Forum Clubic

Mises à jours prioritaires XP impossibles

Cela fait maintenant plusieurs semaines (depuis la sortie de IE8) que j’essaye de mettre à jour certains programmes via Windows Update. Malheureusement, les mises à jour prioritaires échouent toutes lors de l’installation bien qu’elles n’aient en apparence aucun point commun. En revanche les mises à jour facultatives fonctionnent très bien. Avez-vous une idée ?

Salut

essayes ceci

Dans Internet Explorer ==>cliques sur le menu “Outils” ==> “Options de Internet”

==> Cliques sur l’onglet “Avancé”==> cliques sur “Réinitialiser”==> Cliques une seconde fois sur “Réinitialiser” laisses l’opération s’effectuer puis cliques ==> “Fermer” puis ==> “OK”.

==> Fermes et redémarres Internet explorer

==>puis testesà noveau ==> Windows Update.

:hello: cricri58

Salut ! Déjà merci pour avoir pris la peine de lire mon message et d’y répondre.

Alors j’ai fait ce que tu m’as conseillé de faire. Malheureusement le problème est toujours là.

Mise à jour de sécurité pour Windows XP (KB956572)
Internet Explorer 8 pour Windows XP :
Microsoft .NET Framework 1.1 Service Pack 1

Je n’ai aucun message d’erreur pouvant me dire d’où vient le problème.

J’ai essayé de les installer une par une, c’est pareil.

Dans tous les cas merci pour ton aide. As-tu une autre idée ?

Merci d’avance à très bientôt !

j’ai eu ça une fois sur un ordi laissé à l’abandon sécuritaire
lance un scan de ton PC, moi ça avait marché

Salut

Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

==>Random’s System Information Tool (RSIT)

==> Double-clique sur RSIT.exe afin de lancer RSIT.
==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

Re

Bon alors voici le contenu de log.txt

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Loïc at 2009-06-27 14:43:38
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 20 GB (35%) free of 57 GB
Total RAM: 1279 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44:08, on 27/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Loïc\Mes documents\Mes fichiers reçus\RSIT.exe
C:\Program Files\trend micro\Loïc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = www.windows.fr…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (disabled by BHODemon)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - www.kaspersky.com…
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - housecall65.trendmicro.com…
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - acs.pandasoftware.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com…
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com…
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - fichiers.touslesdrivers.com…
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com…
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com…
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - support.f-secure.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of file - 10077 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
AGSearchHook Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
IE to GetRight Helper - C:\Program Files\GetRight\xx2gr.dll [2007-07-18 246848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]
__BHODemonDisabled []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live ID - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-06 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“avast!”=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
“PinnacleDriverCheck”=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-11 406016]
“ZoneAlarm Client”=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-18 981384]
“KernelFaultCheck”=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“PnkBstrA”=3
“PDSched”=3
“PDEngine”=3
“LBTServ”=3
“gupdate1c9b516b956e05a”=2
“Apple Mobile Device”=3

C:\Documents and Settings\Loïc\Menu Démarrer\Programmes\Démarrage
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“notification packages”=
:\WINDOWS\system32\srr

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“HonorAutoRunSetting”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe::Disabled:hpfccopy.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:
:Disabled:hpoews01.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe::Disabled:hpofxm08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:
:Disabled:hposfx08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Disabled:hposid01.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:
:Disabled:hpqcopy.exe”
“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe::Disabled:hpqdia.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:
:Disabled:hpqkygrp.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe::Disabled:hpqnrs08.exe"
“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:
:Disabled:hpqphunl.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe::Disabled:hpqscnvw.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:
:Disabled:hpqste08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe::Disabled:hpqtra08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:
:Disabled:hpzwiz01.exe”
“C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe”=“C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe::Disabled:Kaspersky AV Scanner"
“F:\ADSL_Thomson\ST530v5\Expert\Setup Wizard\SetupST.exe”="F:\ADSL_Thomson\ST530v5\Expert\Setup Wizard\SetupST.exe:
:Enabled:SpeedTouch Setup Wizard”
“C:\Program Files\uTorrent\uTorrent.exe”=“C:\Program Files\uTorrent\uTorrent.exe::Enabled:µTorrent"
“C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe”="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:
:Disabled:PMSRegisterFile”
“C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe”=“C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe::Disabled:Pro Evolution Soccer 2008"
“C:\Program Files\Pinnacle\Studio 11\programs\RM.exe”="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:
:Disabled:Render Manager”
“C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe”=“C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe::Disabled:Studio"
“C:\Program Files\Pinnacle\Studio 11\programs\umi.exe”="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:
:Disabled:umi”
“C:\Program Files\Azureus\Azureus.exe”=“C:\Program Files\Azureus\Azureus.exe::Enabled:Azureus"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:
:Enabled:Windows Live Messenger”
“C:\Program Files\Windows Live\Messenger\livecall.exe”=“C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)"
“C:\Program Files\eMule\emule.exe”="C:\Program Files\eMule\emule.exe:
:Enabled:eMule”
“C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe”=“C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe::Disabled:sof3"
“C:\Program Files\LimeWire\LimeWire.exe”="C:\Program Files\LimeWire\LimeWire.exe:
:Disabled:LimeWire”
“C:\Program Files\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe”=“C:\Program Files\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe::Disabled:Miro_Downloader"
“C:\Program Files\PC-Telephone\PCTel.exe”="C:\Program Files\PC-Telephone\PCTel.exe:
:Disabled:PC-Telephone Executable”
“C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe”=“C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe::Disabled:PMSRegisterFile"
“C:\Program Files\Pinnacle\Studio 10\programs\RM.exe”="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:
:Disabled:Render Manager”
“C:\Program Files\TightVNC\WinVNC.exe”=“C:\Program Files\TightVNC\WinVNC.exe::Disabled:Serveur TightVNC Win32"
“C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe”="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:
:Disabled:Studio”
“C:\Program Files\Pinnacle\Studio 10\programs\umi.exe”=“C:\Program Files\Pinnacle\Studio 10\programs\umi.exe::Disabled:umi"
“C:\Program Files\Soldier of Fortune II - Double Helix\SoF2MP.exe”="C:\Program Files\Soldier of Fortune II - Double Helix\SoF2MP.exe:
:Enabled:SoF2MP”
“C:\Program Files\SwarmPlayer\swarmplayer.exe”=“C:\Program Files\SwarmPlayer\swarmplayer.exe::Enabled:swarmplayer"
“C:\WINDOWS\system32\ZoneLabs\vsmon.exe”="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:
:Enabled:TrueVector Service”
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook"
“C:\Program Files\Skype\Phone\Skype.exe”="C:\Program Files\Skype\Phone\Skype.exe:
:Enabled:Skype”
“C:\Program Files\Bonjour\mDNSResponder.exe”=“C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour"
“C:\Program Files\iTunes\iTunes.exe”="C:\Program Files\iTunes\iTunes.exe:
:Enabled:iTunes”
“C:\Program Files\SFR\Media Center\httpd\httpd.exe”=“C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)”
“C:\Program Files\Spotify\spotify.exe”=“C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe:
:Enabled:Windows Live Messenger (Phone)”

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4feedf03-dbd5-11dc-a6d7-000e5061bb3b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

======List of files/folders created in the last 1 months======

2009-06-27 14:43:40 ----D---- C:\Program Files\trend micro
2009-06-27 14:43:38 ----D---- C:\rsit
2009-06-27 08:47:27 ----D---- C:\WINDOWS\LastGood
2009-06-25 21:49:07 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-24 20:17:40 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-06-24 19:56:43 ----D---- C:\Documents and Settings\Loïc\Application Data\Spotify
2009-06-23 22:04:20 ----D---- C:\Documents and Settings\Loïc\Application Data\Windows Search
2009-06-23 21:38:46 ----D---- C:\Program Files\Spotify
2009-06-21 12:36:07 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-06-21 12:36:06 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-06-21 12:36:06 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-06-21 12:36:06 ----N---- C:\WINDOWS\system32\px.dll
2009-06-21 12:29:50 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-06-12 18:53:41 ----HDC---- C:\WINDOWS$NtUninstallKB961501$
2009-06-12 18:53:15 ----HDC---- C:\WINDOWS$NtUninstallKB969898$
2009-06-11 07:33:19 ----HDC---- C:\WINDOWS$NtUninstallKB970238$
2009-06-11 07:32:18 ----HDC---- C:\WINDOWS$NtUninstallKB968537$

======List of files/folders modified in the last 1 months======

2009-06-27 14:43:40 ----RD---- C:\Program Files
2009-06-27 14:42:15 ----D---- C:\WINDOWS\Internet Logs
2009-06-27 13:33:17 ----D---- C:\Program Files\Mozilla Firefox
2009-06-27 12:47:11 ----D---- C:\WINDOWS\Temp
2009-06-27 12:01:43 ----D---- C:\WINDOWS
2009-06-27 12:01:42 ----HD---- C:\WINDOWS\inf
2009-06-27 10:42:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-27 09:10:05 ----SHD---- C:\WINDOWS\Installer
2009-06-27 09:10:05 ----RSD---- C:\WINDOWS\assembly
2009-06-27 09:10:05 ----HD---- C:\Config.Msi
2009-06-27 08:41:06 ----D---- C:\WINDOWS\system32
2009-06-27 08:41:06 ----D---- C:\Program Files\Windows Desktop Search
2009-06-27 08:32:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-27 08:32:39 ----D---- C:\WINDOWS\system32\wbem
2009-06-27 08:32:39 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-25 22:08:48 ----D---- C:\WINDOWS\system32\drivers
2009-06-25 21:59:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-25 21:47:52 ----D---- C:\WINDOWS\Debug
2009-06-25 21:47:51 ----D---- C:\WINDOWS\Minidump
2009-06-25 21:47:50 ----SHD---- C:\RECYCLER
2009-06-24 20:22:24 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-06-24 20:17:40 ----D---- C:\Program Files\Fichiers communs
2009-06-24 19:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2009-06-24 14:42:56 ----A---- C:\WINDOWS\Memory.ini
2009-06-24 08:58:36 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-23 22:22:07 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-21 12:29:49 ----D---- C:\Program Files\Google
2009-06-19 07:10:43 ----A---- C:\WINDOWS\FXIWIN.INI
2009-06-18 21:46:50 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-18 21:10:33 ----A---- C:\WINDOWS\Blip.ini
2009-06-14 14:56:25 ----A---- C:\WINDOWS\win.ini
2009-06-12 18:53:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-12 18:52:59 ----HD---- C:\WINDOWS$hf_mig$
2009-06-11 07:32:54 ----D---- C:\Program Files\Internet Explorer
2009-06-11 07:32:41 ----D---- C:\WINDOWS\ie7updates
2009-06-07 16:18:07 ----RSD---- C:\WINDOWS\Fonts
2009-06-07 16:17:13 ----D---- C:\Program Files\Microsoft Works
2009-06-06 05:55:21 ----D---- C:\Documents and Settings\Loïc\Application Data\Azureus
2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 GhPciScan;GhostPciScanner; ??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-18 353672]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 Defrag32;Defrag32; C:\WINDOWS\system32\drivers\Defrag32.sys [2005-11-22 61456]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712]
R2 LF30FS;LF30FS; ??\C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys []
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-01 123614]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-01 13696]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-04-24 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-04-24 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-10-26 4124352]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2004-03-10 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelS51;Intel® 536EP Modem; C:\WINDOWS\system32\DRIVERS\IntelS51.sys [2004-12-23 1903370]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-12-18 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-12-18 28816]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-11-10 47360]
R3 SISNIC;Pilote de carte Fast Ethernet PCI SiS; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-04 32768]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys []
S3 aqlyocbr;aqlyocbr; C:\WINDOWS\system32\drivers\aqlyocbr.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; ??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2006-05-10 56064]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-05-10 36736]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2006-05-10 71680]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; ??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver; ??\C:\WINDOWS\system32\PLCMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; ??\C:\WINDOWS\system32\PLCNDIS5.SYS []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SQTECH905C;Dual Camera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2004-12-08 32123]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TSP;TSP; ??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d’imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-03-09 951632]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-18 2402184]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2009-01-07 26144]
S3 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2008-12-08 10240]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
S3 aspnet_state;Service d’état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-06 152984]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-07-28 77824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2005-11-29 483397]
S3 PDSched;PDScheduler; C:\Program Files\Raxco\PerfectDisk\PDSched.exe [2005-11-29 241731]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 gupdate1c9b516b956e05a;Google Update Service (gupdate1c9b516b956e05a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe [2009-02-19 121360]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-16 66872]

