSvc”=“c:\windows\system32\nvsvc.dll” [2007-04-28 86016]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-04-28 8429568]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-04-28 81920]
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2008-09-06 413696]
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2008-09-10 289576]
“Skytel”=“Skytel.exe” [2007-04-13 c:\windows\SkyTel.exe]
“RtHDVCpl”=“RtHDVCpl.exe” [2007-04-25 c:\windows\RtHDVCpl.exe]

c:\users\Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
OneNote 2007 - Capture d’?cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UacDisableNotify”=dword:00000001
“InternetSettingsDisableNotify”=dword:00000001
“AutoUpdateDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{DB965364-9301-4615-9C76-5154C4E55730}”= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“TCP Query User{FB65CD9F-D7E5-41D3-9026-D4085B23C51D}c:\program files\emule\emule.exe”= UDP:c:\program files\emule\emule.exe:eMule
“UDP Query User{39CB75CA-24EF-4A71-887D-FA3B029CB3FF}c:\program files\emule\emule.exe”= TCP:c:\program files\emule\emule.exe:eMule
“{BB2686CE-70EA-408D-9EE2-B4AF761A5FD0}”= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
“{BD0C54AF-6D52-4885-B654-B4B1EF27B941}”= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
“{2F3C33D2-E3AF-46C8-BCC3-0464F4AC57C8}”= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
“{C1A31796-8AFC-4CF4-950B-8BC72A3FDBC6}”= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
“{DF27E918-E7FB-4240-8BD6-3ABB84A5ECD0}”= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
“{D6341787-FA09-47AC-97A4-FB3765D385E3}”= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
“{F4B7E8E6-020F-494C-89F6-BCFB98595706}”= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{9D07B51D-EAE7-488D-BF59-7A91A49B73DB}”= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{9AA0178F-BB1C-4752-A785-09171DAF1C1A}”= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{32AB5000-EC3E-47C0-BED9-99DFFF73E2C2}”= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“TCP Query User{89861EB0-B1C4-428E-9001-ADE4EAC75052}c:\program files\emule\emule.exe”= UDP:c:\program files\emule\emule.exe:eMule
“UDP Query User{01071565-4CD2-4D26-90B8-E3390A0BD0B3}c:\program files\emule\emule.exe”= TCP:c:\program files\emule\emule.exe:eMule
“TCP Query User{FFC2567A-6137-462C-8ED0-66007BDE519D}c:\program files\azureus\azureus.exe”= UDP:c:\program files\azureus\azureus.exe:Azureus
“UDP Query User{8203F2B7-9934-4443-AF85-9EB9FF89E323}c:\program files\azureus\azureus.exe”= TCP:c:\program files\azureus\azureus.exe:Azureus
“TCP Query User{C75D3CC8-5A75-430F-AC9B-1BDB88FDA81B}c:\program files\azureus\azureus.exe”= UDP:c:\program files\azureus\azureus.exe:Azureus
“UDP Query User{FF301B7C-A7FC-48AD-8E39-00165E1CC687}c:\program files\azureus\azureus.exe”= TCP:c:\program files\azureus\azureus.exe:Azureus
“TCP Query User{0ED8E5CC-4B15-49CD-A3D8-2FC631BD5503}c:\program files\internet explorer\iexplore.exe”= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{A69A6CC0-52F5-4C80-8F6C-0B9CAD4798B4}c:\program files\internet explorer\iexplore.exe”= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
“{A9B60912-FE2A-4D7A-BE8C-9C6E325FA6E8}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{61344992-ED0E-4043-8E08-0A88163581A3}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
“{A2D49EDB-2F7D-4754-9E24-F2AD4D9BC07D}”= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“{A2742B8F-D483-475F-8FFC-947103D6423E}”= c:\program files\Skype\Phone\Skype.exe:Skype
“TCP Query User{DC38A16B-BBBD-43B7-AD74-6E8BBE2C41D5}c:\program files\internet explorer\iexplore.exe”= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{B00AF7E8-5693-4D68-BA91-3C58E4870802}c:\program files\internet explorer\iexplore.exe”= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
“{B0CAA58E-D719-4BE1-B397-91E12EB026B0}”= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{CCD66AD9-2638-4455-BBE7-C2A2FE04CEF6}”= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{7D948F7D-47FD-4C42-990F-A2B54AE1B3C0}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{32286125-146C-42A2-AB13-C0691E117E64}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
“c:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe”= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 111184]
R1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23496]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-01-23 39080]
R2 ASBroker;Courtier de session de connexion;c:\windows\System32\svchost.exe -k Cognizance [2008-07-04 21504]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [2008-07-04 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-06 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2007-10-11 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-03-31 809296]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2007-10-11 28224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1ddc3088-0148-11dd-b29a-001d6008e26d}]
\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4d3811d1-07cc-11dd-8248-001d6008e26d}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4e42314d-e6a5-11dc-a08c-001d6008e26d}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{599ae6e4-1677-11dd-bc89-001d603bc6f9}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{83f337f7-31fd-11dd-8c44-001d603bc6f9}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{913e7898-a738-11dc-977b-001d6008e26d}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9e7a23dc-a996-11dd-bfda-001d603bc6f9}]
\shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bc520e33-8644-11dc-ba42-001d6008e26d}]
\shell\AutoRun\command - EXPLORER.EXE
\shell\explore\Command - EXPLORER.EXE
\shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ed1b1acc-58dd-11dd-8b34-001d603bc6f9}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the ‘Scheduled Tasks’ folder

