Bonjour tout le monde

et bien je ne savais pas quoi mettre en titre mais me revoila avec le premier pc coupable de mon infection… :@

c est la machine de la belle soeur
pour nager dans le bonheur elle a un second portable plus recent et avec j espere moins de soucis que celui ci

desole pour les fautes mais c est un pc qwerty espagnol

donc a votre bon coeur
c est un acer sous xp

mbam 1
Malwarebytes’ Anti-Malware 1.41
Version de la base de données: 2932
Windows 5.1.2600 Service Pack 3

09/10/2009 07:00:57 p.m.
mbam-log-2009-10-09 (19-00-57).txt

Type de recherche: Examen rapide
Eléments examinés: 112151
Temps écoulé: 8 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{18b0e5c2-99cb-11cf-ayx5-00401c648513} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{09c72999-5c10-41a3-a524-24661d942003} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM313e2b3d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM313e2b3d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

mbam 2

Malwarebytes’ Anti-Malware 1.41
Database version: 2932
Windows 5.1.2600 Service Pack 3 (Safe Mode)

10/10/2009 09:40:25 a.m.
mbam-log-2009-10-10 (09-40-25).txt

Scan type: Full Scan (C:|D:|)
Objects scanned: 244270
Time elapsed: 32 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21:10 p.m., on 10/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: 84.33.1.110 L2authd.lineage2.com
O1 - Hosts: 84.33.1.110 L2testauthd.lineage2.com
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM…\Run: [LaunchApp] Alaunch
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM…\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [PCMService] “C:\Program Files\Acer\Acer Arcade\PCMService.exe”
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM…\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM…\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM…\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM…\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM…\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Creative WebCam Tray] “C:\Program Files\Creative\Shared Files\CamTray.exe”
O4 - HKCU…\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU “C:\WINDOWS\TEMP\E_SCE.tmp” /EF “HKCU”
O4 - HKCU…\Run: [FileHippo.com] “C:\Program Files\FileHippo.com\UpdateChecker.exe” /background
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE…
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - www.linkedin.com…
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - photosmart.hpphoto.com…
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - upload.facebook.com…
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - fichiers.touslesdrivers.com…
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - appdirectory.messenger.msn.com…
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - www.fotobenavides.com…
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - appdirectory.messenger.msn.com…
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - messenger.zone.msn.com…
O16 - DPF: {FAE28553-6D86-4EFB-ACA9-05A8ACEBDEE4} (Explorador de Fotos Rollpix v2.0) - ww2.fotobenavides.com…
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

–
End of file - 10748 bytes

merci d avance pour elle

:hello:

relance hijackthis puis clique sur http://images.imagehotel.net/z8uattg6yg.jpg

recherche et coche les lignes suivantes:

puis clique sur http://images.imagehotel.net/sw6zjk8ugk.jpg

Clique [ici](http://www.genproc.com/GenProc.exe) pour télécharger [b]GenProc[/b] sur le bureau


=> lance le et laisse le travailler
=> Enregistre le rapport sur le bureau et poste le ici s'il te plait

Bonjour et merci de ton aide Senosen

pour le moment le rapport de Hijackthis avec le fix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:53 a.m., on 15/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Perla Varela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Perla Varela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Perla Varela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: 84.33.1.110 L2authd.lineage2.com
O1 - Hosts: 84.33.1.110 L2testauthd.lineage2.com
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM…\Run: [LaunchApp] Alaunch
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM…\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [PCMService] “C:\Program Files\Acer\Acer Arcade\PCMService.exe”
O4 - HKLM…\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM…\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM…\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM…\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM…\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM…\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe”
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Creative WebCam Tray] “C:\Program Files\Creative\Shared Files\CamTray.exe”
O4 - HKCU…\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU “C:\WINDOWS\TEMP\E_SCE.tmp” /EF “HKCU”
O4 - HKCU…\Run: [FileHippo.com] “C:\Program Files\FileHippo.com\UpdateChecker.exe” /background
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE…
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - upload.facebook.com…
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - fichiers.touslesdrivers.com…
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - appdirectory.messenger.msn.com…
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - www.fotobenavides.com…
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - appdirectory.messenger.msn.com…
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - messenger.zone.msn.com…
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

–
End of file - 10487 bytes

la suite arrive

Rapport GenProc 2.637 [1] - 15/10/2009 à 10:19:40
@ Windows XP Service Pack 3 - Mode normal
@ Google Chrome (3.0.195.21) [Navigateur par défaut]

Etape 1/ Télécharge :

• ComboFix download.bleepingcomputer.com… (sUBs) sur ton Bureau.
  Désactive ton antivirus, ton pare-feu et ferme tes programmes en cours. Lance combofix.exe et accepte les termes en cliquant sur OUI. Patiente. Au message “ComboFix a détecté que la ‘console de récupération Windows’ n’existe pas sur ce PC”, clique sur oui puis sur OK, puis patiente. Valide le CLUF Microsoft. Au message “La console de récupération a été installée avec succès”, clique impérativement sur NON pour quitter le programme (ferme également le rapport CF-RC.txt qui s’est ouvert)

Redémarre en mode sans échec comme indiqué ici www.pcloisirs.eu… ; Choisis ta session courante *** Perla Varela *** (pour retrouver le rapport, clique sur le raccourci “Rapport GenProc[1]” sur ton bureau).

Etape 2/

Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l’ordinateur.

Etape 3/

Lance CCleaner : “Nettoyeur”/“lancer le nettoyage” et c’est tout.

Etape 4/

Redémarre normalement et poste, dans la même réponse :

• Le contenu du rapport Combofix.txt situé dans C:\ ;
• Un nouveau rapport HijackThis forums.cnetfrance.fr… ;
• Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n’as pas pu faire…) ainsi que l’évolution de la situation.

~~ Arguments de la procédure ~~

Détections [1] GenProc 2.637 15/10/2009 à 10:19:43

Vundo:le 15/10/2009 à 10:20:34 “C:\WINDOWS\system32*.ini2”

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

~~ Fin à 10:22:57 ~~

je continu avec la suite

ComboFix 09-10-14.09 - Perla Varela 15/10/2009 10:35.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.596 [GMT -5:00]
Running from: c:\documents and settings\Perla Varela\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus On-access scanning disabled (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\Installer\1c97f2.msp
c:\windows\Installer\1c9830.msp
c:\windows\Installer\1c9833.msp
c:\windows\Installer\1e178.msi
c:\windows\Installer\294066.msi
c:\windows\Installer\2da882c.msp
c:\windows\Installer\3251cbe.msp
c:\windows\Installer\386c10.msi
c:\windows\Installer\6d837.msi
c:\windows\Installer\71be78.msp
c:\windows\Installer\721a8.msi
c:\windows\Installer\ab1ef.msi
c:\windows\Installer\b734f.msi
c:\windows\Installer\be1dee.msi
c:\windows\Installer\c3a85d.msp
c:\windows\system32\autorun.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\jrakecxy.ini
c:\windows\system32\kpsboucc.ini
c:\windows\system32\Packet.dll
c:\windows\system32\PrrrAJlm.ini
c:\windows\system32\PrrrAJlm.ini2
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wnocharc.ini
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_NPF
-------\Service_oreans32