-----------------EOF-----------------

et voici le contenu de info.txt

info.txt logfile of random’s system information tool 1.06 2009-06-27 14:44:18

======Uninstall list======

-=CASH=- SOF Minimizer–>MsiExec.exe /I{B720288E-778A-4308-8D65-8EE2E775042A}
–>C:\Program Files\InstallShield Installation Information{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x040c -removeonly
–>C:\Program Files\InstallShield Installation Information{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x040c -removeonly
–>C:\Program Files\Nero\Nero8\nero\uninstall\UNNERO.exe /UNINSTALL
–>C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
–>C:\WINDOWS\UNNeroVision.exe /UNINSTALL
–>C:\WINDOWS\UNRecode.exe /UNINSTALL
Ad-Aware–>“C:\Documents and Settings\All Users\Application Data{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe” REMOVE=TRUE MODIFY=FALSE
Ad-Aware–>C:\Documents and Settings\All Users\Application Data{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX–>C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin–>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5–>C:\WINDOWS\system32\Adobe\uninstaller.exe
AIMP2–>C:\Program Files\AIMP2\Uninstall.exe
AltoMP3 Gold 5.20–>C:\Program Files\AltoMP3 Gold\uninst.exe
Antidote RX v2–>MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}
Apple Mobile Device Support–>MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update–>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR–>C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live ID–>MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Audacity 1.2.6–>“C:\Program Files\Audacity\unins000.exe”
avast! Antivirus–>C:\Program Files\Alwil Software\Avast4\aswRunDll.exe “C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll”,RunSetup
AviSynth 2.5–>“C:\Program Files\AviSynth 2.5\Uninstall.exe”
Azureus–>C:\Program Files\Azureus\Uninstall.exe
Babylon–>C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
Bonjour–>MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Utilities PhotoStitch 3.1–>C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
CCleaner (remove only)–>“C:\Program Files\CCleaner\uninst.exe”
CDDRV_Installer–>MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
ConvertXtoDVD 2.2.3.258g–>“C:\Program Files\VSO\ConvertXtoDVD\unins000.exe”
CoreAAC Audio Decoder (remove only)–>“C:\WINDOWS\system32\CoreAAC-uninstall.exe”
Correctif pour Windows Internet Explorer 7 (KB947864)–>“C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe”
DirectVobSub (remove only)–>“C:\Program Files\DirectVobSub\uninstall.exe”
DiscAPI (Studio 10)–>MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX–>C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivXLand Media Subtitler–>C:\WINDOWS\unvise32.exe C:\Program Files\DivXLand\Media Subtitler\uninstal.log
eMule–>“C:\Program Files\eMule\Uninstall.exe”
EVEREST Home Edition v2.20–>“C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe”
filehippo.com Update Checker–>“C:\Program Files\FH Update Checker\uninstall.exe”
FLV Player–>“C:\WINDOWS\FLV Player\uninstall.exe” “/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml”
Foxit Reader–>C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free FLV Converter V 6.32–>“C:\Program Files\Free FLV Converter\unins000.exe”
Free Window Registry Repair–>C:\PROGRA~1\FREEWI~1\UNWISE.EXE C:\PROGRA~1\FREEWI~1\INSTALL.LOG
GeoGebra–>“C:\Program Files\GeoGebra\UninstallerData\Uninstaller.exe”
GetRight–>“C:\Program Files\GetRight\unins000.exe”
GigaTribe 2.50–>“C:\Program Files\GigaTribe\unins000.exe”
Glary Utilities 2.6–>“C:\Program Files\Glary Utilities\unins000.exe”
Google Calendar Sync–>“C:\Program Files\Google\Google Calendar Sync\uninstall.exe”
Google Update Helper–>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth–>MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Haali Media Splitter–>“C:\Program Files\Haali\MatroskaSplitter\uninstall.exe”
HijackThis 2.0.2–>“C:\Program Files\trend micro\HijackThis.exe” /uninstall
honestech VHS to DVD 2.0–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}\Setup.exe” -l0x9
Hotfix for Microsoft .NET Framework 3.0 (KB932471)–>C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)–>C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)–>C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Imaging Device Functions 7.0–>C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential–>MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet and Deskjet 7.0.A–>C:\Program Files\HP\Digital Imaging{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update–>MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0–>C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Indeo® Software–>C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
iTunes–>MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
iWizz–>C:\Program Files\iWizz\uninstall.exe
iWizz–>C:\Program Files\iWizz\uninstall.exe
Java™ 6 Update 13–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 3–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky On-line Scanner–>C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kaspersky Online Scanner–>C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KC Softwares AudioGrail–>“C:\Program Files\KC Softwares\AudioGrail\unins000.exe”
KC Softwares SUMo–>“C:\Program Files\KC Softwares\SUMo\unins000.exe”
KhalInstallWrapper–>MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Mega Codec Pack 4.0.0–>“C:\Program Files\K-Lite Codec Pack\unins000.exe”
LabelPrint 2.0–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe” -uninstall
Lame ACM MP3 Codec–>C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Lecteur Windows Media 11–>“C:\Program Files\Windows Media Player\Setup_wm.exe” /Uninstall
Life Poster Maker–>C:\Program Files\LifePosterMaker\uninstal.exe
LimeWire 4.18.8–>“C:\Program Files\LimeWire\uninstall.exe”
Lock Folder XP 3.6–>“C:\Program Files\Everstrike Software\Lock Folder XP 3.6\Uninstall.exe” “C:\Program Files\Fichiers communs\Everstrike Software\Lock Folder XP 3.6\install.log”
Logitech SetPoint–>“C:\Program Files\InstallShield Installation Information{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe” -runfromtemp -l0x040c -removeonly
m4ng Codec Pack–>C:\Program Files\m4ng codec pack\Cp_Uninstal.exe
m4ng Video Analyser–>C:\Program Files\m4ng Video Analyser\Uninstal.exe
m4ng–>C:\Program Files\m4ng\m4ng_Uninstal.exe
Magic ISO Maker v5.3 (build 0216)–>C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Maple 10–>“C:\Program Files\Maple 10\Uninstall_Maple 10\Uninstall Maple 10.exe”
MATLAB R2008b–>C:\Program Files\MATLAB\R2008b\uninstall\uninstall.exe C:\Program Files\MATLAB\R2008b
MaxTV - TVU Player Plugin–>“C:\WINDOWS\MaxTV - TVU Player Plugin\uninstall_tvu.exe” “/U:C:\Program Files\DMV\MaxTV\plugins\Uninstall\TVU\uninstall_tvu.xml”
MaxTV–>“C:\WINDOWS\MaxTV\uninstall_maxtv.exe” “/U:C:\Program Files\DMV\MaxTV4\Uninstall\MaxTV\uninstall_maxtv.xml”
MediaCoder 0.7.0.4370–>C:\Program Files\MediaCoder\uninst.exe
MediaInfo 0.7.6.4–>C:\Program Files\MediaInfo\uninst.exe
MediaRescue Pro 4.5.1–>C:\Program Files\MediaRescue Pro\uninst.exe
Messenger Plus! Live–>“C:\Program Files\Messenger Plus! Live\Uninstall.exe”
Microsoft .NET Framework 1.1 French Language Pack–>MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA–>MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2–>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA–>MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2–>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra–>MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1–>C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1–>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP–>“C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”
Microsoft Internationalized Domain Names Mitigation APIs–>“C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe”
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5–>“C:\WINDOWS$NtUninstallWdf01005$\spuninst\spuninst.exe”
Microsoft National Language Support Downlevel APIs–>“C:\WINDOWS$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe”
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007–>MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007–>MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007–>MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4–>MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook Connector–>MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007–>MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007–>MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007–>“C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007–>MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007–>MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007–>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007–>MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007–>MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007–>MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007–>MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight–>MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0–>“C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)–>“C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)–>“C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)–>“C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)–>“C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)–>“C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)–>“C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)–>“C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)–>“C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)–>“C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)–>“C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)–>“C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)–>“C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB923789)–>C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB961501)–>“C:\WINDOWS$NtUninstallKB961501$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB968537)–>“C:\WINDOWS$NtUninstallKB968537$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB969898)–>“C:\WINDOWS$NtUninstallKB969898$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB970238)–>“C:\WINDOWS$NtUninstallKB970238$\spuninst\spuninst.exe”
Mise à jour Microsoft Office Excel 2007 Help (KB963678)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
MKVtoolnix 2.2.0b–>C:\Program Files\MKVtoolnix\uninst.exe
Module linguistique Microsoft .NET Framework 3.5 SP1- fra–>c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.11)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)–>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)–>MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 Trial–>MsiExec.exe /X{01ED1F71-DFB4-43CC-B787-02D07BC9F59B}
neroxml–>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
neuf Talk 1.4–>C:\Program Files\neuf Talk\uninst.exe
Norton Ghost–>MsiExec.exe /I{6975E810-C92F-45F0-0BFD-187B312F10E8}
NVIDIA Drivers–>C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe”
NVIDIA Windows 2000/XP Display Drivers–>rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
O&O DiskRecovery–>MsiExec.exe /X{53480880-18E0-4097-A460-F22DD3AC6D70}
O&O UnErase–>MsiExec.exe /X{53480350-2D1F-461C-9214-3AEC993DD4A1}
Package de base Microsoft de service de chiffrement pour cartes à puce–>“C:\WINDOWS$NtUninstallbasecsp$\spuninst\spuninst.exe”
Package de pilotes Windows - Pinnacle Systems (BENDER) Media (11/21/2005 2.0.19.0)–>rundll32.exe C:\PROGRA~1\DIFX\4A46D8A01D3E2287\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\PCLEBend_751CCE8DB684339E3B7C1F674E51E7966E991B50\PCLEBend.inf
Panda ActiveScan 2.0–>C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PerfectDisk–>MsiExec.exe /I{C190CB55-817E-4713-84F4-0BBB8961CED9}
PhotoFiltre–>“C:\Program Files\PhotoFiltre\Uninst.exe”
Picasa 3–>“C:\Program Files\Google\Picasa3\Uninstall.exe”
Pinnacle Bender 32-bit–>MsiExec.exe /X{92A63804-501A-44B2-8EC3-8B8DFA2E97B2}
PinnacleHollywood FX 5–>C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
PowerISO–>“C:\Program Files\PowerISO\uninstall.exe”
PowerQuest PartitionMagic 8.0–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Print Pilot 1.5 Trial–>“C:\Program Files\Print Pilot\unins000.exe”
Pro Evolution Soccer 2008–>C:\Program Files\InstallShield Installation Information{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x040c
QuickTime–>MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RAPID (Studio 10)–>MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
Realtek AC’97 Audio–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe” -l0x40c -removeonly
REALVIZ Stitcher Unlimited 5.5–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FF22E5F5-908B-42E3-A448-D74D42D5B290}\Setup.exe” -l0x40c UNINSTALL
Regressi–>MsiExec.exe /I{E2E164AB-1367-488F-8F1F-BA312DB2FF18}
Ri4m v5.0.1d–>C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
Ripp-It Codec Pack v 4.2.6–>C:\Program Files\Ripp-It Codec Pack\uninst.exe
ScanSoft OmniPage 15.0–>MsiExec.exe /I{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E}
ScanSoft PDF Converter 3.0–>MsiExec.exe /I{602A205F-8D02-48EE-8782-262B2103B984}
ScanSoft PDF Create 3.0–>MsiExec.exe /I{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}
Security Update for 2007 Microsoft Office System (KB969559)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SFR - Kit de connexion–>C:\Program Files\SFR\Kit\uninstall.exe
SFR - Media Center–>C:\Program Files\SFR\Media Center\uninstall.exe
SiSAGP driver–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe” -l0x40c
Skype™ 4.0–>MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SmartSound Quicktracks Plugin–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SOF2 Multi-User Configuration–>C:\WINDOWS\iun6002.exe “C:\Program Files\Soldier Of Fortune II - Double Helix\irunin.ini”
Soldier of Fortune II: Double Helix–>C:\PROGRA~1\SOLDIE~1\Uninstall\Unwise.exe /u C:\PROGRA~1\SOLDIE~1\Uninstall\Install.log
Sony Picture Utility–>C:\Program Files\InstallShield Installation Information{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c uninstall -removeonly
Sony USB Driver–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe” UNINSTALL
Spelling Dictionaries Support For Adobe Reader 8–>MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spotify–>“C:\Program Files\Spotify\uninstall.exe”
Spybot - Search & Destroy 1.5.2.20–>“C:\WINDOWS\unins000.exe”
Spybot - Search & Destroy–>“C:\Program Files\Spybot - Search & Destroy\unins000.exe”
Studio 11 Bonus DVD–>C:\Program Files\InstallShield Installation Information{45A1BF92-700A-4408-B95E-79F462E3D67D}\setup.exe -runfromtemp -l0x040c UNINSTALL -removeonly
Studio 9.4 Patch–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe” -l0x40c UNINSTALL
Studio 9–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe” -l0x40c UNINSTALL
Subtitle Workshop 2.51–>“C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe”
System Requirements Lab–>C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2–>“C:\Program Files\Teamspeak2_RC2\unins000.exe”
TightVNC 1.3.10–>“C:\Program Files\TightVNC\unins000.exe”
TV sur PC–>C:\Program Files\Neuf\TV_PC\uninstall.exe
UltraISO Premium V8.63–>“C:\Program Files\UltraISO\unins000.exe”
UnderCoverXP 1.14–>“C:\Program Files\UnderCoverXP\unins000.exe”
Unlocker 1.8.7–>C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)–>C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Utilitaire BeWAN Powerline–>C:\Program Files\BeWAN Powerline\Uninstal.exe
VC 9.0 Runtime–>MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VideoAvatar–>“C:\Program Files\GeoVid\Video Avatar\unins000.exe”
VirtualDub 1.6.9 Fr–>C:\Program Files\VirtualDub\UnInstall_VirtualDub.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)–>MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01–>C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.8a–>C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO CopyToDVD 4–>“C:\Program Files\VSO\unins000.exe”
Webshots Desktop–>“C:\Program Files\AGI\common\bootstrapper.exe” -uninstall"“C:/Program Files/AGI/Python25\pythonw.exe” “C:\Program Files\AGI\common\pyagcore\installer.pyc” -u WebshotsDesktop"
Winamp–>“C:\Program Files\Winamp\UninstWA.exe”
Windows Imaging Component–>“C:\WINDOWS$NtUninstallWIC$\spuninst\spuninst.exe”
Windows Live installer–>MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger–>MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime–>“C:\Program Files\Windows Media Player\wmsetsdk.exe” /UninstallAll
Windows Media Format 11 runtime–>“C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”
Windows Media Player 11–>“C:\WINDOWS$NtUninstallwmp11$\spuninst\spuninst.exe”
Windows Media Player Firefox Plugin–>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation–>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3–>“C:\WINDOWS$NtServicePackUninstall$\spuninst\spuninst.exe”
X-Lite 3.0–>“C:\Program Files\CounterPath\X-Lite\unins001.exe”
XML Paper Specification Shared Components Language Pack 1.0–>“C:\WINDOWS$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe”
Xvid 1.1.3 final uninstall–>“C:\Program Files\Xvid\unins000.exe”
ZoneAlarm Pro–>C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090626-0]
FW: ZoneAlarm Pro Firewall