2008-12-13 c:\windows\Tasks\User_Feed_Synchronization-{B3BC89DB-AA60-4909-83AB-2937EDBB6DEA}.job

• c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
  .

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-12-14 15:38:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

c:\users\Marine\AppData\Local\Temp\xml959A.tmp 337 bytes
c:\windows\TEMP\TMP000000518214D7FFC23633F0 524288 bytes

scan completed successfully
hidden files: 2

.
--------------------- DLLs Loaded Under Running Processes ---------------------

• • • • • • • ‘lsass.exe’(748)
              c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
              c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll

• • • • • • • ‘Explorer.exe’(2840)
              c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
              c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
              c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
              c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
              c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\FRA\SFSShell.dll
              .
              ------------------------ Other Running Processes ------------------------
              .
              c:\windows\System32\audiodg.exe
              c:\program files\Lavasoft\Ad-Aware\aawservice.exe
              c:\program files\ATK Hotkey\ASLDRSrv.exe
              c:\program files\Alwil Software\Avast4\aswUpdSv.exe
              c:\program files\ATKGFNEX\GFNEXSrv.exe
              c:\program files\Alwil Software\Avast4\ashServ.exe
              c:\windows\System32\wlanext.exe
              c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              c:\program files\Bonjour\mDNSResponder.exe
              c:\program files\Intel\Wireless\Bin\EvtEng.exe
              c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC[u]0[/u]\FTRTSVC.exe
              c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
              c:\windows\System32\IFXTCS.exe
              c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
              c:\program files\Common Files\LightScribe\LSSrvc.exe
              c:\windows\System32\IfxPsdSv.exe
              c:\program files\Intel\Wireless\Bin\RegSrvc.exe
              c:\program files\ASUS\NB Probe\SPM\spmgr.exe
              c:\program files\Alwil Software\Avast4\ashWebSv.exe
              c:\program files\Alwil Software\Avast4\ashMaiSv.exe
              c:\program files\Windows Media Player\wmpnetwk.exe
              c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
              c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe
              c:\program files\ATK Hotkey\HControl.exe
              c:\program files\ATKOSD2\ATKOSD2.exe
              c:\program files\Wireless Console 2\wcourier.exe
              c:\program files\ASUS\Splendid\ACMON.exe
              c:\program files\P4G\BatteryLife.exe
              c:\windows\System32\ACEngSvr.exe
              c:\program files\ATK Hotkey\ATKOSD.exe
              c:\windows\System32\conime.exe
              c:\program files\ATK Hotkey\KBFiltr.exe
              c:\program files\Alwil Software\Avast4\ashDisp.exe
              c:\windows\System32\rundll32.exe
              c:\windows\System32\rundll32.exe
              c:\windows\System32\wbem\unsecapp.exe
              c:\windows\System32\IfxUAGUI.exe
              c:\program files\Common Files\France Telecom\Shared Modules\AlertModule[u]0[/u]\AlertModule.exe
              c:\program files\Infineon\Security Platform Software\PSDrt.exe
              c:\program files\Infineon\Security Platform Software\SpTNA.exe
              c:\program files\iPod\bin\iPodService.exe
              c:\program files\Skype\Plugin Manager\skypePM.exe
              .