((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-15 15:16 . 2009-10-15 15:16 -------- d-----w- C:\GenProc
2009-10-14 19:47 . 2009-10-14 19:47 -------- d-sh–w- c:\documents and settings\Perla Varela\IECompatCache
2009-10-14 19:46 . 2009-10-14 19:46 -------- d-sh–w- c:\documents and settings\Perla Varela\PrivacIE
2009-10-14 19:39 . 2009-10-14 19:39 -------- d-sh–w- c:\documents and settings\Perla Varela\IETldCache
2009-10-14 19:12 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-14 19:12 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-14 19:12 . 2009-10-14 19:12 -------- d-----w- c:\windows\ie8updates
2009-10-14 19:12 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-14 19:09 . 2009-10-14 19:09 -------- d–h--w- c:\windows\ie8
2009-10-14 18:55 . 2009-10-14 18:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-14 18:54 . 2009-10-14 18:54 -------- d-----w- c:\program files\Microsoft
2009-10-11 00:47 . 2009-10-11 00:47 -------- d-----w- c:\program files\Trend Micro
2009-10-11 00:36 . 2009-10-11 00:36 -------- d-----w- c:\program files\FileHippo.com
2009-10-10 14:00 . 2009-10-10 14:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-10 02:18 . 2009-10-10 02:18 -------- d-----w- c:\program files\ma-config.com
2009-10-10 02:18 . 2009-10-10 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-10-10 01:39 . 2009-10-10 02:23 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-10 01:39 . 2009-10-10 02:23 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-10 01:38 . 2009-10-10 01:38 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-10 01:38 . 2009-10-10 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-10 01:38 . 2009-10-15 15:40 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-10 01:38 . 2009-10-15 15:40 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-10 01:36 . 2009-10-10 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-10 01:26 . 2009-10-10 01:26 -------- d-----w- c:\documents and settings\Perla Varela\Application Data\GlarySoft
2009-10-10 01:21 . 2009-10-10 01:21 -------- d-----w- c:\program files\Glary Utilities
2009-10-10 00:12 . 2009-10-10 00:12 -------- d-----w- c:\program files\VS Revo Group
2009-10-09 23:24 . 2009-10-09 23:24 -------- d-----w- C:\FOUND.001
2009-10-09 22:48 . 2009-10-09 22:48 -------- d-----w- C:\a
2009-10-09 19:22 . 2009-10-09 19:23 -------- d-----w- c:\documents and settings\Perla Varela\Application Data\Malwarebytes
2009-10-09 19:22 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 19:22 . 2009-10-09 19:22 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-10-09 19:22 . 2009-10-09 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-09 19:22 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 14:12 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 15:40 . 2009-10-10 01:38 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-15 15:40 . 2009-10-10 01:38 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-10 02:23 . 2008-01-29 22:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-11 14:18 . 2005-08-16 21:57 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-08-16 21:57 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2005-08-16 21:57 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-08-29 07:36 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-26 08:00 . 2005-08-16 21:58 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 20:09 . 2006-05-31 15:55 120976 ----a-w- c:\documents and settings\Perla Varela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2005-08-16 21:57 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2005-08-16 21:57 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-05 00:52 . 2009-08-05 00:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 14:20 . 2004-08-04 03:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2005-08-16 21:57 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2005-08-16 21:57 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:01 . 2005-08-16 21:57 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22 . 2005-08-16 21:57 1435648 ----a-w- c:\windows\system32\query.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Creative WebCam Tray”=“c:\program files\Creative\Shared Files\CamTray.exe” [2005-10-27 299008]
“FileHippo.com”=“c:\program files\FileHippo.com\UpdateChecker.exe” [2009-09-28 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“LaunchApp”=“Alaunch” [X]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2005-06-08 94208]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2005-06-08 77824]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2005-06-08 114688]
“AzMixerSel”=“c:\program files\Realtek\InstallShield\AzMixerSel.exe” [2005-06-12 53248]
“SynTPLpr”=“c:\program files\Synaptics\SynTP\SynTPLpr.exe” [2004-10-08 98394]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2004-10-08 688218]
“IMJPMIG8.1”=“c:\windows\IME\imjp8_1\IMJPMIG.EXE” [2004-08-04 208952]
“MSPY2002”=“c:\windows\system32\IME\PINTLGNT\ImScInst.exe” [2004-08-04 59392]
“PHIME2002ASync”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE” [2004-08-04 455168]
“PHIME2002A”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE” [2004-08-04 455168]
“PCMService”=“c:\program files\Acer\Acer Arcade\PCMService.exe” [2005-08-11 143360]
“EPM-DM”=“c:\acer\epm\epm-dm.exe” [2005-08-12 200704]
“ePowerManagement”=“c:\acer\ePM\ePM.exe” [2005-03-15 2893824]
“eRecoveryService”=“c:\program files\Acer\eRecovery\Monitor.exe” [2005-08-19 352256]
“{0228e555-4f9c-4e35-a3ec-b109a192b4c2}”=“c:\program files\Google\Gmail Notifier\gnotify.exe” [2005-07-15 479232]
“Samsung PanelMgr”=“c:\windows\Samsung\PanelMgr\SSMMgr.exe” [2008-04-14 536576]
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2009-09-10 1312080]
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe” [2009-10-10 208616]
“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
“PD0620 STISvc”=“P0620Pin.dll” - c:\windows\system32\P0620Pin.dll [2005-05-10 36864]
“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]

c:\documents and settings\All Users\Start Menu\Programs\Startup
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
“MimBoot”=c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Acer\Acer Arcade\PCMService.exe”=
“d:\3dsmax7\3dsmax.exe”=
“c:\Program Files\backburner 2\monitor.exe”=
“c:\Program Files\backburner 2\manager.exe”=
“c:\Program Files\backburner 2\server.exe”=
“c:\Program Files\Google\Gmail Notifier\GNOTIFY.EXE”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Documents and Settings\Perla Varela\Local Settings\Application Data\FolderShare\FolderShare.exe”=
“c:\Program Files\iTunes\iTunes.exe”=
“c:\Program Files\Windows Live\Messenger\MsnMsgr.Exe”=
“c:\Program Files\Windows Live\Messenger\livecall.exe”=
“c:\Documents and Settings\Perla Varela\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll”=
“c:\Documents and Settings\Perla Varela\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe”=
“c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“1723:TCP”= 1723:TCP:@xpsp2res.dll,-22015
“1701:UDP”= 1701:UDP:@xpsp2res.dll,-22016
“500:UDP”= 500:UDP:@xpsp2res.dll,-22017

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 p.m. 33808]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 04:28 p.m. 1533808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 p.m. 24592]
S2 SSPORT;SSPORT;??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 02:50 p.m. 238960]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder

2009-10-15 c:\windows\Tasks\GlaryInitialize.job

• c:\program files\Glary Utilities\initialize.exe [2009-10-10 00:27]
  .
  .
  ------- Supplementary Scan -------
  .
  uSearchMigratedDefaultURL = www.google.com…
  uDefault_Search_URL = www.google.com…
  uInternet Connection Wizard,ShellNext = iexplore
  uSearchURL,(Default) = www.google.com…
  IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  Trusted Zone: musicmatch.com\online
  .
• • • • ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-10-15 10:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ€|ÿÿÿÿ•€|ù•A~*]
“A0C0110900063D11C8EF10054038389C”=“C?\WINDOWS\system32\FM20ENU.DLL”
.
--------------------- DLLs Loaded Under Running Processes ---------------------

• • • • • • • ‘explorer.exe’(3276)
              c:\windows\system32\WININET.dll
              c:\windows\system32\ieframe.dll
              c:\windows\system32\webcheck.dll
              c:\windows\system32\WPDShServiceObj.dll
              c:\windows\system32\PortableDeviceTypes.dll
              c:\windows\system32\PortableDeviceApi.dll
              .
              ------------------------ Other Running Processes ------------------------
              .
              c:\program files\INTEL\WIRELESS\BIN\EVTENG.EXE
              c:\program files\INTEL\WIRELESS\BIN\S24EVMON.EXE
              c:\acer\EMANAGER\ANBMSERV.EXE
              c:\program files\COMMON FILES\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE
              c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
              c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
              c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
              c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
              c:\program files\INTEL\WIRELESS\BIN\REGSRVC.EXE
              c:\program files\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
              c:\program files\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDSVCM.EXE
              c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
              c:\windows\system32\wscntfy.exe
              c:\windows\system32\rundll32.exe
              .