======System event log======

Computer Name: CINLO
Event Code: 7000
Message: Le service PLCMPR5 NDIS Protocol Driver n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.

Record Number: 43510
Source Name: Service Control Manager
Time Written: 20090614202703.000000+120
Event Type: erreur
User:

Computer Name: CINLO
Event Code: 7000
Message: Le service PLCMPR5 NDIS Protocol Driver n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.

Record Number: 43509
Source Name: Service Control Manager
Time Written: 20090614202703.000000+120
Ev

Salut

Infections

fais et lis bien

désactive ton Anti-virus le temps de faire ces manipulations.

1)Télécharge Winsockxpfix

sur ton bureau sans l executer au cas tu en aurai besoin aprés

==>Winsockxpfix

ensuite

2)Télécharge Combofix

==>Combofix

==>sur ton Bureau(et pas ailleurs) et renomme le avant qu’il vienne sur ton bureau.
pour ce faire fait un clic droit sur Combofix.exe ,choisis “enregistrer la cible du lien sous…” et renomme le en==>OursBrun83.exe
==> et pour l’emplacement choisis ton bureau et cliques sur “enregistrer”

Double clique==> OursBrun83.exe ==>(Fichier renommé)
Tapes sur la touche1 pour démarrer le scan et suis les instructions indiquées par combofix.
Lorsque le scan sera terminé, un rapport apparaîtra. Copie/colle ce rapport ici même.
==>Le rapport se trouve également ici : C:\Combofix.txt
==> tu ne devras pas cliquer dans la fenêtre de Combofix pendant l’analyse ; ceci provoquerait le blocage du programme.

réactives ton Antivirus

[b]PS
si ta connexion internet n’est plus active après le redémarrage

Fait un double clic sur le fichier de WinsockXPFix
clique sur “Fix” au cas faudra faire une réparation manuelle[/b]

ensuite

3)télécharges --> Malwarebytes (mbam)
==>Malwarebytes

installes + mise a jour
et
Redémarre en “Mode sans échec”

tapote sur la touche F8 jusqu’à l’affichage du menu des options avancées de Windows, et sélectionne “Mode sans échec”.
Choisis ta session habituelle

Lances–> Malwarebytes (MBAM)

  • Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”
  • Sélectionnes tes disques durs" puis clique sur “Lancer l’examen”
  • A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
  • Suppression des éléments détectés --> cliques sur Supprimer la sélection–>a faire
  • S’il t’ es demandé de redémarrer, clique sur "oui "

aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

et en dernier aprés avoir posté les rapports de Combofix et de Malwarebytes

4)Télécharges ==>GenProc
–> sur le bureau

==>GenProc

–> Décompresse le sur le bureau
–>Ouvre le dossier créé et lance GenProc.bat(double-cliquer UNE SEULE FOIS sur le fichier GenProc.bat)
->le rapport s’affiche en très peu de temps, c’est normal.
–>Tu obtiendras alors un rapport ==> fais un copié/collé ici

@+ cricri58

Salut OursBrun83

tu feras ceci aprés avoir posté les rapports de ComboFix, Malwarebytes et GenProc

le temps de jeter un oeil fais

Télécharge OTMoveIt3 (de Old_Timer) sur le bureau :

==>OTMovel3

Double-clique sur OTMoveIt3.exe sur le bureau

  • Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée

  • Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

  • Clique sur MoveIt! pour lancer la suppression.
  • Ferme OTMoveIt3

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTMoveIt qui se trouve dans C:_OTMoveIt\MovedFiles.

ensuite
Normalement hijackths et déja dans Programm Files

telecharges hijackthis -->Hijackthis

regarde–> renommer correctement Hijackthis ==>Renommer Hijackths

Lances Hiackthis

Cliques sur Do a System Scan Only

coches ces Lignes

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com
O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Ferme tes autres applications==>cliques sur ==>Fix Checked

Bonjour !

Merci d’être toujours là ce matin pour m’aider !

Je suis désolé de ne pas être revenu hier soir, la recherche de Malware a pris du temps et après je suis sorti faire la fête (premier jour de vacances alors … ^^)

Bon sinon j’en suis à GenProc

Je te poste dans un premier temps :

ComboFix.txt :

ComboFix 09-06-26.02 - Loïc 27/06/2009 16:29.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1279.755 [GMT 2:00]
Lancé depuis: c:\documents and settings\Loïc\Bureau\OursBrun83.exe
AV: avast! antivirus 4.8.1335 [VPS 090626-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ktd32.atm
c:\windows\patch.exe
c:\windows\system32_003238_.tmp.dll
c:\windows\system32_003401_.tmp.dll
c:\windows\system32_003403_.tmp.dll
c:\windows\system32_003404_.tmp.dll
c:\windows\system32_003407_.tmp.dll
c:\windows\system32_003408_.tmp.dll
c:\windows\system32_003410_.tmp.dll
c:\windows\system32_003411_.tmp.dll
c:\windows\system32_003412_.tmp.dll
c:\windows\system32_003414_.tmp.dll
c:\windows\system32_003415_.tmp.dll
c:\windows\system32_003417_.tmp.dll
c:\windows\system32_003421_.tmp.dll
c:\windows\system32_003422_.tmp.dll
c:\windows\system32_003424_.tmp.dll
c:\windows\system32_003425_.tmp.dll
c:\windows\system32_003427_.tmp.dll
c:\windows\system32_003429_.tmp.dll
c:\windows\system32_003433_.tmp.dll
c:\windows\system32_003436_.tmp.dll
c:\windows\system32_003438_.tmp.dll
c:\windows\system32_003439_.tmp.dll
c:\windows\system32_003440_.tmp.dll
c:\windows\system32_003444_.tmp.dll
c:\windows\system32\NSIS.Library.RegTool.v2.{726515F1-2CE5-4668-B268-4E9ABC143CD6}.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-27 au 2009-06-27 ))))))))))))))))))))))))))))))))))))
.

2009-06-27 12:43 . 2009-06-27 12:44 -------- d-----w- c:\program files\trend micro
2009-06-27 12:43 . 2009-06-27 12:44 -------- d-----w- C:\rsit
2009-06-26 05:03 . 2009-06-26 05:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GlarySoft
2009-06-25 19:50 . 2009-06-25 19:50 -------- d-----r- c:\documents and settings\Administrateur\Mes documents
2009-06-24 18:17 . 2009-06-24 18:17 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-06-23 19:38 . 2009-06-23 19:38 -------- d-----w- c:\program files\Spotify
2009-06-21 11:15 . 2009-06-21 11:15 64964 —ha-w- c:\windows\system32\mlfcache.dat
2009-06-21 10:29 . 2009-06-21 10:29 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-06-07 15:49 . 2009-06-26 17:01 -------- d-----w- c:\documents and settings\Administrateur\Bureau

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 06:41 . 2009-03-20 17:58 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-27 06:32 . 2003-04-24 12:00 81386 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-27 06:32 . 2003-04-24 12:00 503238 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-25 20:05 . 2008-04-16 09:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2009-06-25 19:59 . 2007-11-09 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-25 19:52 . 2008-04-16 09:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-24 17:48 . 2008-07-17 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2009-06-21 10:29 . 2007-11-09 22:15 -------- d-----w- c:\program files\Google
2009-06-18 19:46 . 2007-11-09 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-11 10:40 . 2007-11-07 13:43 4212 —ha-w- c:\windows\system32\zllictbl.dat
2009-06-07 14:17 . 2007-11-09 23:52 -------- d-----w- c:\program files\Microsoft Works
2009-05-25 17:28 . 2008-01-27 07:31 17428841 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-17 09:43 . 2009-04-11 13:02 -------- d-----w- c:\program files\Pvm
2009-05-16 08:15 . 2007-11-09 22:19 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-10 08:28 . 2009-05-10 08:25 -------- d-----w- c:\program files\Free FLV Converter
2009-05-08 17:31 . 2007-11-09 22:08 -------- d-----w- c:\program files\eMule
2009-05-07 15:33 . 2007-11-07 10:44 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 18:49 . 2008-08-12 21:19 -------- d-----w- c:\program files\VisualRoute Lite Edition
2009-05-05 18:49 . 2009-04-14 21:00 -------- d-----w- c:\program files\QuickTime
2009-05-05 18:49 . 2008-04-28 20:02 -------- d-----w- c:\program files\honestech VHS to DVD 2.0
2009-05-05 18:49 . 2008-02-27 15:28 -------- dcsh–w- c:\program files\Fichiers communs\WindowsLiveInstaller
2009-05-05 18:49 . 2007-11-09 22:06 -------- d-----w- c:\program files\Lavasoft
2009-05-05 18:49 . 2007-11-08 19:37 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-05-05 18:49 . 2008-11-16 08:49 -------- d-----w- c:\program files\DivX
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:45 . 2007-11-07 10:44 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2007-11-07 11:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-21 12:51 . 2009-05-10 08:26 294912 ----a-w- c:\windows\system32\TubeFinder.exe
2009-04-19 19:50 . 2007-11-07 10:44 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 17:47 . 2009-02-21 22:12 197 ----a-w- C:\muxmp4.bat
2009-04-16 17:44 . 2009-04-16 17:44 361 ----a-w- C:\x64_p2.bat
2009-04-16 17:41 . 2009-04-16 17:41 316 ----a-w- C:\x64_p1.bat
2009-04-16 05:29 . 2009-04-15 19:40 641024 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-15 14:53 . 2004-03-06 02:17 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 14:19 . 2009-04-15 14:19 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 17:54 . 2009-04-06 17:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-30 14:30 . 2009-03-30 14:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2009-03-30 14:20 . 2009-03-30 14:20 17816 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2002-07-26 16:02 . 2008-03-08 13:36 153088 ----a-w- c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 81000]
“PinnacleDriverCheck”=“c:\windows\system32\PSDrvCheck.exe” [2004-03-10 406016]
“ZoneAlarm Client”=“c:\program files\Zone Labs\ZoneAlarm\zlclient.exe” [2009-02-18 981384]

c:\documents and settings\Lo?c\Menu D?marrer\Programmes\D?marrage
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2007-11-9 157000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“PnkBstrA”=3 (0x3)
“PDSched”=3 (0x3)
“PDEngine”=3 (0x3)
“LBTServ”=3 (0x3)
“gupdate1c9b516b956e05a”=2 (0x2)
“Apple Mobile Device”=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe”
“MsnMsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“Opware15”=“c:\program files\ScanSoft\OmniPage15.0\Opware15.exe”
“PDF3 Registry Controller”=“c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\RegistryController.exe”
“ScanSoft OmniPage 15.0-reminder”=“c:\program files\ScanSoft\OmniPage15.0\Ereg\ereg.exe” -r “c:\documents and settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini”
“SSBkgdUpdate”=“c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
“NvCplDaemon”=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
“nwiz”=nwiz.exe /install
“Babylon Client”=c:\program files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
“USBToolTip”=“c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe”
“NeroFilterCheck”=c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe
“StandardInstall”=
“KernelFaultCheck”=%systemroot%\system32\dumprep 0 -k
“LaunchList”=c:\program files\Pinnacle\Studio 9\LaunchList.exe
“Kernel and Hardware Abstraction Layer”=KHALMNPR.EXE
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” -atboottime
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
“Ad-Watch”=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“c:\Program Files\uTorrent\uTorrent.exe”=
“c:\Program Files\Azureus\Azureus.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Windows Live\Messenger\livecall.exe”=
“c:\Program Files\eMule\emule.exe”=
“c:\Program Files\LimeWire\LimeWire.exe”=
“c:\Program Files\TightVNC\WinVNC.exe”=
“c:\Program Files\Soldier of Fortune II - Double Helix\SoF2MP.exe”=
“c:\WINDOWS\system32\ZoneLabs\vsmon.exe”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Program Files\Skype\Phone\Skype.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“c:\Program Files\iTunes\iTunes.exe”=
“c:\program files\SFR\Media Center\httpd\httpd.exe”= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
“c:\Program Files\Spotify\spotify.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/03/2009 09:42 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [09/05/2009 08:48 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/03/2008 19:36 114768]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [14/08/2002 16:11 5632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/03/2008 19:36 20560]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [24/02/2009 18:58 3712]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 19:07 101488]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [07/11/2007 12:44 14336]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [07/11/2007 12:28 26144]
S3 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [08/12/2008 19:53 10240]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25/09/2007 16:59 15152]
S3 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [29/11/2005 12:16 241731]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [28/10/2005 16:35 17018]
S4 gupdate1c9b516b956e05a;Google Update Service (gupdate1c9b516b956e05a);c:\program files\Google\Update\GoogleUpdate.exe [04/04/2009 13:15 133104]