.
Completion time: 2008-12-14 15:53:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-14 14:53:08

Pre-Run: 21 249 724 416 octets libres
Post-Run: 20,186,755,072 octets libres

271 — E O F — 2008-12-12 02:19:20

Re,

Très bien.

Refait un rapport rsit.

merci

Re,
Voilà le rapport rsit:

Logfile of random’s system information tool 1.04 (written by random/random)
Run by Marine at 2008-12-14 18:27:49
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 19 GB (21%) free of 92 GB
Total RAM: 2046 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:04, on 14/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Windows\system32\conime.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marine\Desktop\RSIT.exe
C:\Program Files\trend micro\Marine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.23.16.20:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM…\Run: [SystrayORAHSS] “C:\Program Files\OrangeHSS\Systray\SystrayApp.exe”
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM…\Run: [Skytel] Skytel.exe
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM…\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM…\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM…\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM…\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM…\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 - Capture d’écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

–
End of file - 11040 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{B3BC89DB-AA60-4909-83AB-2937EDBB6DEA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-10-31 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-20 71192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-10-31 2436160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“SystrayORAHSS”=C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [2006-12-12 90112]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
“SMSERIAL”=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
“Skytel”=C:\Windows\Skytel.exe [2007-04-13 1822720]
“RtHDVCpl”=C:\Windows\RtHDVCpl.exe [2007-04-25 4444160]
“PowerForPhone”=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-06-26 778240]
“NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-26 161328]
“InCD”=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-03-26 1057328]
“IFXSPMGT”=C:\Windows\system32\ifxspmgt.exe [2007-02-26 677408]
“IAAnotif”=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
“GrooveMonitor”=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
“CognizanceTS”=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-21 17920]
“avast!”=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
“ATKMEDIA”=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
“ASUS Screen Saver Protector”=C:\Windows\ASScrPro.exe [2007-09-17 33136]
“ASUS Camera ScreenSaver”=C:\Windows\ASScrProlog.exe [2007-09-17 37232]
“SunJavaUpdateSched”=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
“NvSvc”=C:\Windows\system32\nvsvc.dll [2007-04-28 86016]
“NvCplDaemon”=C:\Windows\system32\NvCpl.dll [2007-04-28 8429568]
“NvMediaCenter”=C:\Windows\system32\NvMcTray.dll [2007-04-28 81920]
“QuickTime Task”=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
“iTunesHelper”=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
“swg”=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-10-31 171448]
“SpybotSD TeaTimer”=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
“Skype”=C:\Program Files\Skype\Phone\Skype.exe [2008-06-03 21718312]