.
Completion time: 2009-10-15 10:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-15 15:48

Pre-Run: 18,096,455,680 bytes free
Post-Run: 18,465,980,416 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect

238 — E O F — 2009-10-10 01:37

Bonjour Jean

comme tu vois j ai pris le taureau par les cornes
j essai de mettre a zero defaut les pc de la famille

donc le petit rapport avec zhpdiag et bien sur pas touche a l autre

Rapport de ZHPDiag v1.24.21 par Nicolas Coolman
Run by Perla Varela at 18/10/2009 06:22:13 p.m.
Web site : www.premiumorange.com…
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v8.0.6001.18702

Boot mode: Normal (Normal boot)
Total RAM: 1.3 Gb (37 % free)
System drive C: 54 Go (17 Go free)

—\ Processus lancés
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
c:\acer\epm\epm-dm.exe
C:\Acer\ePM\ePM.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

—\ Pages de démarrage d’Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com…

—\ Pages de recherche d’Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ie.search.msn.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

—\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

—\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

—\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} -

—\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM…\Run: [LaunchApp] Alaunch
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM…\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe
O4 - HKLM…\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM…\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM…\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM…\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM…\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM…\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM…\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM…\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM…\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKLM…\policies\Explorer: [NoDriveAutoRun] Data=67108863
O4 - HKLM…\policies\Explorer: [NoDriveTypeAutoRun] Data=323
O4 - HKLM…\policies\Explorer: [NoDrives] Data=0

—\ Lignes supplémentaires dans le menu contextuel d’Internet Explorer (O8)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE…

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll,101
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - download.macromedia.com…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - upload.facebook.com…
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - fichiers.touslesdrivers.com…
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - appdirectory.messenger.msn.com…
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - www.fotobenavides.com…
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - appdirectory.messenger.msn.com…
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - messenger.zone.msn.com…

—\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32%SystemRoot%\System32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\System32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

—\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

—\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Notebook Manager Service (anbmService) - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service (Autodesk Licensing Service) - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r
O23 - Service: Servicio Bonjour (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service (CyberLink Media Library Service) - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng (EvtEng) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fax (Fax) - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Machine Debug Manager (MDM) - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
O23 - Service: RegSrvc (RegSrvc) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Windows Live ID Sign-in Assistant (wlidsvc) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

—\ Enumération des composants Active Desktop (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home

—\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GlaryInitialize.job

—\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Internet Explorer Version Update - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - “C:\WINDOWS\system32\rundll32.exe” “C:\WINDOWS\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Vector Graphics Rendering (VML) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Offline Browsing Pack - {1046FEDC-CBD9-89B5-7DD7-5AE6C3028C10} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 10.2 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Adobe\Director\SwDir.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Adobe Shockwave Director 10.2 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Dynamic HTML Data Binding for Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Advanced Authoring - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - “%ProgramFiles%\Outlook Express\setup50.exe” /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: DirectAnimation Java Classes - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.8 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: Carpetas Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Address Book 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - “%ProgramFiles%\Outlook Express\setup50.exe” /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
O40 - ASIC: Outlook Express - {91DFD2FF-7300-A23F-1E5C-8E4AB711F297} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {92F4F1B3-5F6E-17C2-9774-6AA3DCDEE48A} - (not file)
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Fax Provider - {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - (not file)
O40 - ASIC: .NET Framework - {B508B3F1-A24A-32C0-B310-85786919EF28} - (not file)
O40 - ASIC: Browser Customizations - {BFB9CEEC-8FAE-8383-08F8-0172311A1790} - (not file)
O40 - ASIC: .NET Framework - {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Task Scheduler - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx
O40 - ASIC: Microsoft .NET Framework 1.1 Security Update (KB953297) - {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - (not file)
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
O40 - ASIC: RootsUpdate - {EF289A85-8E57-408d-BE47-73B55609861A} - (not file)
O40 - ASIC: Dynamic HTML Data Binding for Java - {FB7A8A8F-7453-ADD4-C01C-C1115A05D1B5} - (not file)

—\ Pilotes lancés au démarrage (O41)
O41 - Driver: Microsoft Kernel Acoustic Echo Canceller (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: AEGIS Protocol (IEEE 802.1x) v3.1.6.0 (AegisP) - C:\WINDOWS\system32\DRIVERS\AegisP.sys
O41 - Driver: Intel AGP Bus Filter (agp440) - C:\WINDOWS\system32\DRIVERS\agp440.sys
O41 - Driver: Compaq AGP Bus Filter (agpCPQ) - C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
O41 - Driver: ALI AGP Bus Filter (alim1541) - C:\WINDOWS\system32\DRIVERS\alim1541.sys
O41 - Driver: AMD AGP Bus Filter Driver (amdagp) - C:\WINDOWS\system32\DRIVERS\amdagp.sys
O41 - Driver: RAS Asynchronous Media Driver (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: ATM ARP Client Protocol (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Audio Stub Driver (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: (no object) (cbidf) - C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
O41 - Driver: Closed Caption Decoder (CCDECODE) - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
O41 - Driver: Microsoft ACPI Control Method Battery Driver (CmBatt) - C:\WINDOWS\system32\DRIVERS\CmBatt.sys
O41 - Driver: Microsoft Composite Battery Driver (Compbatt) - C:\WINDOWS\system32\DRIVERS\compbatt.sys
O41 - Driver: (no object) (dac2w2k) - C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
O41 - Driver: DgiVecp (DgiVecp) - C:\WINDOWS\system32\Drivers\DgiVecp.sys
O41 - Driver: Dritek Keyboard Filter Driver (DKbFltr) - C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: (no object) (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Microsoft Kernel DLS Syntheiszer (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: driverhardwarev2 (driverhardwarev2) - C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
O41 - Driver: Microsoft Kernel DRM Audio Descrambler (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: Symantec Eraser Control driver (eeCtrl) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
O41 - Driver: Acer EPM Power Scheme Driver (EpmPsd) - C:\WINDOWS\system32\drivers\epm-psd.sys
O41 - Driver: Acer EPM System Hardware Driver (EpmShd) - C:\WINDOWS\system32\drivers\epm-shd.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\drivers\fltmgr.sys
O41 - Driver: GEAR ASPI Filter Driver (GEARAspiWDM) - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
O41 - Driver: Generic Packet Classifier (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Microsoft UAA Function Driver for High Definition Audio Service (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: Microsoft UAA Bus Driver for High Definition Audio (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
O41 - Driver: Microsoft HID Class Driver (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: (no object) (HSFHWAZL) - C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
O41 - Driver: (no object) (HSF_DPV) - C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
O41 - Driver: i8042 Keyboard and PS/2 Mouse Port Driver (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: (no object) (ialm) - C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
O41 - Driver: int15.sys (int15.sys) - C:\Program Files\Acer\eRecovery\int15.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
O41 - Driver: Intel Processor Driver (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: IPv6 Windows Firewall Driver (Ip6Fw) - C:\WINDOWS\system32\drivers\ip6fw.sys
O41 - Driver: IP Traffic Filter Driver (IpFilterDriver) - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: IPSEC driver (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: IR Enumerator Service (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Kl1 (kl1) - C:\WINDOWS\system32\drivers\kl1.sys
O41 - Driver: Kaspersky Lab Boot Guard Driver (klbg) - C:\WINDOWS\system32\drivers\klbg.sys
O41 - Driver: Kaspersky Lab Driver (KLIF) - C:\WINDOWS\system32\DRIVERS\klif.sys
O41 - Driver: Kaspersky Anti-Virus NDIS Filter (klim5) - C:\WINDOWS\system32\DRIVERS\klim5.sys
O41 - Driver: Microsoft Kernel Wave Audio Mixer (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Logitech SetPoint USB Receiver device driver (LHidUsbK) - C:\WINDOWS\System32\Drivers\LHidUsbK.Sys
O41 - Driver: Logitech SetPoint Mouse Filter Driver (LMouKE) - C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
O41 - Driver: (no object) (mdmxsdk) - C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
O41 - Driver: Unimodem Streaming Filter Device (MODEMCSA) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
O41 - Driver: Mouse HID Driver (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: WebDav Client Redirector (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Microsoft Streaming Service Proxy (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Microsoft Streaming Clock Proxy (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Microsoft Streaming Quality Manager Proxy (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Microsoft System Management BIOS Driver (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: Microsoft Streaming Tee/Sink-to-Sink Converter (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: NABTS/FEC VBI Codec (NABTSFEC) - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
O41 - Driver: Microsoft TV/Video Connection (NdisIP) - C:\WINDOWS\system32\DRIVERS\NdisIP.sys
O41 - Driver: Remote Access NDIS TAPI Driver (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS Usermode I/O Protocol (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Remote Access NDIS WAN Driver (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBios over Tcpip (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Network Monitor Driver (nm) - C:\WINDOWS\system32\DRIVERS\NMnt.sys
O41 - Driver: Upper Class Filter Driver (NTIDrvr) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: osaio (osaio) - C:\WINDOWS\system32\drivers\osaio.sys
O41 - Driver: osanbm (osanbm) - C:\WINDOWS\system32\drivers\osanbm.sys
O41 - Driver: Creative WebCam Instant (PD0620VID) - C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
O41 - Driver: WAN Miniport (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: QoS Packet Scheduler (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Direct Parallel Link Driver (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: PxHelp20 (PxHelp20) - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: WAN Miniport (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Remote Access PPPOE Driver (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Direct Parallel (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Terminal Server Device Redirector Driver (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Digital CD Audio Playback Filter Driver (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Realtek 10/100/1000 PCI NIC Family NDIS XP Driver (RTL8023xp) - C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
O41 - Driver: WLAN Transport (s24trans) - C:\WINDOWS\system32\DRIVERS\s24trans.sys
O41 - Driver: Sony Ericsson Device 069 driver (WDM) (se45bus) - C:\WINDOWS\system32\DRIVERS\se45bus.sys
O41 - Driver: Sony Ericsson Device 069 USB WMC Modem Filter (se45mdfl) - C:\WINDOWS\system32\DRIVERS\se45mdfl.sys
O41 - Driver: Sony Ericsson Device 069 USB WMC Modem Driver (se45mdm) - C:\WINDOWS\system32\DRIVERS\se45mdm.sys
O41 - Driver: Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM) (se45mgmt) - C:\WINDOWS\system32\DRIVERS\se45mgmt.sys
O41 - Driver: Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS) (se45nd5) - C:\WINDOWS\system32\DRIVERS\se45nd5.sys
O41 - Driver: Sony Ericsson Device 069 USB WMC OBEX Interface (se45obex) - C:\WINDOWS\system32\DRIVERS\se45obex.sys
O41 - Driver: Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM) (se45unic) - C:\WINDOWS\system32\DRIVERS\se45unic.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: SIS AGP Bus Filter (sisagp) - C:\WINDOWS\system32\DRIVERS\sisagp.sys
O41 - Driver: BDA Slip De-Framer (SLIP) - C:\WINDOWS\system32\DRIVERS\SLIP.sys
O41 - Driver: Sony USB Filter Driver (SONYPVU1) (SONYPVU1) - C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
O41 - Driver: Microsoft Kernel Audio Splitter (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: System Restore Filter Driver (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: SSPORT (SSPORT) - C:\WINDOWS\system32\Drivers\SSPORT.sys
O41 - Driver: BDA IPSink (streamip) - C:\WINDOWS\system32\DRIVERS\StreamIP.sys
O41 - Driver: Software Bus Driver (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Microsoft Kernel GS Wavetable Synthesizer (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: (no object) (SymEvent) - C:\Program Files\Symantec\SYMEVENT.SYS
O41 - Driver: Synaptics TouchPad Driver (SynTP) - C:\WINDOWS\system32\DRIVERS\SynTP.sys
O41 - Driver: Microsoft Kernel System Audio Device (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: TCP/IP Protocol Driver (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Microcode Update Driver (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: USB Audio Driver (WDM) (usbaudio) - C:\WINDOWS\system32\drivers\usbaudio.sys
O41 - Driver: Microsoft USB Generic Parent Driver (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Microsoft USB Standard Hub Driver (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Microsoft USB PRINTER Class (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys
O41 - Driver: USB Scanner Driver (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: USB Mass Storage Driver (USBSTOR) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Microsoft USB Universal Host Controller Miniport Driver (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O41 - Driver: VIA AGP Bus Filter (viaagp) - C:\WINDOWS\system32\DRIVERS\viaagp.sys
O41 - Driver: Controlador de la Conexión de red Intel® PRO/Wireless 2200BG para Windows XP (w29n51) - C:\WINDOWS\system32\DRIVERS\w29n51.sys
O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Microsoft WINMM WDM Audio Compatibility Driver (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: WIBU-KEY Kernel Driver (WIBUKEY) - C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys
O41 - Driver: (no object) (winachsf) - C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
O41 - Driver: World Standard Teletext Codec (WSTCODEC) - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys

—\ Logiciels installés (O42)
O42 - Logiciel: 3ds max 7 Additional Maps and Materials
O42 - Logiciel: ABBYY FineReader 6.0 Sprint
O42 - Logiciel: Acer Arcade
O42 - Logiciel: Acer eManager for Notebook
O42 - Logiciel: Acer eNetManagement
O42 - Logiciel: Acer ePowerManagement
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe SVG Viewer 3.0
O42 - Logiciel: Adobe Shockwave Player 11.5
O42 - Logiciel: Apple Application Support
O42 - Logiciel: Apple Mobile Device Support
O42 - Logiciel: Apple Software Update
O42 - Logiciel: ArchiCAD 10 R1 INT
O42 - Logiciel: AutoCAD 2007 - English
O42 - Logiciel: Bonjour
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Canon Utilities PhotoStitch 3.1
O42 - Logiciel: Color LaserJet 2600n
O42 - Logiciel: CorelDRAW Graphics Suite 12
O42 - Logiciel: Creative WebCam Center
O42 - Logiciel: Creative WebCam Instant Driver (1.03.02.0425)
O42 - Logiciel: Critical Update for Windows Media Player 11 (KB959772)
O42 - Logiciel: Designjet Software & Driver Installation Wizard
O42 - Logiciel: EPSON Scan
O42 - Logiciel: FileHippo.com Update Checker
O42 - Logiciel: Glary Utilities 2.16.0.758
O42 - Logiciel: Google Earth
O42 - Logiciel: Google SketchUp 6
O42 - Logiciel: Google SketchUp LayOut 6
O42 - Logiciel: Google SketchUp Pro 6
O42 - Logiciel: Google Talk Plugin
O42 - Logiciel: Guía del usuario de Creative WebCam Instant (Español)
O42 - Logiciel: HDAUDIO Soft Voice Modem with SmartCP
O42 - Logiciel: HP eServices Local Prints and Save
O42 - Logiciel: High Definition Audio Driver Package - KB888111
O42 - Logiciel: Hofmann 5.9
O42 - Logiciel: Hotfix for Windows Internet Explorer 7 (KB947864)
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
O42 - Logiciel: Hotfix for Windows Media Player 11 (KB939683)
O42 - Logiciel: Hotfix for Windows XP (KB952287)
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5)
O42 - Logiciel: Hotfix for Windows XP (KB961118)
O42 - Logiciel: Hotfix for Windows XP (KB970653-v3)
O42 - Logiciel: Image Resizer Powertoy for Windows XP
O42 - Logiciel: Intel® Graphics Media Accelerator Driver for Mobile
O42 - Logiciel: Intel® PROSet/Wireless Software
O42 - Logiciel: Kaspersky Anti-Virus 2009
O42 - Logiciel: MSN
O42 - Logiciel: MSXML 4.0 SP2 (KB927978)
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Ma-Config.com
O42 - Logiciel: Macromedia Flash Player 8
O42 - Logiciel: Malwarebytes’ Anti-Malware
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297)
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: Microsoft Office Live Add-in 1.4
O42 - Logiciel: Microsoft Office Professional Edition 2003
O42 - Logiciel: Microsoft Project 2000
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: Microsoft Visual Studio 2005 Tools for Office Runtime
O42 - Logiciel: Musicmatch® Jukebox
O42 - Logiciel: NTI Backup NOW! 4
O42 - Logiciel: NTI CD & DVD-Maker
O42 - Logiciel: Network Print Monitor for Windows 2000/XP/2003
O42 - Logiciel: Prodigy Infinitum Módem Router
O42 - Logiciel: QuickTime
O42 - Logiciel: REALTEK Gigabit and Fast Ethernet NIC Driver
O42 - Logiciel: Revo Uninstaller 1.83
O42 - Logiciel: Samsung ML-2240 Series
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB928090)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB929969)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB931768)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB933566)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB937143)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB938127)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB939653)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB942615)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB944533)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB950759)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB953838)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB956390)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB958215)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB960714)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB961260)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB963027)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB969897)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB972260)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB974455)
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB971961)
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB974455)
O42 - Logiciel: Security Update for Windows Media Player (KB952069)
O42 - Logiciel: Security Update for Windows Media Player (KB954155)
O42 - Logiciel: Security Update for Windows Media Player (KB968816)
O42 - Logiciel: Security Update for Windows Media Player (KB973540)
O42 - Logiciel: Security Update for Windows Media Player 11 (KB936782)
O42 - Logiciel: Security Update for Windows Media Player 11 (KB954154)
O42 - Logiciel: Security Update for Windows Media Player 9 (KB911565)
O42 - Logiciel: Security Update for Windows Media Player 9 (KB917734)
O42 - Logiciel: Security Update for Windows XP (KB923561)
O42 - Logiciel: Security Update for Windows XP (KB938464)
O42 - Logiciel: Security Update for Windows XP (KB938464-v2)
O42 - Logiciel: Security Update for Windows XP (KB941569)
O42 - Logiciel: Security Update for Windows XP (KB946648)
O42 - Logiciel: Security Update for Windows XP (KB950760)
O42 - Logiciel: Security Update for Windows XP (KB950762)
O42 - Logiciel: Security Update for Windows XP (KB950974)
O42 - Logiciel: Security Update for Windows XP (KB951066)
O42 - Logiciel: Security Update for Windows XP (KB951376)
O42 - Logiciel: Security Update for Windows XP (KB951376-v2)
O42 - Logiciel: Security Update for Windows XP (KB951698)
O42 - Logiciel: Security Update for Windows XP (KB951748)
O42 - Logiciel: Security Update for Windows XP (KB952004)
O42 - Logiciel: Security Update for Windows XP (KB952954)
O42 - Logiciel: Security Update for Windows XP (KB953839)
O42 - Logiciel: Security Update for Windows XP (KB954211)
O42 - Logiciel: Security Update for Windows XP (KB954459)
O42 - Logiciel: Security Update for Windows XP (KB954600)
O42 - Logiciel: Security Update for Windows XP (KB955069)
O42 - Logiciel: Security Update for Windows XP (KB956391)
O42 - Logiciel: Security Update for Windows XP (KB956572)
O42 - Logiciel: Security Update for Windows XP (KB956744)
O42 - Logiciel: Security Update for Windows XP (KB956802)
O42 - Logiciel: Security Update for Windows XP (KB956803)
O42 - Logiciel: Security Update for Windows XP (KB956841)
O42 - Logiciel: Security Update for Windows XP (KB956844)
O42 - Logiciel: Security Update for Windows XP (KB957095)
O42 - Logiciel: Security Update for Windows XP (KB957097)
O42 - Logiciel: Security Update for Windows XP (KB958644)
O42 - Logiciel: Security Update for Windows XP (KB958687)
O42 - Logiciel: Security Update for Windows XP (KB958690)
O42 - Logiciel: Security Update for Windows XP (KB958869)
O42 - Logiciel: Security Update for Windows XP (KB959426)
O42 - Logiciel: Security Update for Windows XP (KB960225)
O42 - Logiciel: Security Update for Windows XP (KB960715)
O42 - Logiciel: Security Update for Windows XP (KB960803)
O42 - Logiciel: Security Update for Windows XP (KB960859)
O42 - Logiciel: Security Update for Windows XP (KB961371-v2)
O42 - Logiciel: Security Update for Windows XP (KB961373)
O42 - Logiciel: Security Update for Windows XP (KB961501)
O42 - Logiciel: Security Update for Windows XP (KB968537)
O42 - Logiciel: Security Update for Windows XP (KB969059)
O42 - Logiciel: Security Update for Windows XP (KB969898)
O42 - Logiciel: Security Update for Windows XP (KB970238)
O42 - Logiciel: Security Update for Windows XP (KB971486)
O42 - Logiciel: Security Update for Windows XP (KB971557)
O42 - Logiciel: Security Update for Windows XP (KB971633)
O42 - Logiciel: Security Update for Windows XP (KB971657)
O42 - Logiciel: Security Update for Windows XP (KB971961)
O42 - Logiciel: Security Update for Windows XP (KB973346)
O42 - Logiciel: Security Update for Windows XP (KB973354)
O42 - Logiciel: Security Update for Windows XP (KB973507)
O42 - Logiciel: Security Update for Windows XP (KB973525)
O42 - Logiciel: Security Update for Windows XP (KB973869)
O42 - Logiciel: Security Update for Windows XP (KB974112)
O42 - Logiciel: Security Update for Windows XP (KB974571)
O42 - Logiciel: Security Update for Windows XP (KB975025)
O42 - Logiciel: Security Update for Windows XP (KB975467)
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: Software de impresora EPSON
O42 - Logiciel: Synaptics Pointing Device Driver
O42 - Logiciel: Update for Windows Internet Explorer 8 (KB973874)
O42 - Logiciel: Update for Windows XP (KB951072-v2)
O42 - Logiciel: Update for Windows XP (KB951978)
O42 - Logiciel: Update for Windows XP (KB955839)
O42 - Logiciel: Update for Windows XP (KB967715)
O42 - Logiciel: Update for Windows XP (KB968389)
O42 - Logiciel: Update for Windows XP (KB973815)
O42 - Logiciel: VideoLAN VLC media player 0.8.6c
O42 - Logiciel: Visual Studio 2005 Tools for Office Second Edition Runtime
O42 - Logiciel: WIBU-KEY Setup (WIBU-KEY Remove)
O42 - Logiciel: WinRAR archiver
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130)
O42 - Logiciel: Windows Internet Explorer 7
O42 - Logiciel: Windows Internet Explorer 8
O42 - Logiciel: Windows Live FolderShare Beta
O42 - Logiciel: Windows Live ID Sign-in Assistant
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Windows Live installer
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: hp designjet system maintenance for hp designjet 100
O42 - Logiciel: mCore
O42 - Logiciel: mPfMgr
O42 - Logiciel: mProSafe