— Autres Services/Pilotes en mémoire —

NewlyCreated - SECLOGON
.
Contenu du dossier ‘Tâches planifiées’

2009-03-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job

  • c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2008-07-24 c:\windows\Tasks\GlaryInitialize.job

  • c:\program files\Glary Utilities\initialize.exe [2008-05-10 09:08]

2009-04-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job

  • c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 11:14]
    .
        • ORPHELINS SUPPRIMES - - - -

SafeBoot-Lavasoft Ad-Aware Service

.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = www.google.com…
DPF: Microsoft XML Parser for Java - […](file:///C:/WINDOWS/Java/classes/xmldso.cab)
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - www.bitdefender.fr…
FF - ProfilePath - c:\documents and settings\Loïc\Application Data\Mozilla\Firefox\Profiles\ogvnbssm.default
FF - prefs.js: browser.startup.homepage - www.google.fr…
FF - component: c:\documents and settings\Loïc\Application Data\Mozilla\Firefox\Profiles\ogvnbssm.default\extensions{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-06-27 16:39
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“cd042efbbd7f7af1647644e76e06692b”=hex:e2,63,26,f1,3f,c8,ff,68,71,50,3d,77,c6,
fd,88,07,e2,63,26,f1,3f,c8,ff,68,8d,ba,ab,74,8a,f2,5f,b7,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“bca643cdc5c2726b20d2ecedcc62c59b”=hex:71,3b,04,66,8b,46,0d,96,f8,58,4a,7f,a7,
d3,45,2b,6a,9c,d6,61,af,45,84,18,b0,bf,92,25,85,81,10,d3,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“2c81e34222e8052573023a60d06dd016”=hex:25,da,ec,7e,55,20,c9,26,61,f1,e5,57,f4,
9c,0d,34,ff,7c,85,e0,43,d4,0e,fe,2e,9e,68,f5,5a,a8,18,7b,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“2582ae41fb52324423be06337561aa48”=hex:3e,1e,9e,e0,57,5a,93,61,11,c0,33,45,29,
c5,b1,50,86,8c,21,01,be,91,eb,e7,f2,54,7b,0a,33,fe,db,9c,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“caaeda5fd7a9ed7697d9686d4b818472”=hex:e9,02,6c,fa,fb,1d,47,57,f6,a2,88,4e,7a,
4c,b5,0c,f5,1d,4d,73,a8,13,5c,05,ff,71,44,8d,bd,da,4b,c2,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“a4a1bcf2cc2b8bc3716b74b2b4522f5d”=hex:df,20,58,62,78,6b,cf,c8,ce,f6,65,25,f2,
d7,c2,a8,df,20,58,62,78,6b,cf,c8,6a,d4,a9,94,84,ad,c2,1e,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“4d370831d2c43cd13623e232fed27b7b”=hex:31,77,e1,ba,b1,f8,68,02,27,2f,df,ea,1e,
bf,45,0c,fb,a7,78,e6,12,2f,9a,ea,36,56,bf,79,4b,ca,15,8a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“1d68fe701cdea33e477eb204b76f993d”=hex:83,6c,56,8b,a0,85,96,ab,d3,92,f8,71,81,
00,a9,a8,01,3a,48,fc,e8,04,4a,f1,25,3f,6b,af,72,7f,ba,ad,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“1fac81b91d8e3c5aa4b0a51804d844a3”=hex:f6,0f,4e,58,98,5b,89,c9,b0,a1,7d,c5,1f,
3c,04,c5,f6,0f,4e,58,98,5b,89,c9,e2,d7,f2,ac,ef,a5,f9,d8,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“f5f62a6129303efb32fbe080bb27835b”=hex:b1,cd,45,5a,a8,c4,f8,b9,4b,5c,1b,67,14,
e4,4a,0f,3d,ce,ea,26,2d,45,aa,78,f9,7e,ae,96,c2,30,da,09,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“fd4e2e1a3940b94dceb5a6a021f2e3c6”=hex:e3,0e,66,d5,eb,bc,2f,6b,92,bb,4f,86,bc,
4f,c8,6f,2a,b7,cc,b5,b9,7f,41,e7,fd,29,1c,94,48,96,3e,5e,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“8a8aec57dd6508a385616fbc86791ec2”=hex:6c,43,2d,1e,aa,22,2f,9c,1a,11,67,52,a3,
fc,6b,90,6c,43,2d,1e,aa,22,2f,9c,a1,35,ef,76,f7,53,96,f9,6c,43,2d,1e,aa,22,
.
--------------------- DLLs chargées dans les processus actifs ---------------------

              • ‘explorer.exe’(2748)
                c:\windows\system32\WPDShServiceObj.dll
                c:\windows\system32\PortableDeviceTypes.dll
                c:\windows\system32\PortableDeviceApi.dll
                c:\windows\system32\eappprxy.dll
                .
                ------------------------ Autres processus actifs ------------------------
                .
                c:\windows\system32\ZoneLabs\vsmon.exe
                c:\program files\Lavasoft\Ad-Aware\AAWService.exe
                c:\program files\Alwil Software\Avast4\aswUpdSv.exe
                c:\program files\Alwil Software\Avast4\ashServ.exe
                c:\windows\system32\HPZipm12.exe
                c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE
                c:\program files\Alwil Software\Avast4\ashMaiSv.exe
                c:\program files\Alwil Software\Avast4\ashWebSv.exe
                c:\windows\system32\wbem\unsecapp.exe
                c:\progra~1\Webshots\webshots.scr
                .


.
Heure de fin: 2009-06-27 16:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-27 14:48

Avant-CF: 20 850 425 856 octets libres
Après-CF: 20 848 418 816 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP dition familiale” /fastdetect /NoExecute=OptIn

330 — E O F — 2009-06-27 10:01

Et Malwarebytes :

Malwarebytes’ Anti-Malware 1.38
Version de la base de données: 2341
Windows 5.1.2600 Service Pack 3

28/06/2009 11:11:07
mbam-log-2009-06-28 (11-11-07).txt

Type de recherche: Examen complet (C:|D:|E:|)
Eléments examinés: 355997
Temps écoulé: 1 hour(s), 58 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\Loïc\mes documents\mes fichiers reçus\cryptload_fourat.forumchti.com\cryptload fourat.forumchti.com\cryptload\router\fritz!box\nc.exe (PuP.Keylogger) -> Quarantined and deleted successfully.

Voilà. Je passe donc à la dernière étape de ton avant dernier post puis je passe au au post de ce matin.

A tout à l’heure !

Re bon alors avec GenProc il y a eu des résultats un peu innatendus. Une fenêtre de Windows Script Host est apparu me disant qu’il y avait une erreur d’exécution de VBScript (j’ai fait une capture d’écran au cas où). Enfin dans tous les cas, l’analyse s’est terminée. 0 la question eêtes aidé sur un forum j’ai dit oui et un fichier txt contenant des actions à faire est apparu. Est-ce cela le rapport dot tu parles ?

Dans le doute je te le poste :

Rapport GenProc 2.598 [1] - 28/06/2009 à 11:30:29
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (7.0.5730.13) [Navigateur par défaut]

~~ “C:\WINDOWS\sed.exe” a été renommé sed.exe_RenameGenProc ~~
~~ “C:\WINDOWS\grep.exe” a été renommé grep.exe_RenameGenProc ~~

Dans CCleaner, clique sur “Options”, “Avancé” et décoche la case “Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures” ; par la suite, laisse-le avec ses réglages par défaut. C’est tout.

Etape 1/ Télécharge :

Redémarre en mode sans échec comme indiqué ici www.pcloisirs.eu… ; Choisis ta session courante *** Loïc *** (pour retrouver le rapport, clique sur le raccourci “Rapport GenProc[1]” sur ton bureau).

Etape 2/

Lance Toolbar-S&D situé sur le Bureau.
Tape sur “2” puis valide en appuyant sur “Entrée”. Ne ferme pas la fenêtre lors de la suppression.

Etape 3/

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.

  • Exécute l’option R.
  • Si l’infection est détectée, exécute l’option N.
  • Sauvegarde ce rapport sur ton bureau.

Etape 4/

Lance CCleaner : “Nettoyeur”/“lancer le nettoyage” et c’est tout.

Etape 5/

Redémarre normalement et poste, dans la même réponse :

  • Le contenu du rapport msnfix.txt situé dans C:\WINDOWS ;
  • Le contenu du rapport TB.txt situé dans C:\ ;
  • Un nouveau rapport HijackThis tinyurl.com… ;
  • Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n’as pas pu faire…) ainsi que l’évolution de la situation.

~~ Arguments de la procédure ~~

Détections [1] GenProc 2.598 28/06/2009 à 11:31:48

Toolbar:le 28/06/2009 à 11:32:28 “C:\WINDOWS\iun6002.exe”
MSNFix:le 28/06/2009 à 11:33:38 “C:\WINDOWS\webshots.scr”


Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

~~ Fin à 11:33:59 ~~

Au passage, à la fin de l’analyse, l’outil de désinstallation du lanceur de configuration de connexions à Internet Club-Internet (installé il y plusieurs années et quasiment jamais utilisé) est apparu me demandant si je souhaitait vraiment désinstaller le lanceur ???

Vraiment je me demande d’où ça sors ça. Dans tous les cas je pense que la désinstallation convient car je ne suis plus chez club-internet de toute façon.

Bon sinon, je passe maintenant à la suite.

Bon voilà j’ai fait tout ce que tu m’as dit de faire.

Voici le log de OTMovel3

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\WINDOWS\system32\rundll32.exe moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 127572 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: Loïc
File delete failed. C:\Documents and Settings\Loïc\Local Settings\Temp\etilqs_lD8mHezbNNv0sEOfc0LO scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Loïc\Local Settings\Temp~DF4F03.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 371071 bytes
->Temporary Internet Files folder emptied: 5799422 bytes
->Java cache emptied: 507525 bytes
->FireFox cache emptied: 63646359 bytes

User: Loïc Poitou

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1100105 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_710.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT027ba.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 16640 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 68,39 mb

OTM by OldTimer - Version 3.0.0.2 log created on 06282009_115356

Files moved on Reboot…
File C:\Documents and Settings\Loïc\Local Settings\Temp\etilqs_lD8mHezbNNv0sEOfc0LO not found!
C:\Documents and Settings\Loïc\Local Settings\Temp~DF4F03.tmp moved successfully.
File move failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_710.dat not found!
File C:\WINDOWS\temp\ZLT027ba.TMP not found!

Registry entries deleted on Reboot…

J’attends tes ordres. A bientôt !


Heu par contre, j'ai oublié de préciser que je n'avais que la première ligne de visible (R0 ...) parmi la liste que tu m'as dit de coché. Les autres n'étaient pas présente dans HJT. Je n'ai donc pas pu les cocher.

Re

Fais ceci

Télécharge Toolbar-S&D (de la Team IDN) sur ton Bureau.