C:\Users\Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
OneNote 2007 - Capture d’écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=“APSHook.dll”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“notification packages”=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDrives”=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDrives”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe”=“C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1ddc3088-0148-11dd-b29a-001d6008e26d}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4d3811d1-07cc-11dd-8248-001d6008e26d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4e42314d-e6a5-11dc-a08c-001d6008e26d}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{599ae6e4-1677-11dd-bc89-001d603bc6f9}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{83f337f7-31fd-11dd-8c44-001d603bc6f9}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{913e7898-a738-11dc-977b-001d6008e26d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9e7a23dc-a996-11dd-bfda-001d603bc6f9}]
shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bc520e33-8644-11dc-ba42-001d6008e26d}]
shell\AutoRun\command - EXPLORER.EXE
shell\explore\command - EXPLORER.EXE
shell\open\command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ed1b1acc-58dd-11dd-8b34-001d603bc6f9}]
shell\AutoRun\command - F:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2008-12-14 15:53:25 ----A---- C:\ComboFix.txt
2008-12-14 15:27:02 ----D---- C:\Windows\temp
2008-12-14 15:10:27 ----A---- C:\Windows\zip.exe
2008-12-14 15:10:27 ----A---- C:\Windows\SWREG.exe
2008-12-14 15:10:27 ----A---- C:\Windows\NIRCMD.exe
2008-12-14 15:10:26 ----A---- C:\Windows\VFIND.exe
2008-12-14 15:10:26 ----A---- C:\Windows\SWXCACLS.exe
2008-12-14 15:10:26 ----A---- C:\Windows\SWSC.exe
2008-12-14 15:10:26 ----A---- C:\Windows\sed.exe
2008-12-14 15:10:26 ----A---- C:\Windows\grep.exe
2008-12-14 15:10:26 ----A---- C:\Windows\fdsv.exe
2008-12-14 15:10:20 ----D---- C:\Windows\ERDNT
2008-12-14 15:10:20 ----D---- C:\Qoobox
2008-12-13 20:18:21 ----D---- C:_OTMoveIt
2008-12-12 03:08:31 ----A---- C:\Windows\system32\tzres.dll
2008-12-12 00:25:34 ----A---- C:\Windows\system32\gdi32.dll
2008-12-12 00:24:07 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-12 00:24:05 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-12 00:23:29 ----A---- C:\Windows\system32\shell32.dll
2008-12-12 00:23:05 ----A---- C:\Windows\system32\mshtml.dll
2008-12-12 00:23:03 ----A---- C:\Windows\system32\urlmon.dll
2008-12-12 00:23:02 ----A---- C:\Windows\system32\ieframe.dll
2008-12-12 00:23:00 ----A---- C:\Windows\system32\wininet.dll
2008-12-12 00:22:59 ----A---- C:\Windows\system32\mstime.dll
2008-12-12 00:22:58 ----A---- C:\Windows\system32\iertutil.dll
2008-12-12 00:22:57 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-12 00:22:51 ----A---- C:\Windows\system32\mf.dll
2008-12-12 00:22:49 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-12 00:22:47 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-12 00:22:47 ----A---- C:\Windows\system32\logagent.exe
2008-12-12 00:22:35 ----A---- C:\Windows\explorer.exe
2008-12-12 00:12:33 ----D---- C:\Users\Marine\AppData\Roaming\Malwarebytes
2008-12-12 00:12:23 ----D---- C:\ProgramData\Malwarebytes
2008-12-12 00:12:23 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2008-12-11 10:25:00 ----D---- C:\rsit
2008-12-10 21:00:52 ----A---- C:\Windows\ntbtlog.txt
2008-12-10 20:54:22 ----D---- C:\Program Files\Trend Micro
2008-11-26 18:23:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 18:23:19 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 18:23:18 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 18:23:17 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 18:23:11 ----A---- C:\Windows\system32\connect.dll
2008-11-25 18:48:35 ----D---- C:\ProgramData\WindowsSearch