—\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Intel
O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
O43 - CFD:Common File Directory ----D- C:\Program Files\CONEXANT
O43 - CFD:Common File Directory ----D- C:\Program Files\Synaptics
O43 - CFD:Common File Directory ----D- C:\Program Files\Acer Inc
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\NewTech Infosystems
O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink
O43 - CFD:Common File Directory ----D- C:\Program Files\Acer
O43 - CFD:Common File Directory ----D- C:\Program Files\Symantec
O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\MUSICMATCH
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory ----D- C:\Program Files\Prodigy Infinitum
O43 - CFD:Common File Directory ----D- C:\Program Files\Macromedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Corel
O43 - CFD:Common File Directory ----D- C:\Program Files\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\backburner 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Network Print Monitor
O43 - CFD:Common File Directory --H-D- C:\Program Files\Zenographics
O43 - CFD:Common File Directory ----D- C:\Program Files\Creative
O43 - CFD:Common File Directory ----D- C:\Program Files\Canon
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\oneworldflights
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
O43 - CFD:Common File Directory ----D- C:\Program Files\Skype
O43 - CFD:Common File Directory ----D- C:\Program Files\Graphisoft
O43 - CFD:Common File Directory ----D- C:\Program Files\WIBUKEY
O43 - CFD:Common File Directory ----D- C:\Program Files\WIBU-SYSTEMS
O43 - CFD:Common File Directory ----D- C:\Program Files\AOL Security Toolbar
O43 - CFD:Common File Directory ----D- C:\Program Files\directx
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Components
O43 - CFD:Common File Directory ----D- C:\Program Files\IriSearch
O43 - CFD:Common File Directory ----D- C:\Program Files\settings
O43 - CFD:Common File Directory ----D- C:\Program Files\epson
O43 - CFD:Common File Directory ----D- C:\Program Files\ABBYY FineReader 6.0 Sprint
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\Macrogaming
O43 - CFD:Common File Directory ----D- C:\Program Files\AutoCAD 2007
O43 - CFD:Common File Directory ----D- C:\Program Files\AnswerWorks 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\HP
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Rollpix
O43 - CFD:Common File Directory ----D- C:\Program Files\Hofmann
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Sun
O43 - CFD:Common File Directory ----D- C:\Program Files\Directorio Integral
O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes’ Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\VS Revo Group
O43 - CFD:Common File Directory ----D- C:\Program Files\Glary Utilities
O43 - CFD:Common File Directory ----D- C:\Program Files\Kaspersky Lab
O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com
O43 - CFD:Common File Directory ----D- C:\Program Files\FileHippo.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour
O43 - CFD:Common File Directory ----D- C:\Program Files\iTunes
O43 - CFD:Common File Directory ----D- C:\Program Files\iPod
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\muvee Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\NewTech Infosystems
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Autodesk Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Macromedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Macromedia Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Corel
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PCSuite
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Apple
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Teleca Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Skype