Désactive toutes tes protections résidentes ( Antivirus-Antispyware)

==>Toolbar S&D

==>Double clique l’icône ToolBar S&D sur le bureau
==>Sous Vista, faire un clic droit et “Exécuter en tant qu’administrateur” (Elévation des privilèges), puis -> Continuer.
==>Choisi F pour français et valide
==>Au menu principal de ToolBar S&D choisi l’option 1 (Recherche)
==>Le menu Démarrer et les icônes vont disparaîtrent, c’est normal
==>La recherche s’effectue, cela peut prendre plusieurs minutes, ne touche à rien.
==>Une fois l’analyse terminée, le rapport de recherche s’ouvre dans le Bloc-Note. (Dans le cas où le rapport ne s’ouvre pas, ce dernier se trouve sur C:\TB.txt)

Réactive toutes tes protections résidentes
Copier/coller le rapport

ensuite
Désactive ton Antivirus et antispyware avant le scan :

Utilisateur de Vista : Vérifie que l’UAC est désactivé

==> Double clique sur l’icône ToolBar S&D sur le bureau
==>Sous Vista : clic droit -> Exécuter en tant qu’administrateur.
==>Choisi F pour français et valide
==>Au menu principal de ToolBar S&D choisi l’option 2 (Suppression)
==>Le menu démarrer et les icônes vont à nouveau disparaître… c’est normal.
-==>Le nettoyage va prendre quelques minutes…
==>Une fois l’opération terminée, le rapport de nettoyage s’ouvre
==>Pour les utilisateurs de Vista, ToolBar-SD se charge de désactiver le “Contrôle des comptes utilisateurs” (UAC), il va redémarrer l’ordinateur et réactiver l’UAC.

Réactive ton Antivirus et antispyware

Copier/coller le rapport

ensuite

Télécharges et installes==>MSNFix

==>MSN.Zip

clic droit sur le l’archive MSNFix et choisis==> Extraire ici==>bureau
une fois installé
Avant de lancer MSNFix fermez tous les applications

==>Redémarre en “Mode sans échec”

tapote sur la touche F8 jusqu’à l’affichage du menu des options avancées de Windows, et sélectionne “Mode sans échec”.
Choisis ta session habituelle
Double clic sur le fichier MSNFix.bat pour lancer l’application
Le menu principal apparait
Choisis==> l’option « R » pour lancer une recherche (Appuyes sur la touche [R] puis valides par [entrée] )
Patiente et ne touche à rien
Si une infection est détéctée ==>MSNFix te l’indiquera
Il te suffira alors d’appuyer sur une touche du clavier pour lancer le nettoyage.

PS ==>Les icones de votre bureau et la barre des tâches disparaitront le temps du nettoyage
A la Fin si tu as un message t invitant à redémarrer ton PC ==> redémarres
Il te suffit donc de presser une touche pour quitter MSNFix puis redémarrer ton PC
Poste le rapport généré ici

ensuite

installes Ccleaner==> ne le télécharge pas si tu l as déja

==>Ccleaner

Une fois sur le bureau, clic sur l’install de CCleaner.
-> Mais avant de cliquer sur le bouton “installer”, décoche toutes les “options supplémentaires”.(install de la barre yahoo,etc…)

–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

Redémarres ton Pc-

et pour terminer

Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

==>Random’s System Information Tool (RSIT)

==> Double-clique sur RSIT.exe afin de lancer RSIT.
==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

Je suis désolé je n’ai plus le rapport de l’option 1 de STD car celui de l’option 2 l’a écrasé.

Voici donc celui de l’option 2

-----------\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.60GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : Loïc ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090627-0] 4.8.1335 (Not Activated)
Firewall : ZoneAlarm Pro Firewall 8.0.298.004 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:20 Go)
D:\ (Local Disk) - NTFS - Total:53 Go (Free:11 Go)
E:\ (Local Disk) - FAT32 - Total:2 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)

“C:\ToolBar SD” ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 28/06/2009|17:04 )

-----------\ SUPPRESSION

Supprime! - C:\WINDOWS\iun6002.exe

-----------\ Recherche de Fichiers / Dossiers …

-----------\ Extensions

(Lo?c) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Lo?c) - {71328583-3CA7-4809-B4BA-570A85818FBB} => cacheviewer
(Lo?c) - {75493B06-1504-4976-9A55-B6FE240FF0BF} => barreconf

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.msn.com/
“First Home Page”=“http://www.windows.fr/ie8/bienvenue
“Url”=“http://go.microsoft.com/fwlink/?LinkID=68928
“Url”=“http://go.microsoft.com/fwlink/?LinkID=44406
“Url”=“http://go.microsoft.com/fwlink/?LinkID=68929

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Start Page”=“http://www.msn.com/

--------------------\ Recherche d’autres infections

Aucune autre infection trouvée !

1 - “C:\ToolBar SD\TB_1.txt” - 28/06/2009|17:02 - Option : [1]
2 - “C:\ToolBar SD\TB_2.txt” - 28/06/2009|17:06 - Option : [2]

-----------\ Fin du rapport a 17:06:05,52

[b]Sinon pour MSNFix je ne trouve pas le rapport, il ne s’est pas affiché. Sais-tu où il est ?

Enfin le log.txt[/b]

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Loïc at 2009-06-28 18:01:27
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 21 GB (37%) free of 57 GB
Total RAM: 1279 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:45, on 28/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Loïc\Bureau\RSIT.exe
C:\Program Files\trend micro\Loïc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = www.windows.fr…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - www.kaspersky.com…
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - housecall65.trendmicro.com…
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - acs.pandasoftware.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com…
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com…
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - fichiers.touslesdrivers.com…
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com…
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com…
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - support.f-secure.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of file - 8982 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
IE to GetRight Helper - C:\Program Files\GetRight\xx2gr.dll [2007-07-18 246848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live ID - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-06 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“avast!”=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
“PinnacleDriverCheck”=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-11 406016]
“ZoneAlarm Client”=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-18 981384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“PnkBstrA”=3
“PDSched”=3
“PDEngine”=3
“LBTServ”=3
“gupdate1c9b516b956e05a”=2
“Apple Mobile Device”=3

C:\Documents and Settings\Loïc\Menu Démarrer\Programmes\Démarrage
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveAutoRun”=67108863
“NoDrives”=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“HonorAutoRunSetting”=
“NoDriveAutoRun”=
“NoDriveTypeAutoRun”=
“NoDrives”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe::Disabled:hpfccopy.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:
:Disabled:hpoews01.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe::Disabled:hpofxm08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:
:Disabled:hposfx08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Disabled:hposid01.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:
:Disabled:hpqcopy.exe”
“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe::Disabled:hpqdia.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:
:Disabled:hpqkygrp.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe::Disabled:hpqnrs08.exe"
“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:
:Disabled:hpqphunl.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe::Disabled:hpqscnvw.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:
:Disabled:hpqste08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe::Disabled:hpqtra08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:
:Disabled:hpzwiz01.exe”
“C:\Program Files\uTorrent\uTorrent.exe”=“C:\Program Files\uTorrent\uTorrent.exe::Enabled:µTorrent"
“C:\Program Files\Azureus\Azureus.exe”="C:\Program Files\Azureus\Azureus.exe:
:Enabled:Azureus”
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe:
:Enabled:Windows Live Messenger (Phone)”
“C:\Program Files\eMule\emule.exe”=“C:\Program Files\eMule\emule.exe::Enabled:eMule"
“C:\Program Files\LimeWire\LimeWire.exe”="C:\Program Files\LimeWire\LimeWire.exe:
:Disabled:LimeWire”
“C:\Program Files\TightVNC\WinVNC.exe”=“C:\Program Files\TightVNC\WinVNC.exe::Disabled:Serveur TightVNC Win32"
“C:\Program Files\Soldier of Fortune II - Double Helix\SoF2MP.exe”="C:\Program Files\Soldier of Fortune II - Double Helix\SoF2MP.exe:
:Enabled:SoF2MP”
“C:\WINDOWS\system32\ZoneLabs\vsmon.exe”=“C:\WINDOWS\system32\ZoneLabs\vsmon.exe::Enabled:TrueVector Service"
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:
:Enabled:Microsoft Office Outlook”
“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype"
“C:\Program Files\Bonjour\mDNSResponder.exe”="C:\Program Files\Bonjour\mDNSResponder.exe:
:Enabled:Bonjour”
“C:\Program Files\iTunes\iTunes.exe”=“C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes"
“C:\Program Files\SFR\Media Center\httpd\httpd.exe”=“C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)”
“C:\Program Files\Spotify\spotify.exe”="C:\Program Files\Spotify\spotify.exe:
:Enabled:Spotify”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe:
:Enabled:Windows Live Messenger (Phone)”

======List of files/folders created in the last 1 months======

2009-06-28 17:14:17 ----A---- C:\WINDOWS\msnfix.txt
2009-06-28 17:00:35 ----A---- C:\TB.txt
2009-06-28 17:00:00 ----D---- C:\ToolBar SD
2009-06-28 11:54:48 ----SHD---- C:\RECYCLER
2009-06-28 11:53:56 ----D---- C:_OTM
2009-06-27 16:54:02 ----D---- C:\Documents and Settings\Loïc\Application Data\Malwarebytes
2009-06-27 16:53:50 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2009-06-27 16:53:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-27 16:49:07 ----A---- C:\ComboFix.txt
2009-06-27 16:25:56 ----A---- C:\Boot.bak
2009-06-27 16:25:48 ----RASHD---- C:\cmdcons
2009-06-27 16:24:13 ----A---- C:\WINDOWS\zip.exe
2009-06-27 16:24:13 ----A---- C:\WINDOWS\SWSC.exe
2009-06-27 16:24:13 ----A---- C:\WINDOWS\SWREG.exe
2009-06-27 16:24:13 ----A---- C:\WINDOWS\sed.exe_RenameGenProc
2009-06-27 16:24:13 ----A---- C:\WINDOWS\PEV.exe
2009-06-27 16:24:13 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-27 16:24:13 ----A---- C:\WINDOWS\grep.exe_RenameGenProc
2009-06-27 16:24:12 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-27 16:23:56 ----D---- C:\WINDOWS\ERDNT
2009-06-27 16:23:31 ----D---- C:\Qoobox
2009-06-27 14:43:40 ----D---- C:\Program Files\trend micro
2009-06-27 14:43:38 ----D---- C:\rsit
2009-06-24 20:17:40 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-06-24 19:56:43 ----D---- C:\Documents and Settings\Loïc\Application Data\Spotify
2009-06-23 22:04:20 ----D---- C:\Documents and Settings\Loïc\Application Data\Windows Search
2009-06-23 21:38:46 ----D---- C:\Program Files\Spotify
2009-06-21 12:36:07 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-06-21 12:36:06 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-06-21 12:36:06 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-06-21 12:36:06 ----N---- C:\WINDOWS\system32\px.dll
2009-06-21 12:29:50 ----D---- C:\WINDOWS\system32\IOSUBSYS

======List of files/folders modified in the last 1 months======

2009-06-28 18:00:29 ----D---- C:\WINDOWS\Internet Logs
2009-06-28 17:58:41 ----D---- C:\Program Files\Mozilla Firefox
2009-06-28 17:56:05 ----D---- C:\WINDOWS\Temp
2009-06-28 17:54:50 ----D---- C:\WINDOWS
2009-06-28 17:32:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-28 17:10:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-28 15:10:18 ----HD---- C:\WINDOWS\inf
2009-06-28 14:21:34 ----A---- C:\WINDOWS\Memory.ini
2009-06-28 12:05:29 ----D---- C:\Program Files\Incomplete
2009-06-28 11:54:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-28 11:54:08 ----D---- C:\WINDOWS\system32
2009-06-28 11:12:45 ----RD---- C:\Program Files
2009-06-28 11:12:45 ----D---- C:\WINDOWS\system32\drivers
2009-06-27 16:39:43 ----A---- C:\WINDOWS\system.ini
2009-06-27 16:34:53 ----D---- C:\WINDOWS\system32\config
2009-06-27 16:32:32 ----D---- C:\WINDOWS\AppPatch
2009-06-27 16:32:25 ----D---- C:\Program Files\Fichiers communs
2009-06-27 16:25:56 ----RASH---- C:\boot.ini
2009-06-27 09:10:05 ----SHD---- C:\WINDOWS\Installer
2009-06-27 09:10:05 ----RSD---- C:\WINDOWS\assembly
2009-06-27 09:10:05 ----HD---- C:\Config.Msi
2009-06-27 08:41:06 ----D---- C:\Program Files\Windows Desktop Search
2009-06-27 08:32:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-27 08:32:39 ----D---- C:\WINDOWS\system32\wbem
2009-06-27 08:32:39 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-25 21:47:52 ----D---- C:\WINDOWS\Debug
2009-06-25 21:47:51 ----D---- C:\WINDOWS\Minidump
2009-06-24 20:22:24 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-06-24 19:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2009-06-24 08:58:36 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-23 22:22:07 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-21 12:29:49 ----D---- C:\Program Files\Google
2009-06-19 07:10:43 ----A---- C:\WINDOWS\FXIWIN.INI
2009-06-18 21:46:50 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-18 21:10:33 ----A---- C:\WINDOWS\Blip.ini
2009-06-14 14:56:25 ----A---- C:\WINDOWS\win.ini
2009-06-12 18:52:59 ----HD---- C:\WINDOWS$hf_mig$
2009-06-11 07:32:54 ----D---- C:\Program Files\Internet Explorer
2009-06-11 07:32:41 ----D---- C:\WINDOWS\ie7updates
2009-06-07 16:18:07 ----RSD---- C:\WINDOWS\Fonts
2009-06-07 16:17:13 ----D---- C:\Program Files\Microsoft Works
2009-06-06 05:55:21 ----D---- C:\Documents and Settings\Loïc\Application Data\Azureus
2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 GhPciScan;GhostPciScanner; ??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-18 353672]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 Defrag32;Defrag32; C:\WINDOWS\system32\drivers\Defrag32.sys [2005-11-22 61456]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-25 3712]
R2 LF30FS;LF30FS; ??\C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys []
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-01 123614]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-01 13696]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-04-24 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-04-24 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-10-26 4124352]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2004-03-10 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelS51;Intel® 536EP Modem; C:\WINDOWS\system32\DRIVERS\IntelS51.sys [2004-12-23 1903370]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-12-18 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-12-18 28816]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-11-10 47360]
R3 SISNIC;Pilote de carte Fast Ethernet PCI SiS; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-04 32768]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys []
S3 a78mi3zu;a78mi3zu; C:\WINDOWS\system32\drivers\a78mi3zu.sys []
S3 catchme;catchme; ??\C:\DOCUME~1\LOC~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; ??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2006-05-10 56064]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-05-10 36736]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2006-05-10 71680]
S3 mbr;mbr; ??\C:\DOCUME~1\LOC~1\LOCALS~1\Temp\mbr.sys []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; ??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver; ??\C:\WINDOWS\system32\PLCMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; ??\C:\WINDOWS\system32\PLCNDIS5.SYS []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SQTECH905C;Dual Camera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2004-12-08 32123]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TSP;TSP; ??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d’imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-03-09 951632]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-18 2402184]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2009-01-07 26144]
S3 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2008-12-08 10240]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
S3 aspnet_state;Service d’état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-06 152984]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-07-28 77824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2005-11-29 483397]
S3 PDSched;PDScheduler; C:\Program Files\Raxco\PerfectDisk\PDSched.exe [2005-11-29 241731]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 gupdate1c9b516b956e05a;Google Update Service (gupdate1c9b516b956e05a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe [2009-02-19 121360]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-16 66872]