======List of files/folders modified in the last 1 months======

2008-12-14 16:09:51 ----D---- C:\Users\Marine\AppData\Roaming\skypePM
2008-12-14 15:58:34 ----D---- C:\Windows\system32\fr-FR
2008-12-14 15:58:34 ----D---- C:\Windows\System32
2008-12-14 15:57:04 ----D---- C:\Windows\system32\drivers
2008-12-14 15:53:26 ----D---- C:\Windows
2008-12-14 15:41:19 ----D---- C:\Windows\inf
2008-12-14 15:41:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-14 15:39:47 ----D---- C:\Users\Marine\AppData\Roaming\Skype
2008-12-14 15:38:27 ----A---- C:\Windows\system.ini
2008-12-14 15:32:36 ----D---- C:\Windows\system32\config
2008-12-14 15:21:15 ----D---- C:\Windows\AppPatch
2008-12-14 15:21:15 ----D---- C:\Program Files\Common Files
2008-12-14 15:21:12 ----D---- C:\Windows\Prefetch
2008-12-14 15:13:56 ----SHD---- C:\System Volume Information
2008-12-13 04:32:33 ----RD---- C:\Program Files
2008-12-12 03:44:07 ----D---- C:\Windows\rescache
2008-12-12 03:38:18 ----D---- C:\Windows\winsxs
2008-12-12 03:28:12 ----D---- C:\Windows\system32\catroot
2008-12-12 03:25:12 ----D---- C:\Program Files\Windows Mail
2008-12-12 03:19:19 ----SHD---- C:\Windows\Installer
2008-12-12 03:19:19 ----D---- C:\ProgramData\Microsoft Help
2008-12-12 00:17:43 ----D---- C:\Windows\system32\catroot2
2008-12-12 00:12:23 ----HD---- C:\ProgramData
2008-12-10 21:10:54 ----SD---- C:\Windows\Downloaded Program Files
2008-12-10 20:54:55 ----D---- C:\Windows\system32\Tasks
2008-12-10 00:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-07 19:30:53 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-07 19:30:53 ----D---- C:\Program Files\ASUS
2008-11-26 18:21:30 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-25 18:35:15 ----SHD---- C:$Recycle.Bin
2008-11-18 00:20:18 ----D---- C:\Program Files\Lavasoft
2008-11-18 00:20:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-18 00:15:39 ----D---- C:\ProgramData\Lavasoft
2008-11-18 00:09:54 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-26 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2007-03-26 37040]
R1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2007-03-26 39472]
R1 ItSDisk;ItSDisk; C:\Windows\System32\Drivers\ItSDisk.sys [2006-05-16 23496]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [2007-01-23 39080]
R2 ASMMAP;ASMMAP; ??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-02-05 11632]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-29 140424]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-25 1771944]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-30 2219520]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-04-28 7496256]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
R3 TPM;Module de plateforme sécurisée (TPM); C:\Windows\system32\drivers\tpm.sys [2008-01-19 45624]
R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2007-03-26 108592]
S2 ghaio;ghaio; ??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-11-16 15216]
S3 BthEnum;Service d’énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 catchme;catchme; ??\C:\C-Fix\catchme.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2; C:\Windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 ASBroker;Courtier de session de connexion; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-05-15 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-04-16 647168]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2006-12-12 57344]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\Windows\system32\ifxspmgt.exe [2007-02-26 677408]
R2 IFXTCS;Trusted Platform Core Service; C:\Windows\system32\ifxtcs.exe [2007-02-22 849440]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-03-26 864816]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 PersonalSecureDriveService;Personal Secure Drive Service; C:\Windows\system32\IfxPsdSv.exe [2007-02-22 140832]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-04-16 327680]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-30 809296]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2006-12-29 123248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-20 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-31 138168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-26 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-26 267824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Re, désolée pour la longue absence…

Voilà déjà les deux rapports ToolCleaner2 (la premiere fois tout na pas été supprimé correctement)
Je fais la deuxieme étape tout de suite.

[ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]

–>- Recherche:

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Marine\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
C:\Users\Marine\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Users\Marine\Desktop\HijackThis.lnk: trouvé !
C:\Users\Marine\Desktop\OTMoveIt3.exe: trouvé !
C:\Users\Marine\Desktop\Rsit.exe: trouvé !
C:\Windows\NIRCMD.exe: trouvé !

–>- Suppression:

C:\Program Files\Trend Micro\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: ERREUR DE SUPPRESSION !!
C:\Users\Marine\Desktop\HijackThis.lnk: supprimé !
C:\Combofix.txt: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\hijackthis.log: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Users\Marine\Desktop\OTMoveIt3.exe: supprimé !
C:\Users\Marine\Desktop\Rsit.exe: supprimé !
C:\Windows\NIRCMD.exe: ERREUR DE SUPPRESSION !!
C:\Qoobox: supprimé !
C:_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Trend Micro\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: ERREUR DE SUPPRESSION !!
C:\Users\Marine\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !

Fichiers temporaires nettoyés !
Corbeille vidée!

[ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]

–>- Recherche:

C:\Combofix.txt: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Windows\NIRCMD.exe: trouvé !

–>- Suppression:

C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Combofix.txt: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\Windows\NIRCMD.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

Re,

Bon .

j’espère que ton pc va mieux maintenant.

@+

Alors pour la restauration système…
Je crois que j’ai fait une mauvaise manip… :etonne:

j’ai suivi le tutorial en lien avec le tuto de ToolCleaner2 (http://commentcestfait.forumactif.net/tutos-windows-xp-f32/tutorialdesactive-et-reactive-ou-creer-la-restauration-du-systeme-t540.htm) alors qu’en fait en relisant tes instructions ce nétait pas ça qu’il fallait faire (du tout)… :o(

Au lieu de retourner à un point de restauration précédent, ils ont été effacés (enfin comme décrit dans les instructions du tuto…)

Jm’en veux trop, les explications étaient claires mais je me suis emmêlés les pinceaux…

C’est grave? Ya un moyen de les retrouver ces points de restauration…?