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:Last File Created 02/10/2009 - 12:01:58 p.m. —A- C:\WINDOWS\System32\MRT.exe
O44 - LFC:Last File Created 09/10/2009 - 08:23:26 p.m. —A- C:\WINDOWS\System32\drivers\klbg.sys
O44 - LFC:Last File Created 09/10/2009 - 08:23:26 p.m. —A- C:\WINDOWS\System32\drivers\klick.dat
O44 - LFC:Last File Created 09/10/2009 - 08:23:26 p.m. —A- C:\WINDOWS\System32\drivers\klif.sys
O44 - LFC:Last File Created 09/10/2009 - 08:23:26 p.m. —A- C:\WINDOWS\System32\drivers\klin.dat
O44 - LFC:Last File Created 11/10/2009 - 07:10:10 a.m. —A- C:\WINDOWS\PEV.exe
O44 - LFC:Last File Created 14/10/2009 - 01:17:12 p.m. —A- C:\WINDOWS\System32\PerfStringBackup.INI
O44 - LFC:Last File Created 14/10/2009 - 01:17:12 p.m. —A- C:\WINDOWS\System32\perfc009.dat
O44 - LFC:Last File Created 14/10/2009 - 01:17:12 p.m. —A- C:\WINDOWS\System32\perfh009.dat
O44 - LFC:Last File Created 15/10/2009 - 03:04:02 p.m. —A- C:\WINDOWS\wiaservc.log
O44 - LFC:Last File Created 15/10/2009 - 03:04:04 p.m. —A- C:\WINDOWS\SchedLgU.Txt
O44 - LFC:Last File Created 15/10/2009 - 09:43:56 a.m. —A- C:\WINDOWS\system.ini
O44 - LFC:Last File Created 15/10/2009 - 12:17:36 p.m. —A- C:\WINDOWS\hpbafd.ini
O44 - LFC:Last File Created 18/10/2009 - 04:58:50 p.m. -S-A- C:\WINDOWS\bootstat.dat
O44 - LFC:Last File Created 18/10/2009 - 04:58:52 p.m. —A- C:\WINDOWS\System32\wpa.dbl
O44 - LFC:Last File Created 18/10/2009 - 04:59:14 p.m. —A- C:\WINDOWS\ModemLog_HDAUDIO Soft Voice Modem with SmartCP.txt
O44 - LFC:Last File Created 18/10/2009 - 04:59:18 p.m. —A- C:\WINDOWS\wiadebug.log
O44 - LFC:Last File Created 18/10/2009 - 04:59:54 p.m. —A- C:\WINDOWS\0.log
O44 - LFC:Last File Created 18/10/2009 - 05:07:22 p.m. —A- C:\WINDOWS\WindowsUpdate.log
O44 - LFC:Last File Created 18/10/2009 - 05:12:02 p.m. —A- C:\WINDOWS\setupapi.log

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch 09/10/2009 - 04:24:48 p.m. —A- C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-199AAFF8.pf
O45 - LFCP:Last File Created Prefetch 09/10/2009 - 07:06:48 p.m. —A- C:\WINDOWS\Prefetch\AVWSC.EXE-21D2C1ED.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 01:37:04 p.m. —A- C:\WINDOWS\Prefetch\EPM-DM.EXE-1C692784.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 01:37:04 p.m. —A- C:\WINDOWS\Prefetch\SSMMGR.EXE-064D047E.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 01:37:04 p.m. —A- C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 01:45:24 p.m. —A- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 02:49:32 p.m. —A- C:\WINDOWS\Prefetch\Layout.ini
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 02:49:42 p.m. —A- C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 02:49:42 p.m. —A- C:\WINDOWS\Prefetch\DFRGFAT.EXE-22605FE5.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 03:04:02 p.m. —A- C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 08:55:08 a.m. —A- C:\WINDOWS\Prefetch\E_FATICAL.EXE-0667F513.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:13:38 a.m. —A- C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:22:58 a.m. —A- C:\WINDOWS\Prefetch\FIND.EXE-0EEAD1A7.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:22:58 a.m. —A- C:\WINDOWS\Prefetch\FINDSTR.EXE-1A4FC238.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:22:58 a.m. —A- C:\WINDOWS\Prefetch\SED.EXE-080B2B01.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:22:58 a.m. —A- C:\WINDOWS\Prefetch\SWREG.EXE-033E4BFC.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:28:44 a.m. —A- C:\WINDOWS\Prefetch\SWREG.EXE-2E6304DD.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:46:26 a.m. —A- C:\WINDOWS\Prefetch\ATTRIB.CFXXE-2659F53E.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:46:28 a.m. —A- C:\WINDOWS\Prefetch\GREP.CFXXE-1143901C.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:46:28 a.m. —A- C:\WINDOWS\Prefetch\SED.CFXXE-13206BAB.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:46:28 a.m. —A- C:\WINDOWS\Prefetch\SWREG.CFXXE-2EA30468.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:46:30 a.m. —A- C:\WINDOWS\Prefetch\NIRCMD.CFXXE-13FF818C.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:46:38 a.m. —A- C:\WINDOWS\Prefetch\CF23937.EXE-3A71735F.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:46:38 a.m. —A- C:\WINDOWS\Prefetch\CSCRIPT.EXE-0A13A05C.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:47:12 a.m. —A- C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:48:14 a.m. —A- C:\WINDOWS\Prefetch\CHCP.COM-17EDBDC9.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:48:14 a.m. —A- C:\WINDOWS\Prefetch\PEV.CFXXE-163A75C2.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 09:48:16 a.m. —A- C:\WINDOWS\Prefetch\PV.CFXXE-22055E2E.pf
O45 - LFCP:Last File Created Prefetch 15/10/2009 - 12:17:28 p.m. —A- C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:10 p.m. —A- C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:10 p.m. —A- C:\WINDOWS\Prefetch\INITIALIZE.EXE-2316EC09.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:10 p.m. —A- C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:10 p.m. —A- C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:12 p.m. —A- C:\WINDOWS\Prefetch\WSCNTFY.EXE-0B14C27D.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:16 p.m. —A- C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:18 p.m. —A- C:\WINDOWS\Prefetch\ALAUNCH.EXE-145B15F4.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:20 p.m. —A- C:\WINDOWS\Prefetch\AZMIXERSEL.EXE-0057985F.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:20 p.m. —A- C:\WINDOWS\Prefetch\HDASHCUT.EXE-2D2D5319.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:20 p.m. —A- C:\WINDOWS\Prefetch\SYNTPLPR.EXE-0340D8DF.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:22 p.m. —A- C:\WINDOWS\Prefetch\TINTSETP.EXE-2DD83AEF.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:24 p.m. —A- C:\WINDOWS\Prefetch\IGFXTRAY.EXE-0A23D403.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:26 p.m. —A- C:\WINDOWS\Prefetch\IGFXSRVC.EXE-1D88F978.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:28 p.m. —A- C:\WINDOWS\Prefetch\HKCMD.EXE-0F06AE14.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:28 p.m. —A- C:\WINDOWS\Prefetch\IGFXPERS.EXE-19DA7B04.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:30 p.m. —A- C:\WINDOWS\Prefetch\EPM.EXE-37629B5F.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:30 p.m. —A- C:\WINDOWS\Prefetch\SYNTPENH.EXE-2B70B91C.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:32 p.m. —A- C:\WINDOWS\Prefetch\PCMSERVICE.EXE-384B5F7A.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:36 p.m. —A- C:\WINDOWS\Prefetch\MONITOR.EXE-2231B72E.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:38 p.m. —A- C:\WINDOWS\Prefetch\RUNDLL32.EXE-6ADBE506.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:42 p.m. —A- C:\WINDOWS\Prefetch\AVP.EXE-26304E85.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:52 p.m. —A- C:\WINDOWS\Prefetch\REVOUNINSTALLER.EXE-1505313E.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:01:54 p.m. —A- C:\WINDOWS\Prefetch\MBAM.EXE-0D37CDF0.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:02:10 p.m. —A- C:\WINDOWS\Prefetch\RTHDCPL.EXE-005A6E31.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:02:50 p.m. —A- C:\WINDOWS\Prefetch\CAMTRAY.EXE-17CD6F8B.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:02:52 p.m. —A- C:\WINDOWS\Prefetch\UPDATECHECKER.EXE-2DED6868.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:02:58 p.m. —A- C:\WINDOWS\Prefetch\ACSTART17.EXE-0484C035.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:03:12 p.m. —A- C:\WINDOWS\Prefetch\MBRWRWIN.EXE-116CF276.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:05:08 p.m. —A- C:\WINDOWS\Prefetch\UNINSTALLGMAIL.EXE-174EE526.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:05:18 p.m. —A- C:\WINDOWS\Prefetch\A~NSISU_.EXE-37539439.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:05:30 p.m. —A- C:\WINDOWS\Prefetch\GNOTIFY.EXE-06A2C3DF.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:09:02 p.m. —A- C:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:09:32 p.m. —A- C:\WINDOWS\Prefetch\ZHPDIAG 1.24.21.EXE-24219E89.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:09:36 p.m. —A- C:\WINDOWS\Prefetch\ZHPDIAG 1.24.21.TMP-35E797C4.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:10:20 p.m. —A- C:\WINDOWS\Prefetch\CHROME.EXE-157105D1.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:10:24 p.m. —A- C:\WINDOWS\Prefetch\ZHPDIAG.EXE-25C13877.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:11:10 p.m. —A- C:\WINDOWS\Prefetch\ITUNESSETUP.EXE-373824B0.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:13:08 p.m. —A- C:\WINDOWS\Prefetch\SETUPADMIN.EXE-07596A02.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:13:58 p.m. —A- C:\WINDOWS\Prefetch\APPLEMOBILEDEVICESERVICE.EXE-30833E2A.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:14:00 p.m. —A- C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-1709A272.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:14:08 p.m. —A- C:\WINDOWS\Prefetch\DLLHOST.EXE-14573387.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:14:08 p.m. —A- C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:15:22 p.m. —A- C:\WINDOWS\Prefetch\CCSETUP224.EXE-23B20F40.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:15:38 p.m. —A- C:\WINDOWS\Prefetch\CCLEANER.EXE-09CFC2BC.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:17:00 p.m. —A- C:\WINDOWS\Prefetch\ATF-CLEANER.EXE-0FE5F44A.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:17:16 p.m. —A- C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:17:32 p.m. —A- C:\WINDOWS\Prefetch\MDNSRESPONDER.EXE-1E0EA707.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:17:36 p.m. —A- C:\WINDOWS\Prefetch\RSTRUI.EXE-05C31B56.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:18:04 p.m. —A- C:\WINDOWS\Prefetch\CONTROL.EXE-24FBF8B3.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:18:04 p.m. —A- C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D540BCC.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:18:34 p.m. —A- C:\WINDOWS\Prefetch\DIFXINSTALL32.EXE-0047873E.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:19:12 p.m. —A- C:\WINDOWS\Prefetch\MSIMN.EXE-183B59AF.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:20:34 p.m. —A- C:\WINDOWS\Prefetch\INTEGRATOR.EXE-1A8CCC7D.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:21:00 p.m. —A- C:\WINDOWS\Prefetch\DIFXINSTALL32.EXE-1984B98D.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:21:14 p.m. —A- C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:21:16 p.m. —A- C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:21:22 p.m. —A- C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:21:48 p.m. —A- C:\WINDOWS\Prefetch\ITUNES.EXE-14FD3AEE.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:21:58 p.m. —A- C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:22:06 p.m. —A- C:\WINDOWS\Prefetch\ITUNESPHOTOPROCESSOR.EXE-1FFAF76D.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:22:18 p.m. —A- C:\WINDOWS\Prefetch\IPODSERVICE.EXE-37043579.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:22:26 p.m. —A- C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:22:58 p.m. —A- C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf
O45 - LFCP:Last File Created Prefetch 18/10/2009 - 05:23:04 p.m. —A- C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