-----------------EOF-----------------

Quand à info.txt, il n’est pas dans la barre des tâches. Je n’arrive pas non plus à trouver “%systemroot%\rsit”

Peux-tu me dire ou il se trouve plus précisément ?

A toute !

Re

Le rapport est enregistré par défaut dans le dossier MSNFix sous la forme date_heure.txt


Quand au rapport info.txt

Démarrer===>poste de travail==>Dossier RSIT tu as les deux rapports dedans

Re

Apparemment, le rapport de MSNFix n’existe pas, il n’y a aucun fichier sous la forme date_heure.txt dans le dossier en question.

Sinon, voici le rapport info.txt

info.txt logfile of random’s system information tool 1.06 2009-06-27 14:44:18

======Uninstall list======

-=CASH=- SOF Minimizer–>MsiExec.exe /I{B720288E-778A-4308-8D65-8EE2E775042A}
–>C:\Program Files\InstallShield Installation Information{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x040c -removeonly
–>C:\Program Files\InstallShield Installation Information{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x040c -removeonly
–>C:\Program Files\Nero\Nero8\nero\uninstall\UNNERO.exe /UNINSTALL
–>C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
–>C:\WINDOWS\UNNeroVision.exe /UNINSTALL
–>C:\WINDOWS\UNRecode.exe /UNINSTALL
Ad-Aware–>“C:\Documents and Settings\All Users\Application Data{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe” REMOVE=TRUE MODIFY=FALSE
Ad-Aware–>C:\Documents and Settings\All Users\Application Data{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX–>C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin–>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5–>C:\WINDOWS\system32\Adobe\uninstaller.exe
AIMP2–>C:\Program Files\AIMP2\Uninstall.exe
AltoMP3 Gold 5.20–>C:\Program Files\AltoMP3 Gold\uninst.exe
Antidote RX v2–>MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}
Apple Mobile Device Support–>MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update–>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR–>C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live ID–>MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Audacity 1.2.6–>“C:\Program Files\Audacity\unins000.exe”
avast! Antivirus–>C:\Program Files\Alwil Software\Avast4\aswRunDll.exe “C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll”,RunSetup
AviSynth 2.5–>“C:\Program Files\AviSynth 2.5\Uninstall.exe”
Azureus–>C:\Program Files\Azureus\Uninstall.exe
Babylon–>C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
Bonjour–>MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Utilities PhotoStitch 3.1–>C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
CCleaner (remove only)–>“C:\Program Files\CCleaner\uninst.exe”
CDDRV_Installer–>MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
ConvertXtoDVD 2.2.3.258g–>“C:\Program Files\VSO\ConvertXtoDVD\unins000.exe”
CoreAAC Audio Decoder (remove only)–>“C:\WINDOWS\system32\CoreAAC-uninstall.exe”
Correctif pour Windows Internet Explorer 7 (KB947864)–>“C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe”
DirectVobSub (remove only)–>“C:\Program Files\DirectVobSub\uninstall.exe”
DiscAPI (Studio 10)–>MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX–>C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivXLand Media Subtitler–>C:\WINDOWS\unvise32.exe C:\Program Files\DivXLand\Media Subtitler\uninstal.log
eMule–>“C:\Program Files\eMule\Uninstall.exe”
EVEREST Home Edition v2.20–>“C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe”
filehippo.com Update Checker–>“C:\Program Files\FH Update Checker\uninstall.exe”
FLV Player–>“C:\WINDOWS\FLV Player\uninstall.exe” “/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml”
Foxit Reader–>C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free FLV Converter V 6.32–>“C:\Program Files\Free FLV Converter\unins000.exe”
Free Window Registry Repair–>C:\PROGRA~1\FREEWI~1\UNWISE.EXE C:\PROGRA~1\FREEWI~1\INSTALL.LOG
GeoGebra–>“C:\Program Files\GeoGebra\UninstallerData\Uninstaller.exe”
GetRight–>“C:\Program Files\GetRight\unins000.exe”
GigaTribe 2.50–>“C:\Program Files\GigaTribe\unins000.exe”
Glary Utilities 2.6–>“C:\Program Files\Glary Utilities\unins000.exe”
Google Calendar Sync–>“C:\Program Files\Google\Google Calendar Sync\uninstall.exe”
Google Update Helper–>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth–>MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Haali Media Splitter–>“C:\Program Files\Haali\MatroskaSplitter\uninstall.exe”
HijackThis 2.0.2–>“C:\Program Files\trend micro\HijackThis.exe” /uninstall
honestech VHS to DVD 2.0–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}\Setup.exe” -l0x9
Hotfix for Microsoft .NET Framework 3.0 (KB932471)–>C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)–>C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)–>C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Imaging Device Functions 7.0–>C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential–>MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet and Deskjet 7.0.A–>C:\Program Files\HP\Digital Imaging{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update–>MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0–>C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Indeo® Software–>C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
iTunes–>MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
iWizz–>C:\Program Files\iWizz\uninstall.exe
iWizz–>C:\Program Files\iWizz\uninstall.exe
Java™ 6 Update 13–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 3–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky On-line Scanner–>C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kaspersky Online Scanner–>C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KC Softwares AudioGrail–>“C:\Program Files\KC Softwares\AudioGrail\unins000.exe”
KC Softwares SUMo–>“C:\Program Files\KC Softwares\SUMo\unins000.exe”
KhalInstallWrapper–>MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Mega Codec Pack 4.0.0–>“C:\Program Files\K-Lite Codec Pack\unins000.exe”
LabelPrint 2.0–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe” -uninstall
Lame ACM MP3 Codec–>C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Lecteur Windows Media 11–>“C:\Program Files\Windows Media Player\Setup_wm.exe” /Uninstall
Life Poster Maker–>C:\Program Files\LifePosterMaker\uninstal.exe
LimeWire 4.18.8–>“C:\Program Files\LimeWire\uninstall.exe”
Lock Folder XP 3.6–>“C:\Program Files\Everstrike Software\Lock Folder XP 3.6\Uninstall.exe” “C:\Program Files\Fichiers communs\Everstrike Software\Lock Folder XP 3.6\install.log”
Logitech SetPoint–>“C:\Program Files\InstallShield Installation Information{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe” -runfromtemp -l0x040c -removeonly
m4ng Codec Pack–>C:\Program Files\m4ng codec pack\Cp_Uninstal.exe
m4ng Video Analyser–>C:\Program Files\m4ng Video Analyser\Uninstal.exe
m4ng–>C:\Program Files\m4ng\m4ng_Uninstal.exe
Magic ISO Maker v5.3 (build 0216)–>C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Maple 10–>“C:\Program Files\Maple 10\Uninstall_Maple 10\Uninstall Maple 10.exe”
MATLAB R2008b–>C:\Program Files\MATLAB\R2008b\uninstall\uninstall.exe C:\Program Files\MATLAB\R2008b
MaxTV - TVU Player Plugin–>“C:\WINDOWS\MaxTV - TVU Player Plugin\uninstall_tvu.exe” “/U:C:\Program Files\DMV\MaxTV\plugins\Uninstall\TVU\uninstall_tvu.xml”
MaxTV–>“C:\WINDOWS\MaxTV\uninstall_maxtv.exe” “/U:C:\Program Files\DMV\MaxTV4\Uninstall\MaxTV\uninstall_maxtv.xml”
MediaCoder 0.7.0.4370–>C:\Program Files\MediaCoder\uninst.exe
MediaInfo 0.7.6.4–>C:\Program Files\MediaInfo\uninst.exe
MediaRescue Pro 4.5.1–>C:\Program Files\MediaRescue Pro\uninst.exe
Messenger Plus! Live–>“C:\Program Files\Messenger Plus! Live\Uninstall.exe”
Microsoft .NET Framework 1.1 French Language Pack–>MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA–>MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2–>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA–>MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2–>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra–>MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1–>C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1–>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP–>“C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”
Microsoft Internationalized Domain Names Mitigation APIs–>“C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe”
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5–>“C:\WINDOWS$NtUninstallWdf01005$\spuninst\spuninst.exe”
Microsoft National Language Support Downlevel APIs–>“C:\WINDOWS$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe”
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007–>MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007–>MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007–>MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4–>MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook Connector–>MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007–>MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007–>MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007–>“C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007–>MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007–>MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007–>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007–>MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007–>MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007–>MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007–>MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight–>MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0–>“C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)–>“C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)–>“C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)–>“C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)–>“C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)–>“C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)–>“C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)–>“C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)–>“C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)–>“C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)–>“C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)–>“C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)–>“C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB923789)–>C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB961501)–>“C:\WINDOWS$NtUninstallKB961501$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB968537)–>“C:\WINDOWS$NtUninstallKB968537$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB969898)–>“C:\WINDOWS$NtUninstallKB969898$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB970238)–>“C:\WINDOWS$NtUninstallKB970238$\spuninst\spuninst.exe”
Mise à jour Microsoft Office Excel 2007 Help (KB963678)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
MKVtoolnix 2.2.0b–>C:\Program Files\MKVtoolnix\uninst.exe
Module linguistique Microsoft .NET Framework 3.5 SP1- fra–>c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.11)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)–>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)–>MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 Trial–>MsiExec.exe /X{01ED1F71-DFB4-43CC-B787-02D07BC9F59B}
neroxml–>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
neuf Talk 1.4–>C:\Program Files\neuf Talk\uninst.exe
Norton Ghost–>MsiExec.exe /I{6975E810-C92F-45F0-0BFD-187B312F10E8}
NVIDIA Drivers–>C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe”
NVIDIA Windows 2000/XP Display Drivers–>rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
O&O DiskRecovery–>MsiExec.exe /X{53480880-18E0-4097-A460-F22DD3AC6D70}
O&O UnErase–>MsiExec.exe /X{53480350-2D1F-461C-9214-3AEC993DD4A1}
Package de base Microsoft de service de chiffrement pour cartes à puce–>“C:\WINDOWS$NtUninstallbasecsp$\spuninst\spuninst.exe”
Package de pilotes Windows - Pinnacle Systems (BENDER) Media (11/21/2005 2.0.19.0)–>rundll32.exe C:\PROGRA~1\DIFX\4A46D8A01D3E2287\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\PCLEBend_751CCE8DB684339E3B7C1F674E51E7966E991B50\PCLEBend.inf
Panda ActiveScan 2.0–>C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PerfectDisk–>MsiExec.exe /I{C190CB55-817E-4713-84F4-0BBB8961CED9}
PhotoFiltre–>“C:\Program Files\PhotoFiltre\Uninst.exe”
Picasa 3–>“C:\Program Files\Google\Picasa3\Uninstall.exe”
Pinnacle Bender 32-bit–>MsiExec.exe /X{92A63804-501A-44B2-8EC3-8B8DFA2E97B2}
PinnacleHollywood FX 5–>C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
PowerISO–>“C:\Program Files\PowerISO\uninstall.exe”
PowerQuest PartitionMagic 8.0–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Print Pilot 1.5 Trial–>“C:\Program Files\Print Pilot\unins000.exe”
Pro Evolution Soccer 2008–>C:\Program Files\InstallShield Installation Information{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x040c
QuickTime–>MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RAPID (Studio 10)–>MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
Realtek AC’97 Audio–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe” -l0x40c -removeonly
REALVIZ Stitcher Unlimited 5.5–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FF22E5F5-908B-42E3-A448-D74D42D5B290}\Setup.exe” -l0x40c UNINSTALL
Regressi–>MsiExec.exe /I{E2E164AB-1367-488F-8F1F-BA312DB2FF18}
Ri4m v5.0.1d–>C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
Ripp-It Codec Pack v 4.2.6–>C:\Program Files\Ripp-It Codec Pack\uninst.exe
ScanSoft OmniPage 15.0–>MsiExec.exe /I{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E}
ScanSoft PDF Converter 3.0–>MsiExec.exe /I{602A205F-8D02-48EE-8782-262B2103B984}
ScanSoft PDF Create 3.0–>MsiExec.exe /I{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}
Security Update for 2007 Microsoft Office System (KB969559)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SFR - Kit de connexion–>C:\Program Files\SFR\Kit\uninstall.exe
SFR - Media Center–>C:\Program Files\SFR\Media Center\uninstall.exe
SiSAGP driver–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe” -l0x40c
Skype™ 4.0–>MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SmartSound Quicktracks Plugin–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SOF2 Multi-User Configuration–>C:\WINDOWS\iun6002.exe “C:\Program Files\Soldier Of Fortune II - Double Helix\irunin.ini”
Soldier of Fortune II: Double Helix–>C:\PROGRA~1\SOLDIE~1\Uninstall\Unwise.exe /u C:\PROGRA~1\SOLDIE~1\Uninstall\Install.log
Sony Picture Utility–>C:\Program Files\InstallShield Installation Information{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c uninstall -removeonly
Sony USB Driver–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe” UNINSTALL
Spelling Dictionaries Support For Adobe Reader 8–>MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spotify–>“C:\Program Files\Spotify\uninstall.exe”
Spybot - Search & Destroy 1.5.2.20–>“C:\WINDOWS\unins000.exe”
Spybot - Search & Destroy–>“C:\Program Files\Spybot - Search & Destroy\unins000.exe”
Studio 11 Bonus DVD–>C:\Program Files\InstallShield Installation Information{45A1BF92-700A-4408-B95E-79F462E3D67D}\setup.exe -runfromtemp -l0x040c UNINSTALL -removeonly
Studio 9.4 Patch–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe” -l0x40c UNINSTALL
Studio 9–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe” -l0x40c UNINSTALL
Subtitle Workshop 2.51–>“C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe”
System Requirements Lab–>C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2–>“C:\Program Files\Teamspeak2_RC2\unins000.exe”
TightVNC 1.3.10–>“C:\Program Files\TightVNC\unins000.exe”
TV sur PC–>C:\Program Files\Neuf\TV_PC\uninstall.exe
UltraISO Premium V8.63–>“C:\Program Files\UltraISO\unins000.exe”
UnderCoverXP 1.14–>“C:\Program Files\UnderCoverXP\unins000.exe”
Unlocker 1.8.7–>C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)–>C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Utilitaire BeWAN Powerline–>C:\Program Files\BeWAN Powerline\Uninstal.exe
VC 9.0 Runtime–>MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VideoAvatar–>“C:\Program Files\GeoVid\Video Avatar\unins000.exe”
VirtualDub 1.6.9 Fr–>C:\Program Files\VirtualDub\UnInstall_VirtualDub.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)–>MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01–>C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.8a–>C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO CopyToDVD 4–>“C:\Program Files\VSO\unins000.exe”
Webshots Desktop–>“C:\Program Files\AGI\common\bootstrapper.exe” -uninstall"“C:/Program Files/AGI/Python25\pythonw.exe” “C:\Program Files\AGI\common\pyagcore\installer.pyc” -u WebshotsDesktop"
Winamp–>“C:\Program Files\Winamp\UninstWA.exe”
Windows Imaging Component–>“C:\WINDOWS$NtUninstallWIC$\spuninst\spuninst.exe”
Windows Live installer–>MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger–>MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime–>“C:\Program Files\Windows Media Player\wmsetsdk.exe” /UninstallAll
Windows Media Format 11 runtime–>“C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”
Windows Media Player 11–>“C:\WINDOWS$NtUninstallwmp11$\spuninst\spuninst.exe”
Windows Media Player Firefox Plugin–>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation–>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3–>“C:\WINDOWS$NtServicePackUninstall$\spuninst\spuninst.exe”
X-Lite 3.0–>“C:\Program Files\CounterPath\X-Lite\unins001.exe”
XML Paper Specification Shared Components Language Pack 1.0–>“C:\WINDOWS$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe”
Xvid 1.1.3 final uninstall–>“C:\Program Files\Xvid\unins000.exe”
ZoneAlarm Pro–>C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090626-0]
FW: ZoneAlarm Pro Firewall

======System event log======

Computer Name: CINLO
Event Code: 7000
Message: Le service PLCMPR5 NDIS Protocol Driver n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.

Record Number: 43510
Source Name: Service Control Manager
Time Written: 20090614202703.000000+120
Event Type: erreur
User:

Computer Name: CINLO
Event Code: 7000
Message: Le service PLCMPR5 NDIS Protocol Driver n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.

Record Number: 43509
Source Name: Service Control Manager
Time Written: 20090614202703.000000+120
Event Type: erreur
User:

Computer Name: CINLO
Event Code: 7000
Message: Le service PLCMPR5 NDIS Protocol Driver n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.

Record Number: 43508
Source Name: Service Control Manager
Time Written: 20090614202700.000000+120
Event Type: erreur
User:

Computer Name: CINLO
Event Code: 7000
Message: Le service PLCMPR5 NDIS Protocol Driver n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.

Record Number: 43507
Source Name: Service Control Manager
Time Written: 20090614202700.000000+120
Event Type: erreur
User:

Computer Name: CINLO
Event Code: 7000
Message: Le service PLCMPR5 NDIS Protocol Driver n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.

Record Number: 43506
Source Name: Service Control Manager
Time Written: 20090614202656.000000+120
Event Type: erreur
User:

=====Application event log=====

Computer Name: CINLO
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 6202
Source Name: SecurityCenter
Time Written: 20090309105738.000000+060
Event Type: Informations
User:

Computer Name: CINLO
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur CINLO\Loïc alors qu’une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l’utilisateur n’a pas été libérée. le Registre sera déchargé lorsqu’il ne sera plus utilisé.

Cela est souvent causé par des services s’exécutant en tant que compte d’utilisateur, essayez de configurer les services pour s’exécuter dans le compte service réseau ou service local.

Record Number: 6201
Source Name: Userenv
Time Written: 20090308221628.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: CINLO
Event Code: 11724
Message: Produit : Bonjour – La suppression s’est terminée correctement.

Record Number: 6200
Source Name: MsiInstaller
Time Written: 20090308203949.000000+060
Event Type: Informations
User: CINLO\Loïc

Computer Name: CINLO
Event Code: 1
Message:
Record Number: 6199
Source Name: Bonjour Service
Time Written: 20090308203946.000000+060
Event Type: Informations
User:

Computer Name: CINLO
Event Code: 101
Message: msnmsgr (4036) Le moteur de base de données est arrêté.

Record Number: 6198
Source Name: ESENT
Time Written: 20090308203907.000000+060
Event Type: Informations
User:

======Environment variables======

“ComSpec”=%SystemRoot%\system32\cmd.exe
“Path”=%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;“C:\Program Files\Symantec\Norton Ghost 2003”;C:\Program Files\MATLAB\R2008b\bin;C:\Program Files\MATLAB\R2008b\bin\win32C:\Program Files\DMV\MaxTV4\plugins;C:\Program Files\QuickTime\QTSystem
“windir”=%SystemRoot%
“OS”=Windows_NT
“PROCESSOR_ARCHITECTURE”=x86
“PROCESSOR_LEVEL”=15
“PROCESSOR_IDENTIFIER”=x86 Family 15 Model 2 Stepping 9, GenuineIntel
“PROCESSOR_REVISION”=0209
“NUMBER_OF_PROCESSORS”=1
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“FP_NO_HOST_CHECK”=NO
“KMP_DUPLICATE_LIB_OK”=TRUE
“tvdumpflags”=8
“CLASSPATH”=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
“QTJAVA”=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Salut

Lances Hiackthis

Cliques sur Do a System Scan Only

coche cette Ligne

R3 - Default URLSearchHook is missing

Fermes tes autres applications et Cliques sur Fix Checked

ensuite

Télécharge OTMoveIt3 (de Old_Timer) sur le bureau :

==>http://oldtimer.geekstogo.com/OTM.exe

Double-clique sur OTMoveIt3.exe sur le bureau

  • Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée

  • Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

  • Clique sur MoveIt! pour lancer la suppression.
  • Ferme OTMoveIt3

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTMoveIt qui se trouve dans C:_OTMoveIt\MovedFiles.

ensuite

tu te rends ici–> Bitdefender Online scanner -->Uniquement avec–> Explorer

–>Bitdefender Online scanner

–> fermes tes autres applications et désactives ton Anivirus et antispyware Temporairement

En bas, à gauche de la fenêtre, cliquez sur ->Analyse en Ligne

Dans la fenêtre suivante, cliquez sur -> J’accepte

acceptez l’installation du “Contrôle ActiveX”

–> Une petite fenêtre s’ouvre, cliquez sur -> Installer
–> La fenêtre change encore, cliquez sur -> Démarrez l’analyse
–>Les signatures se chargent et BitDefender SCAN ONLINE démarre l’analyse
Une fois le scan terminé, dans cette fenêtre cliquez sur -> Cliquer pour exporter le rapport d’analyse
–> Choisir le -> Bureau (sur la gauche)

–> En > Type : choisir -> fichier HTML (*.html)
–> Cliques sur -> Enregistrer

N oublies pas de réactiver Ton Antivirus et antispyware

Bonjour !

Désolé de ne pas être passé hier, j’ai commencé le boulot et ma journée a été très longue d’autre part quand je suis rentré j’ai lancé l’analyse de Bit Denfender ce qui fait que celle-ci s’est terminée tard dans la soirée.

Je poste donc ce que tu m’as demandé.

Rapport OTM

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\WINDOWS\PEV.exe moved successfully.
C:\WINDOWS\zip.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Loïc
File delete failed. C:\Documents and Settings\Loïc\Local Settings\Temp\etilqs_oDnZrcG9ISKxt08odsr2 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Loïc\Local Settings\Temp~DF21BC.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 36943108 bytes
->Temporary Internet Files folder emptied: 2170267 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40881549 bytes

User: Loïc Poitou

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT03887.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 27534 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 76,38 mb

OTM by OldTimer - Version 3.0.0.2 log created on 06292009_172707

Files moved on Reboot…
File C:\Documents and Settings\Loïc\Local Settings\Temp\etilqs_oDnZrcG9ISKxt08odsr2 not found!
C:\Documents and Settings\Loïc\Local Settings\Temp~DF21BC.tmp moved successfully.
File move failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat not found!
File C:\WINDOWS\temp\ZLT03887.TMP not found!

Registry entries deleted on Reboot…

Rapport BD : Rien à signaler

Bonne journée, à ce soir !

Salut OursBrun83

Double-clique sur OTMoveIt3.exe sur le bureau

  • Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée

  • Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

  • Clique sur MoveIt! pour lancer la suppression.
  • Ferme OTMoveIt3

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTMoveIt qui se trouve dans C:_OTMoveIt\MovedFiles.

ensuite

Télécharge SDFix (créé par AndyManchesta) – sauvegarde le sur ton Bureau.

===>SDFix

Double clique sur SDFix.exe et choisis Install pour l’extraire dans un dossier dédié sur le Bureau.
une fois SDFix installé

Redémarre ton ordinateur en mode sans Echec–> important !!

: redémarres ton ordinateur et tapote sur la touche F8 jusqu’à l’affichage du menu des options avancées de Windows, et sélectionne “Mode sans échec”.
Choisis ta session habituelle

cliques sur le menu Démarrer puis Exécuter et Tapes la commande suivant : C:\SDFix\RunThis.bat==> tu te le noteras avant
Cliques sur OK.
==>Ouvre le dossier SDFix qui vient d’être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
==>Appuies sur Y pour commencer le processus de nettoyage.
==>Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d’appuyer sur une touche pour redémarrer.
==>Appuie sur une touche pour redémarrer le PC.
==>Ton système sera plus long pour redémarrer qu’à l’accoutumée car l’outil va continuer à s’exécuter et supprimer des fichiers.
==> Après le chargement du Bureau, l’outil terminera son travail et affichera Finished.
SDFix --> signale que l’ordinateur doit être redémarré

==> Appuie sur une touche pour finir l’exécution du script et charger les icônes de ton Bureau.
==> Les icônes du Bureau affichées, le rapport SDFix s’ouvrira à l’écran et s’enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
==> Enfin, copie/colle le contenu du fichier Report.txt ici même

aprés

désactiver Restauration de ton système :

==> sert à supprimer les infections qui se trouvent dans la restauration du système.

==>Cliques sur démarrer.
==>Clic droit sur “Poste de travail” puis choisir “Propriétés”.
==>Sélectionnes l’onglet “Restauration du système”.
==>Coches “Désactiver la Restauration du système sur tous les lecteurs” ou “Désactiver la Restauration du système” puis appliquer.
==>OK==>Redémarres ton PC

Puis retournes sur “Poste de travail” , “Propriétés” décoches cette fois “Désactiver la Restauration du système”==>appliquer==> puis ok.

aprés Création du point de restauration:

==>vas dans le Menu Démarrer puis dans Programmes,
==> Accessoires et enfin dans Outils système,
==>Choisis Restauration du système,
=>Sélectionnes==> Créer un point de restauration,
==>Cliques sur Suivant,
==>Entres un nom pour le point de restauration : ce nom assez simple pour que tu le retrouves
=> Cliques ==>Créer et le point de restauration se créé automatiquement
aprés

passe Ccleaner

–>Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

Redémarres ton Pc-

Poste un nouveau log Hijackthis

Bonjour.

Je poursuit doucement mais surement tes consignes (désolé si je suis long mais en ce moment j’ai beaucoup d’autres choses à faire. en tout les cas merci encore pour ton aide.)

Bon alors voici le rapport de OTM :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE moved successfully.
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Loïc
File delete failed. C:\Documents and Settings\Loïc\Local Settings\Temp~DFF347.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 733526 bytes
->Temporary Internet Files folder emptied: 1240377 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46604177 bytes

User: Loïc Poitou

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT06da2.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 27596 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 46,42 mb

OTM by OldTimer - Version 3.0.0.2 log created on 06302009_162121

Files moved on Reboot…
C:\Documents and Settings\Loïc\Local Settings\Temp~DFF347.tmp moved successfully.
File move failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat moved successfully.
File C:\WINDOWS\temp\ZLT06da2.TMP not found!

Registry entries deleted on Reboot…

et voici le rapport de SDFix :

SDFix: Version 1.240
Run by Lo?c on 30/06/2009 at 17:26

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

                             [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-06-30 18:32:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden services & system hive …

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
“s1”=dword:2df9c43f
“s2”=dword:110480d0
“h0”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
“p0”=“C:\Program Files\DAEMON Tools Pro”
“h0”=dword:00000000
“hdf12”=hex:d5,dd,de,38,e8,09,c4,1e,88,39,5e,72,35,d2,ac,45,d9,0e,e2,c2,68,…

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
“a0”=hex:20,01,00,00,e4,9e,f6,10,bf,3d,97,ce,84,a4,e1,dc,d8,46,4d,23,aa,…
“hdf12”=hex:fd,e6,d4,de,d6,ca,45,4f,7d,05,65,2d,ae,8c,0e,2b,f4,5f,f3,d0,7a,…

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
“hdf12”=hex:18,39,67,f1,15,db,ed,a8,d6,22,82,8f,79,e2,ac,ff,cd,01,60,07,08,…

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
“hdf12”=hex:67,ab,6e,2d,8a,58,b5,d8,54,5b,04,3b,70,68,e5,b2,d9,c4,10,f0,95,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
“p0”=“C:\Program Files\DAEMON Tools Pro”
“h0”=dword:00000000
“hdf12”=hex:d5,dd,de,38,e8,09,c4,1e,88,39,5e,72,35,d2,ac,45,d9,0e,e2,c2,68,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
“a0”=hex:20,01,00,00,e4,9e,f6,10,bf,3d,97,ce,84,a4,e1,dc,d8,46,4d,23,aa,…
“hdf12”=hex:fd,e6,d4,de,d6,ca,45,4f,7d,05,65,2d,ae,8c,0e,2b,f4,5f,f3,d0,7a,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
“hdf12”=hex:18,39,67,f1,15,db,ed,a8,d6,22,82,8f,79,e2,ac,ff,cd,01,60,07,08,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
“hdf12”=hex:67,ab,6e,2d,8a,58,b5,d8,54,5b,04,3b,70,68,e5,b2,d9,c4,10,f0,95,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
“p0”=“C:\Program Files\DAEMON Tools Pro”
“h0”=dword:00000000
“hdf12”=hex:d5,dd,de,38,e8,09,c4,1e,88,39,5e,72,35,d2,ac,45,d9,0e,e2,c2,68,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
“a0”=hex:20,01,00,00,e4,9e,f6,10,bf,3d,97,ce,84,a4,e1,dc,d8,46,4d,23,aa,…
“hdf12”=hex:fd,e6,d4,de,d6,ca,45,4f,7d,05,65,2d,ae,8c,0e,2b,f4,5f,f3,d0,7a,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
“hdf12”=hex:18,39,67,f1,15,db,ed,a8,d6,22,82,8f,79,e2,ac,ff,cd,01,60,07,08,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
“hdf12”=hex:67,ab,6e,2d,8a,58,b5,d8,54,5b,04,3b,70,68,e5,b2,d9,c4,10,f0,95,…

scanning hidden registry entries …

scanning hidden files …

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe::Disabled:hpfccopy.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:
:Disabled:hpoews01.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe::Disabled:hpofxm08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:
:Disabled:hposfx08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Disabled:hposid01.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:
:Disabled:hpqcopy.exe”
“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe::Disabled:hpqdia.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:
:Disabled:hpqkygrp.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe::Disabled:hpqnrs08.exe"
“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:
:Disabled:hpqphunl.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe::Disabled:hpqscnvw.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:
:Disabled:hpqste08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe::Disabled:hpqtra08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:
:Disabled:hpzwiz01.exe”
“C:\Program Files\uTorrent\uTorrent.exe”=“C:\Program Files\uTorrent\uTorrent.exe::Enabled:æTorrent"
“C:\Program Files\Azureus\Azureus.exe”="C:\Program Files\Azureus\Azureus.exe:
:Enabled:Azureus”
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe:
:Enabled:Windows Live Messenger (Phone)”
“C:\Program Files\eMule\emule.exe”=“C:\Program Files\eMule\emule.exe::Enabled:eMule"
“C:\Program Files\LimeWire\LimeWire.exe”="C:\Program Files\LimeWire\LimeWire.exe:
:Disabled:LimeWire”
“C:\Program Files\TightVNC\WinVNC.exe”=“C:\Program Files\TightVNC\WinVNC.exe::Disabled:Serveur TightVNC Win32"
“C:\Program Files\Soldier of Fortune II - Double Helix\SoF2MP.exe”="C:\Program Files\Soldier of Fortune II - Double Helix\SoF2MP.exe:
:Enabled:SoF2MP”
“C:\WINDOWS\system32\ZoneLabs\vsmon.exe”=“C:\WINDOWS\system32\ZoneLabs\vsmon.exe::Enabled:TrueVector Service"
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:
:Enabled:Microsoft Office Outlook”
“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype"
“C:\Program Files\Bonjour\mDNSResponder.exe”="C:\Program Files\Bonjour\mDNSResponder.exe:
:Enabled:Bonjour”
“C:\Program Files\iTunes\iTunes.exe”=“C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes"
“C:\Program Files\SFR\Media Center\httpd\httpd.exe”=“C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)”
“C:\Program Files\Spotify\spotify.exe”="C:\Program Files\Spotify\spotify.exe:
:Enabled:Spotify”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe:
:Enabled:Windows Live Messenger (Phone)”

Remaining Files :

Files with Hidden Attributes :

Mon 14 Apr 2008 1,695,232 …SH. — “C:\Program Files\Messenger\msmsgs.exe”
Mon 26 Jan 2009 1,740,632 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe”
Mon 26 Jan 2009 5,365,592 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe”
Sat 5 Jan 2008 4,348 A.SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak”
Sun 21 Jun 2009 10,053,112 A…H. — “C:\Program Files\Google\Picasa3\setup.exe”
Tue 8 Apr 2008 0 A.SH. — “C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp”
Wed 24 Dec 2008 165,232 A…H. — “C:\Documents and Settings\Lo?c\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll”
Wed 14 Aug 2002 65,088 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM
Wed 14 Aug 2002 12,732 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM
Wed 14 Aug 2002 26,424 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM
Wed 14 Aug 2002 28,062 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM
Wed 14 Aug 2002 10,710 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM
Wed 14 Aug 2002 10,083 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM
Wed 14 Aug 2002 10,257 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM
Wed 14 Aug 2002 29,499 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM
Wed 14 Aug 2002 12,660 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM
Wed 14 Aug 2002 11,031 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM
Wed 14 Aug 2002 17,952 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM
Wed 14 Aug 2002 9,424 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM
Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM
Wed 14 Aug 2002 13,673 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM
Wed 14 Aug 2002 14,438 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM
Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM
Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM
Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM
Wed 14 Aug 2002 7,243 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM
Wed 14 Aug 2002 24,767 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM
Wed 14 Aug 2002 7,463 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM
Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM
Wed 14 Aug 2002 10,286 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM
Wed 14 Aug 2002 25,460 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM
Wed 14 Aug 2002 28,866 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM
Wed 14 Aug 2002 14,438 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM
Wed 14 Aug 2002 8,544 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys”
Wed 14 Aug 2002 33,149 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys”
Wed 14 Aug 2002 47,826 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS”
Wed 14 Aug 2002 35,340 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS”
Wed 14 Aug 2002 14,378 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS”
Wed 14 Aug 2002 37,984 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS”
Wed 14 Aug 2002 44,828 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS”
Wed 14 Aug 2002 29,628 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS”
Wed 14 Aug 2002 49,750 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS”
Wed 14 Aug 2002 49,242 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS”
Wed 14 Aug 2002 50,606 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS”
Wed 14 Aug 2002 161,792 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS”
Wed 14 Aug 2002 174,080 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys”
Wed 14 Aug 2002 21,971 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS”
Wed 14 Aug 2002 30,955 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS”
Wed 14 Aug 2002 202,517 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE”
Wed 14 Aug 2002 374,038 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE”
Wed 14 Aug 2002 22,158 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS”
Wed 14 Aug 2002 1,608 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM
Wed 14 Aug 2002 15,345 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS”
Wed 14 Aug 2002 7,840 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS”
Wed 14 Aug 2002 56,821 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE”
Wed 14 Aug 2002 64,425 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS”
Wed 14 Aug 2002 32,396 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE”
Wed 14 Aug 2002 14,160 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS”
Wed 14 Aug 2002 10,898 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM
Wed 14 Aug 2002 53,556 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS”
Wed 14 Aug 2002 15,777 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM
Wed 14 Aug 2002 37,681 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM
Wed 14 Aug 2002 354,304 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys”
Wed 14 Aug 2002 21,180 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE”
Wed 14 Aug 2002 354,263 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe”
Wed 14 Aug 2002 8,513 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM
Wed 14 Aug 2002 41,302 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS”
Wed 14 Aug 2002 129,240 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE”
Wed 14 Aug 2002 28,439 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com
Wed 14 Aug 2002 13,770 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE”
Wed 14 Aug 2002 130,980 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE”
Wed 14 Aug 2002 11,854 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM
Wed 14 Aug 2002 52,715 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM
Wed 14 Aug 2002 62,391 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM
Wed 14 Aug 2002 11,491 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com
Wed 14 Aug 2002 17,791 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com
Wed 14 Aug 2002 17,043 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com
Wed 14 Aug 2002 11,786 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com
Wed 14 Aug 2002 18,300 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com
Wed 14 Aug 2002 48,224 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com
Wed 14 Aug 2002 13,360 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com
Wed 14 Aug 2002 9,190 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com
Wed 14 Aug 2002 12,567 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com
Wed 14 Aug 2002 44,640 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM
Wed 14 Aug 2002 56,896 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com
Wed 14 Aug 2002 44,640 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com
Wed 14 Aug 2002 9,692 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com
Wed 14 Aug 2002 9,537 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM
Wed 14 Aug 2002 32,484 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com
Wed 14 Aug 2002 52,225 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe”
Wed 14 Aug 2002 48,491 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe”
Wed 14 Aug 2002 50,405 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com
Wed 14 Aug 2002 33,860 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe”
Wed 14 Aug 2002 50,175 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe”
Wed 14 Aug 2002 50,795 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe”
Wed 14 Aug 2002 48,223 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com
Wed 14 Aug 2002 48,641 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe”
Wed 14 Aug 2002 49,015 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com
Wed 14 Aug 2002 53,786 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com
Wed 14 Aug 2002 44,240 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM
Wed 14 Aug 2002 42,550 A…H. — “C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM

Finished!

ET voici enfin le rapport HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:24, on 30/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\HijackThis\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Translate with &Babylon - C:\Program… Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - www.kaspersky.com…
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - housecall65.trendmicro.com…
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - acs.pandasoftware.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com…
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com…
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - fichiers.touslesdrivers.com…
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com…
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com…
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - support.f-secure.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live ID Sign-in Assistant (wlidsvc) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE (file missing)


End of file - 9016 bytes

Alors, qu’en dis-tu ? La fin est-elle proche ?