—\ Export de clé d’application autorisée (ECAA)(O47)
O47 - AAKE:Key Export SP - “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export SP - “C:\Program Files\Acer\Acer Arcade\PCMService.exe”="C:\Program Files\Acer\Acer Arcade\PCMService.exe::Enabled:CyberLink PowerCinema Resident Program"
O47 - AAKE:Key Export SP - “D:\3dsmax7\3dsmax.exe”=“D:\3dsmax7\3dsmax.exe::Enabled:3ds max 7"
O47 - AAKE:Key Export SP - “C:\Program Files\backburner 2\monitor.exe”="C:\Program Files\backburner 2\monitor.exe::Enabled:backburner 2.3 monitor”
O47 - AAKE:Key Export SP - “C:\Program Files\backburner 2\manager.exe”=“C:\Program Files\backburner 2\manager.exe::Enabled:backburner 2.3 manager"
O47 - AAKE:Key Export SP - “C:\Program Files\backburner 2\server.exe”="C:\Program Files\backburner 2\server.exe::Enabled:backburner 2.3 server”
O47 - AAKE:Key Export SP - “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export SP - “C:\Documents and Settings\Perla Varela\Local Settings\Application Data\FolderShare\FolderShare.exe”="C:\Documents and Settings\Perla Varela\Local Settings\Application Data\FolderShare\FolderShare.exe::Enabled:Windows Live FolderShare Beta"
O47 - AAKE:Key Export SP - “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe:*:Enabled:Windows Live Messenger”
O47 - AAKE:Key Export SP - “C:\Program Files\Windows Live\Messenger\livecall.exe”=

voila le rapport apres le scan

ComboFix 09-10-14.09 - Perla Varela 19/10/2009 16:16.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.476 [GMT -5:00]
Running from: c:\documents and settings\Perla Varela\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Perla Varela\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus On-access scanning disabled (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-19 01:46 . 2009-10-19 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-10-19 01:44 . 2009-10-19 01:44 -------- d-----w- c:\program files\Raxco
2009-10-18 23:37 . 2009-10-18 23:37 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-18 23:35 . 2009-10-18 23:35 -------- d-----w- c:\program files\Common Files\Skype
2009-10-18 23:35 . 2009-10-18 23:35 -------- d-----r- c:\program files\Skype
2009-10-18 23:19 . 2009-10-18 23:19 -------- d-----w- c:\program files\iPod
2009-10-18 23:18 . 2009-10-18 23:18 -------- d-----w- c:\program files\iTunes
2009-10-18 23:18 . 2009-10-18 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-18 23:17 . 2009-10-18 23:17 -------- d-----w- c:\program files\Bonjour
2009-10-18 23:16 . 2009-10-18 23:16 -------- d-----w- c:\program files\QuickTime
2009-10-18 23:09 . 2009-10-18 23:09 -------- d-----w- c:\program files\ZHPDiag
2009-10-15 15:16 . 2009-10-15 15:16 -------- d-----w- C:\GenProc
2009-10-14 19:47 . 2009-10-14 19:47 -------- d-sh–w- c:\documents and settings\Perla Varela\IECompatCache
2009-10-14 19:46 . 2009-10-14 19:46 -------- d-sh–w- c:\documents and settings\Perla Varela\PrivacIE
2009-10-14 19:39 . 2009-10-14 19:39 -------- d-sh–w- c:\documents and settings\Perla Varela\IETldCache
2009-10-14 19:12 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-14 19:12 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-14 19:12 . 2009-10-14 19:12 -------- d-----w- c:\windows\ie8updates
2009-10-14 19:12 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-14 19:09 . 2009-10-14 19:09 -------- d–h--w- c:\windows\ie8
2009-10-14 18:55 . 2009-10-14 18:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-14 18:54 . 2009-10-14 18:54 -------- d-----w- c:\program files\Microsoft
2009-10-11 00:47 . 2009-10-11 00:47 -------- d-----w- c:\program files\Trend Micro
2009-10-11 00:36 . 2009-10-11 00:36 -------- d-----w- c:\program files\FileHippo.com
2009-10-10 14:00 . 2009-10-10 14:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-10 02:18 . 2009-10-10 02:18 -------- d-----w- c:\program files\ma-config.com
2009-10-10 02:18 . 2009-10-10 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-10-10 01:39 . 2009-10-10 02:23 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-10 01:39 . 2009-10-10 02:23 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-10 01:38 . 2009-10-10 01:38 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-10 01:38 . 2009-10-10 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-10 01:38 . 2009-10-19 21:20 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-10 01:38 . 2009-10-19 21:20 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-10 01:36 . 2009-10-10 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-10 01:26 . 2009-10-10 01:26 -------- d-----w- c:\documents and settings\Perla Varela\Application Data\GlarySoft
2009-10-10 01:21 . 2009-10-10 01:21 -------- d-----w- c:\program files\Glary Utilities
2009-10-10 00:12 . 2009-10-10 00:12 -------- d-----w- c:\program files\VS Revo Group
2009-10-09 22:48 . 2009-10-09 22:48 -------- d-----w- C:\a
2009-10-09 19:22 . 2009-10-09 19:23 -------- d-----w- c:\documents and settings\Perla Varela\Application Data\Malwarebytes
2009-10-09 19:22 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 19:22 . 2009-10-09 19:22 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-10-09 19:22 . 2009-10-09 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-09 19:22 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 14:12 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 21:20 . 2009-10-10 01:38 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-19 21:20 . 2009-10-10 01:38 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-10 02:23 . 2008-01-29 22:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-11 14:18 . 2005-08-16 21:57 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-08-16 21:57 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2005-08-16 21:57 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-08-29 07:36 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-26 08:00 . 2005-08-16 21:58 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 20:09 . 2006-05-31 15:55 120976 ----a-w- c:\documents and settings\Perla Varela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2005-08-16 21:57 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2005-08-16 21:57 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-05 00:52 . 2009-08-05 00:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 14:20 . 2004-08-04 03:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2005-08-16 21:57 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2005-08-16 21:57 81920 ----a-w- c:\windows\system32\fontsub.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\a ----

2009-10-11 01:19 . 2009-10-11 02:26 10750 ----a-w- c:\a\hijackthis.log
2009-10-10 18:54 . 2009-10-10 18:54 861 ----a-w- c:\a\mbam-log-2009-10-10 (09-40-25).txt
2009-10-10 01:25 . 2009-10-10 01:25 117770902 ----a-w- c:\a\sauvereg.reg
2009-10-10 00:30 . 2009-05-23 02:53 245103 ----a-w- c:\a\JavaRa.def
2009-10-10 00:30 . 2009-07-16 18:33 157696 ----a-w- c:\a\JavaRa.exe
2009-10-10 00:30 . 2008-06-19 21:29 17987 ----a-w- c:\a\gpl-2.0.txt
2009-10-10 00:01 . 2009-10-10 00:01 3004 ----a-w- c:\a\mbam-log-2009-10-09 (19-00-57).txt

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“LaunchApp”=“Alaunch” [X]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2005-06-08 94208]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2005-06-08 77824]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2005-06-08 114688]
“AzMixerSel”=“c:\program files\Realtek\InstallShield\AzMixerSel.exe” [2005-06-12 53248]
“SynTPLpr”=“c:\program files\Synaptics\SynTP\SynTPLpr.exe” [2004-10-08 98394]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2004-10-08 688218]
“IMJPMIG8.1”=“c:\windows\IME\imjp8_1\IMJPMIG.EXE” [2004-08-04 208952]
“MSPY2002”=“c:\windows\system32\IME\PINTLGNT\ImScInst.exe” [2004-08-04 59392]
“PHIME2002ASync”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE” [2004-08-04 455168]
“PHIME2002A”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE” [2004-08-04 455168]
“PCMService”=“c:\program files\Acer\Acer Arcade\PCMService.exe” [2005-08-11 143360]
“EPM-DM”=“c:\acer\epm\epm-dm.exe” [2005-08-12 200704]
“ePowerManagement”=“c:\acer\ePM\ePM.exe” [2005-03-15 2893824]
“eRecoveryService”=“c:\program files\Acer\eRecovery\Monitor.exe” [2005-08-19 352256]
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2009-09-10 1312080]
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe” [2009-10-10 208616]
“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
“PD0620 STISvc”=“P0620Pin.dll” - c:\windows\system32\P0620Pin.dll [2005-05-10 36864]
“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]

c:\documents and settings\All Users\Start Menu\Programs\Startup
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
“MimBoot”=c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Acer\Acer Arcade\PCMService.exe”=
“d:\3dsmax7\3dsmax.exe”=
“c:\Program Files\backburner 2\monitor.exe”=
“c:\Program Files\backburner 2\manager.exe”=
“c:\Program Files\backburner 2\server.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Documents and Settings\Perla Varela\Local Settings\Application Data\FolderShare\FolderShare.exe”=
“c:\Program Files\Windows Live\Messenger\MsnMsgr.Exe”=
“c:\Program Files\Windows Live\Messenger\livecall.exe”=
“c:\Documents and Settings\Perla Varela\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll”=
“c:\Documents and Settings\Perla Varela\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe”=
“c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“c:\Program Files\iTunes\iTunes.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
“c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Spanish\setup.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“1723:TCP”= 1723:TCP:@xpsp2res.dll,-22015
“1701:UDP”= 1701:UDP:@xpsp2res.dll,-22016
“500:UDP”= 500:UDP:@xpsp2res.dll,-22017

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 p.m. 33808]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 04:28 p.m. 1533808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 p.m. 24592]
S2 SSPORT;SSPORT;??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 02:50 p.m. 238960]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder

2009-10-19 c:\windows\Tasks\GlaryInitialize.job

• c:\program files\Glary Utilities\initialize.exe [2009-10-10 00:27]
  .
  .
  ------- Supplementary Scan -------
  .
  uSearchMigratedDefaultURL = www.google.com…
  uDefault_Search_URL = www.google.com…
  uInternet Connection Wizard,ShellNext = iexplore
  uInternet Settings,ProxyOverride = *.local
  uSearchURL,(Default) = www.google.com…
  IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  Trusted Zone: musicmatch.com\online
  FF - ProfilePath - c:\documents and settings\Perla Varela\Application Data\Mozilla\Firefox\Profiles\73hxvxid.default
  FF - plugin: c:\documents and settings\Perla Varela\Application Data\Mozilla\plugins\npgoogletalk.dll
  FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
  FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
  .

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-10-19 16:30
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ€|ÿÿÿÿ•€|ù•A~*]
“A0C0110900063D11C8EF10054038389C”=“C?\WINDOWS\system32\FM20ENU.DLL”
.
--------------------- DLLs Loaded Under Running Processes ---------------------

• • • • • • • ‘explorer.exe’(1564)
              c:\windows\system32\WININET.dll
              c:\windows\system32\ieframe.dll
              c:\windows\system32\webcheck.dll
              c:\windows\system32\WPDShServiceObj.dll
              c:\windows\system32\PortableDeviceTypes.dll
              c:\windows\system32\PortableDeviceApi.dll
              .
              ------------------------ Other Running Processes ------------------------
              .
              c:\program files\INTEL\WIRELESS\BIN\EVTENG.EXE
              c:\program files\INTEL\WIRELESS\BIN\S24EVMON.EXE
              c:\acer\EMANAGER\ANBMSERV.EXE
              c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
              c:\program files\COMMON FILES\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE
              c:\program files\BONJOUR\MDNSRESPONDER.EXE
              c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
              c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
              c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
              c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
              c:\program files\RAXCO\PERFECTDISK10\PDAGENT.EXE
              c:\program files\INTEL\WIRELESS\BIN\REGSRVC.EXE
              c:\program files\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
              c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
              c:\program files\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDSVCM.EXE
              c:\windows\SYSTEM32\RUNDLL32.EXE
              c:\program files\RAXCO\PERFECTDISK10\PDENGINE.EXE
              c:\windows\SYSTEM32\WSCNTFY.EXE
              c:\windows\SYSTEM32\RUNDLL32.EXE
              .

.
Completion time: 2009-10-19 16:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-19 21:33
ComboFix2.txt 2009-10-15 15:48

Pre-Run: 18,197,905,408 bytes free
Post-Run: 18,162,384,896 bytes free

218 — E O F — 2009-10-10 01:37

alors c est grave docteur

et bien il a l air de se porter comme un charme

je suis en train de faire un defrag parce c’est vraiment le m… ier
je ne suis pas verser dans la recherche des virus mais quand même je n’ai jamais laissé ma machine en arriver là…

cela dit j’ai réinstallé mon pc suite aux dernières mises à jour il s’est mis à ramer :etonne2:
donc j’ai pris 24heures un format et là tout est en rentré dans l’ordre
il me reste à faire une image disque avec un logiciel pour le cas où…

Bonjour

et bien un rapport de plus avant de declarer Victoire

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

–> Recherche:

C:\Combofix.txt: trouvé !
C:\GenProc: trouvé !
C:\Qoobox: trouvé !
C:\a\hijackthis.log: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Perla Varela\My Documents\Downloads\ComboFix.exe: trouvé !
C:\Documents and Settings\Perla Varela\My Documents\Downloads\Genproc.exe: trouvé !
C:\Documents and Settings\Perla Varela\desktop\HijackThis.lnk: trouvé !
C:\Documents and Settings\Perla Varela\desktop\ComboFix.exe: trouvé !
C:\Program Files\ZHPDiag: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Program Files\ZHPDiag\ZHPdiag.exe: trouvé !
C:\GenProc\Genproc.exe: trouvé !
C:\GenProc\outil\mbr.exe: trouvé !
C:\GenProc\Page\GenProc[*].html: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !

bonne journee Jean

Ok c’est parti ^ ^)

merci pour tout

oups … :ane: … je suis maladroit aujourd hui

Un Grand merci à Senosen

ma belle soeur va pouvoir récupérer ses données sans risque :ange: