Forum Clubic

Pb fenetre pub intempestive

Bonjour,
j’ai des fenêtres pub qui s’ouvrent sans arrêt depuis ce matin :o.
Voiçi le rapport HIjack.
Merci de votre aide et me dire ce qu’il convient de faire:

Logfile of HijackThis v1.99.1
Scan saved at 12:01:45, on 18/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\mspgw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\Div4.tmp\DivXInstaller.exe
C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\nsd9.tmp\DivXComponent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\FABRICE WININGER\Bureau\Sécurity\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mail.eu.sodexonet.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM…\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM…\Run: [Manage Program Gateway] C:\WINDOWS\system32\mspgw.exe
O4 - HKLM…\RunOnce: [B Register C:\Program Files\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax] “C:\WINDOWS\system32\rundll32.exe” “C:\Program Files\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax”,DllRegisterServer
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr…
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un Favori de l’appareil mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com…
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - t.live.cctv.com…
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - www.tvucricket.com…
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1c9a6ebd8afaf4c) (gupdate1c9a6ebd8afaf4c) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

Je ne vois rien de néefaste dans votre rapport, essayez malwarebytes et rogueRemover

Ok, je vais voir cela.

rogueRemover n’a rien trouvé.

malwarebytes a trouvé : Security.Hijack
je l’ai supprimé mais rien n’a changé

spybot a trouvé en plus: hugiton13 que je n’arrive pas a supprimer,
voiçi le rapport spybot:

— Search result list —
Microsoft.Windows.Security.InternetExplorer: [SBI $366713D4] Réglages (Modification du Registre, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

Hupigon13: [SBI $D5A7DCB6] Réglages (Clé du Registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

DoubleClick: Cookie traceur (Internet Explorer: FABRICE WININGER) (Cookie, nothing done)

Right Media: Cookie traceur (Internet Explorer: FABRICE WININGER) (Cookie, nothing done)

— Spybot - Search & Destroy version: 1.6.2 (build: 20090126) —

2009-07-18 unins000.exe (51.49.0.0)
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 SDShred.exe (1.0.2.5)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-26 advcheck.dll (1.6.2.15)
2009-01-26 SDHelper.dll (1.6.2.14)
2009-01-26 Tools.dll (2.1.6.10)
2008-06-14 DelZip179.dll (1.79.11.1)
2007-04-02 aports.dll (2.1.0.0)
2008-06-19 sqlite3.dll
2009-01-22 Includes\Revision.sbi ()
2009-01-22 Includes\Cookies.sbi (
)
2009-05-19 Includes\Dialer.sbi ()
2009-01-22 Includes\HeavyDuty.sbi (
)
2009-05-26 Includes\Hijackers.sbi ()
2009-06-23 Includes\Keyloggers.sbi (
)
2004-11-29 Includes\LSP.sbi ()
2009-06-30 Includes\Malware.sbi (
)
2009-03-25 Includes\PUPS.sbi ()
2009-01-13 Includes\Security.sbi (
)
2008-06-03 Includes\Spybots.sbi ()
2009-04-07 Includes\Spyware.sbi (
)
2009-05-19 Includes\Adware.sbi ()
2009-06-08 Includes\Tracks.uti
2009-07-07 Includes\Trojans.sbi (
)
2009-06-02 Includes\DialerC.sbi ()
2009-07-07 Includes\HijackersC.sbi (
)
2009-07-07 Includes\KeyloggersC.sbi ()
2009-07-07 Includes\MalwareC.sbi (
)
2009-07-07 Includes\PUPSC.sbi ()
2009-06-02 Includes\SecurityC.sbi (
)
2008-06-03 Includes\SpybotsC.sbi ()
2009-07-07 Includes\SpywareC.sbi (
)
2009-06-02 Includes\AdwareC.sbi ()
2009-07-08 Includes\TrojansC.sbi (
)
2007-12-24 Plugins\TCPIPAddress.dll
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll

— System information —
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
/ Windows Media Player 11: Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
/ Windows Media Player 11: Correctif pour Lecteur Windows Media 11 (KB939683)
/ Windows Media Player 11: Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
/ Windows Media Player 11: Mise à jour critique pour Lecteur Windows Media 11 (KB959772)
/ Windows XP: Mise à jour de sécurité pour Windows XP (KB941569)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Mise à jour pour Windows Internet Explorer 8 (KB968220)
/ Windows XP / SP0: Mise à jour pour Windows Internet Explorer 8 (KB969497)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Hotfix for Windows XP (KB915800-v4)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB923561)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB938464)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB946648)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950760)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950762)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950974)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951066)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951376-v2)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951698)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951748)
/ Windows XP / SP4: Mise à jour pour Windows XP (KB951978)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB952004)
/ Windows XP / SP4: Correctif pour Windows XP (KB952287)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB952954)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB954211)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB954600)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB955069)
/ Windows XP / SP4: Mise à jour pour Windows XP (KB955839)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956572)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956802)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956803)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956841)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB957097)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB958215)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB958644)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB958687)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB958690)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB959426)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB960225)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB960714)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB960715)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB960803)
/ Windows XP / SP4: Correctif pour Windows XP (KB961118)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB961371)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB961373)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB961501)
/ Windows XP / SP4: Mise à jour pour Windows XP (KB961503)
/ Windows XP / SP4: Mise à jour pour Windows XP (KB967715)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB968537)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB969898)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB970238)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB971633)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB973346)

— Startup entries list —
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A

Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1948440
MD5: 2588B441E5B22691E0610CF710865441

Located: HK_LM:Run, AzMixerSel
command: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
file: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
size: 53248
MD5: AE09A7FAD521DA4E5781CB93F594FD3C

Located: HK_LM:Run, ePower_DMC
command: C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
file: C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
size: 438272
MD5: A1FF818BDDFF23BC89F9C54DD467D857

Located: HK_LM:Run, IMJPMIG8.1
command: “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7BBE4CF421AECC7F0226EDD75F12079F

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 55824
MD5: 6C89F578943CCF81F25E226FE758D2CB

Located: HK_LM:Run, LManager
command: C:\PROGRA~1\LAUNCH~1\LManager.exe
file: C:\PROGRA~1\LAUNCH~1\LManager.exe
size: 634880
MD5: DFAE0D430C5D2458340F67FD2841F3E7

Located: HK_LM:Run, Manage Program Gateway
command: C:\WINDOWS\system32\mspgw.exe
file: C:\WINDOWS\system32\mspgw.exe
size: 16896
MD5: 194A8422B3B1A2A8F11262515587E1B9

Located: HK_LM:Run, MobileConnect
command: %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
file: C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
size: 2073088
MD5: 392C7048F53419C43E4D833DE9461115

Located: HK_LM:Run, MSPY2002
command: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
file: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
size: 59392
MD5: 1B17E09C1223F6D17336D2DD7A1AF4F4

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 13594624
MD5: 82327AD718F073ACFD7FCFA2987F69F8

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\NvMcTray.dll
size: 86016
MD5: 83818A60844028F7398A69109FDBA99C

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1657376
MD5: BC44C6160D612982645BD9942C731762

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Located: HK_LM:Run, preload
command: C:\Windows\RUNXMLPL.exe
file: C:\Windows\RUNXMLPL.exe
size: 32768
MD5: B097A1BB009E5F9D63B036D8873D9072

Located: HK_LM:Run, QuickTime Task
command: “C:\Program Files\QuickTime\qttask.exe” -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16261632
MD5: 10B0722C7203181B0C50C6CB974D2F2A

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 786521
MD5: BDE04E19FFC96082BD688792D7FE20AC

Located: HK_LM:RunOnce, Malwarebytes’ Anti-Malware
command: C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent
file: C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe
size: 414992
MD5: 0A7D6A6B460CCB27609C329670A1ABFB

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT…
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19…
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20…
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-3001915749-891072589-1729705482-1006…
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, H/PC Connection Agent
where: S-1-5-21-3001915749-891072589-1729705482-1006…
command: “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
file: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
size: 1289000
MD5: 4C4CF9220E628D1378F9807EC5175488

Located: HK_CU:Run, msnmsgr
where: S-1-5-21-3001915749-891072589-1729705482-1006…
command: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3885408
MD5: 35B9FA77B73358D9063CD61AA3D83EE8

Located: HK_CU:Run, PMCRemote
where: S-1-5-21-3001915749-891072589-1729705482-1006…
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3001915749-891072589-1729705482-1006…
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18…
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: Démarrage (tous utilisateurs), Logitech SetPoint.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage…
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 789008
MD5: 119E5A7C1D982ACEC622F419A0AB7E1A

Located: Démarrage (tous utilisateurs), Windows Search.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage…
command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 123904
MD5: B5C9F63C01FCFEC3F64EC6A0940A1825

Located: Démarrage (désactivé), Acer Empowering Technology (DISABLED)
command: C:\Acer\EMPOWE~1\ACEREM~1.EXE
file: C:\Acer\EMPOWE~1\ACEREM~1.EXE
size: 45056
MD5: CA1BCBBFA76C7BF7BD60B1E997FB778A

Located: Démarrage (désactivé), hp psc 2000 Series (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe
size: 323646
MD5: 1FD676DCEEC0288701445BC9ACC61329

Located: Démarrage (désactivé), officejet 6100 (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe
size: 147456
MD5: A3B5665AA990EC6878815C1C554DF6CA

Located: Démarrage (désactivé), Pinnacle Streaming Server (DISABLED)
command: C:\PROGRA~1\Pinnacle\SHARED~1\Programs\STRMSE~1\STRMSE~1.EXE
file: C:\PROGRA~1\Pinnacle\SHARED~1\Programs\STRMSE~1\STRMSE~1.EXE
size: 577536
MD5: EB57658178074FAFD2E62C4A0F90B40B

Located: WinLogon, avgrsstarter
command: avgrsstx.dll
file: avgrsstx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, LBTWlgn
command: c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
file: c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
size: 72208
MD5: D798B648C494087D4115E91FE5E9DBAE

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

— Browser helper object list —
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 27/02/2009 12:07:26
Date (last access): 18/07/2009
Date (last write): 27/02/2009 12:07:26
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8
Long name: avgssie.dll
Short name:
Date (created): 27/02/2009 17:26:54
Date (last access): 18/07/2009
Date (last write): 15/07/2009 18:52:20
Filesize: 1111320
Attributes: archive
MD5: A8F964A2FB9400B81E1483AA5A8B39F5
CRC32: E3F2A2F4
Version: 8.5.0.392

{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d’aide de l’Assistant de connexion Windows Live)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name: Programme d’aide de l’Assistant de connexion Windows Live
Path: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22/01/2009 15:41:30
Date (last access): 18/07/2009
Date (last write): 22/01/2009 15:41:30
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5

{A3BC75A2-1F87-4686-AA43-5347D756017C} (AVG Security Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name: AVG Security Toolbar BHO
Path: C:\Program Files\AVG\AVG8\Toolbar
Long name: IEToolbar.dll
Short name: IETOOL~1.DLL
Date (created): 09/06/2009 18:23:52
Date (last access): 18/07/2009
Date (last write): 14/06/2009 16:08:06
Filesize: 1004800
Attributes: archive
MD5: 38352F3D2640605DE17F6BABB3083380
CRC32: 7529D6B7
Version: 2.506.14.1

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572
Long name: swg.dll
Short name:
Date (created): 25/03/2009 07:48:26
Date (last access): 18/07/2009
Date (last write): 25/03/2009 07:48:26
Filesize: 668656
Attributes: archive
MD5: D1585B06DED161E13B905DC4FFBF7F12
CRC32: 88D5BAA5
Version: 5.1.1309.3572

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name: Java™ Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin
Long name: jp2ssv.dll
Short name:
Date (created): 26/03/2009 09:26:26
Date (last access): 18/07/2009
Date (last write): 26/03/2009 09:26:26
Filesize: 35840
Attributes: archive
MD5: 96A225C7F5346A9E81FC3DFA89A900C0
CRC32: BAD5D2EF
Version: 6.0.130.3

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 26/03/2009 09:26:28
Date (last access): 18/07/2009
Date (last write): 26/03/2009 09:26:28
Filesize: 73728
Attributes: archive
MD5: 53F8B53918C839F76367B7E612B742B1
CRC32: 735F7F91
Version: 6.0.130.3

— ActiveX list —
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: www.update.microsoft.com…
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32
Long name: wuweb.dll
Short name:
Date (created): 05/08/2004 05:00:00
Date (last access): 18/07/2009
Date (last write): 16/10/2008 14:12:24
Filesize: 202776
Attributes: archive
MD5: 0006DE8037F5A562F96B461B3C557C3C
CRC32: 9B107DED
Version: 7.2.6001.788

{AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall)
DPF name:
CLSID name: CCTVUpdateInstall
Installer:
Codebase: t.live.cctv.com…
Path: C:\WINDOWS\Downloaded Program Files
Long name: CCTVUpdateInstall.dll
Short name: CCTVUP~1.DLL
Date (created): 08/03/2009 17:09:36
Date (last access): 18/07/2009
Date (last write): 08/03/2009 17:09:38
Filesize: 64784
Attributes: archive
MD5: 9BB27CCD2771FE47B1436D70F98A45C1
CRC32: F3090CDA
Version: 1.0.0.8

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: java.sun.com…
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 26/03/2009 09:26:28
Date (last access): 18/07/2009
Date (last write): 26/03/2009 09:26:28
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3

{D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class)
DPF name:
CLSID name: VodClient Control Class
Installer: C:\WINDOWS\Downloaded Program Files\vjocx.inf
Codebase: www.tvucricket.com…
Path: C:\WINDOWS\system32\nagasoft
Long name: vjocx.dll
Short name:
Date (created): 18/03/2009 14:04:44
Date (last access): 18/07/2009
Date (last write): 18/03/2009 14:04:44
Filesize: 1685024
Attributes: archive
MD5: A4917C2686F8AAD36CA825E538FA205A
CRC32: A2835F75
Version: 2.0.318.0

— Process list —
PID: 0 ( 0) [System]
PID: 1420 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 1492 (1420) ??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1520 (1420) ??\C:\WINDOWS\system32\winlogon.exe
size: 512000
PID: 1564 (1520) C:\WINDOWS\system32\services.exe
size: 111104
MD5: C3FB1D70CB88722267949694BA51759E
PID: 1576 (1520) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 91E6024D6D4DCDECDB36C43ECF9BBECB
PID: 1728 (1564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: E4BDF223CD75478BF44567B4D5C2634D
PID: 1784 (1564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: E4BDF223CD75478BF44567B4D5C2634D
PID: 1828 (1564) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: E4BDF223CD75478BF44567B4D5C2634D
PID: 132 (1564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: E4BDF223CD75478BF44567B4D5C2634D
PID: 176 (1564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: E4BDF223CD75478BF44567B4D5C2634D
PID: 608 (1564) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 460E4CE148BD07218DA0B6A3D31885A9
PID: 1460 (1564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: E4BDF223CD75478BF44567B4D5C2634D
PID: 1916 (1564) C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
size: 28672
MD5: A7A071726A35955C05FCBF9ABDDBBD97
PID: 2040 (1564) C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 144712
MD5: 536FCD2CEC5161BFCC91CC21726B9DB2
PID: 208 (1564) C:\Program Files\AVG\AVG8\AVGWDSVC.EXE
size: 298776
MD5: BFC093C2DDDE8FCE5DA078E663B4515B
PID: 260 (1564) C:\Program Files\AVG\AVG8\AVGFWS8.EXE
size: 1368952
MD5: ADE4008387AB674CA2AEC0A03B665946
PID: 288 (1564) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 320 (1564) C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
size: 254050
MD5: D5C2B2085086C2B594502E23913D1CB8
PID: 348 (1564) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
size: 61440
MD5: 5B417ED5B49D5A65355A81A2A5FBC1E0
PID: 476 ( 348) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
size: 1077376
MD5: 0F9ABC13B1254729AC71E910BD75000F
PID: 928 (1564) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 890369AED0DDE1A98F09F7DC239CA2BD
PID: 1068 (1564) C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
size: 49152
MD5: 86E8BCAA91FC2ACFACD99CF2BF9F1F47
PID: 1088 ( 940) C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
size: 133104
MD5: 37CE3F960BEEC755D0E04E4140E93638
PID: 1152 (1564) C:\WINDOWS\system32\nvsvc32.exe
size: 168004
MD5: 755D3A2DE4B05024F90430FE32FF26A5
PID: 1188 (1564) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
size: 143360
MD5: A76CDDB6D1F25797843E2557A2118E2E
PID: 1192 (1564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: E4BDF223CD75478BF44567B4D5C2634D
PID: 1488 (1564) C:\WINDOWS\system32\SearchIndexer.exe
size: 439808
MD5: 7778BDFA3F6F6FBA0E75B9594098F737
PID: 856 (1564) C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
size: 114784
MD5: 2303219FA3D03DF12636DBB7AD8B6801
PID: 1028 ( 892) C:\WINDOWS\Explorer.EXE
size: 1037824
MD5: F2317622D29F9FF0F88AEECD5F60F0DD
PID: 1280 (1564) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
size: 14336
MD5: 41335396339DD3C1B74527B187F6AE79
PID: 2180 ( 208) C:\Program Files\AVG\AVG8\avgam.exe
size: 833304
MD5: 8A0EB3A8FECEFA283F7B77B668518D9D
PID: 2228 ( 208) C:\Program Files\AVG\AVG8\AVGRSX.EXE
size: 486680
MD5: 95E1D555542D5F6031E756751C6FF3F4
PID: 2276 ( 208) C:\Program Files\AVG\AVG8\avgnsx.exe
size: 594712
MD5: 8F97675F10D4AF073FCFAB85ACEA1906
PID: 3268 (1028) C:\WINDOWS\RTHDCPL.EXE
size: 16261632
MD5: 10B0722C7203181B0C50C6CB974D2F2A
PID: 3676 (1564) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 5E9A6658A2A69AE7EB195113B7A2E7A9
PID: 3728 (1028) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 786521
MD5: BDE04E19FFC96082BD688792D7FE20AC
PID: 4052 (1028) C:\Program Files\Launch Manager\LManager.exe
size: 634880
MD5: DFAE0D430C5D2458340F67FD2841F3E7
PID: 396 (1028) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33792
MD5: 93AD0B78C7357A05F50E594EC7C22300
PID: 1184 (1028) C:\Program Files\AVG\AVG8\avgtray.exe
size: 1948440
MD5: 2588B441E5B22691E0610CF710865441
PID: 2148 (1728) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 1692 (1028) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
size: 438272
MD5: A1FF818BDDFF23BC89F9C54DD467D857
PID: 380 (1028) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
size: 2073088
MD5: 392C7048F53419C43E4D833DE9461115
PID: 2444 (1028) C:\WINDOWS\system32\mspgw.exe
size: 16896
MD5: 194A8422B3B1A2A8F11262515587E1B9
PID: 3192 (1028) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4
PID: 3748 (1028) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3885408
MD5: 35B9FA77B73358D9063CD61AA3D83EE8
PID: 4020 (1564) C:\WINDOWS\system32\wbem\wmiapsrv.exe
size: 126464
MD5: 4E8E8A58F56B25D0795F484E5EB7F898
PID: 4088 (1028) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
size: 1289000
MD5: 4C4CF9220E628D1378F9807EC5175488
PID: 336 (1728) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 1428 (1728) C:\Program Files\Microsoft ActiveSync\rapimgr.exe
size: 199464
MD5: DCFC84480C76D862D9BFD386EA6E8DE7
PID: 2144 (1028) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 2776 (1028) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 123904
MD5: B5C9F63C01FCFEC3F64EC6A0940A1825
PID: 3012 (1028) C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 789008
MD5: 119E5A7C1D982ACEC622F419A0AB7E1A
PID: 944 (1728) C:\WINDOWS\system32\wbem\unsecapp.exe
size: 16896
MD5: E77B97D96A89DE67DEC6AD76F92C3655
PID: 3240 (3268) C:\Documents and Settings\FABRICE WININGER\Local Settings\Temp\RtkBtMnt.exe
size: 208896
MD5: E39574B471EF0B8719B13CC99AAFF0B8
PID: 440 (3012) C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
size: 55824
MD5: E756799FB7AEE47E30DE5E337A9C5C86
PID: 1372 (1728) C:\Program Files\Windows Live\Contacts\wlcomm.exe
size: 27512
MD5: 654480EA67078C7B4C6C8BA871B07D5D
PID: 29432 (1028) C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\UMC.exe
size: 57344
MD5: 722592C0FE86782C947A509AEF5287B1
PID: 85892 (81556) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
size: 12438896
MD5: A4FF8C541A8F45431151EDFCC7920F26
PID: 88476 (85892) C:\Program Files\AVG\AVG8\avgcsrvx.exe
size: 692504
MD5: 4CAA24310158014FC9F6CC87BA50D5A6
PID: 23556 (1028) C:\Program Files\Google\Chrome\Application\chrome.exe
size: 830960
MD5: 5957574217F505FCD399BBAD09CCB60D
PID: 32932 (23556) C:\Program Files\Google\Chrome\Application\chrome.exe
size: 830960
MD5: 5957574217F505FCD399BBAD09CCB60D
PID: 198628 (2144) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 321232 (1028) C:\Program Files\CCleaner\CCleaner.exe
size: 1578736
MD5: A8538F5EC6F0AC198F88A01F422787F9
PID: 336772 (2444) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 336836 (336772) C:\Program Files\Internet Explorer\iexplore.exe
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E

— Browser start & search pages list —
Spybot - Search & Destroy browser pages report, 18/07/2009 17:35:35

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
www.google.com…
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
www.google.com…
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
mail.eu.sodexonet.com…
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
www.google.com…
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
www.google.com…
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl@
www.google.com…
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
go.microsoft.com…
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
go.microsoft.com…
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
go.microsoft.com…
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
go.microsoft.com…
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
ie.search.msn.com…
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
ie.search.msn.com…

— Winsock Layered Service Provider list —

— Uninstall list —
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) 04/28/2006 1.3.1.0 (7B97A8EDCCEC659B382D562C55FC61601C43C968)
uninstall cmd: C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPINST.EXE /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_4C9003F79A472E408F11C51BDF222156676824AF\amdk8.inf
publisher: Advanced Micro Devices

(Acer French Guide Link)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"

(AddressBook)

Adobe Flash Player 10 ActiveX 10.0.12.36 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: www.adobe.com…

Adobe Flash Player 10 Plugin 10.0.22.87 (Adobe Flash Player Plugin)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated

(AVG7Uninstall)

AVG 8.5 (AVG8Uninstall)
version (major): 8
version (minor): 5
install location: C:\Program Files\AVG\AVG8
uninstall cmd: C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
publisher: AVG Technologies

(BackWeb-8876480 Uninstaller)

Belarc Advisor 7.2 (Belarc Advisor)
uninstall cmd: C:\PROGRA~1\BELARC\ADVISOR\Uninstall.exe C:\PROGRA~1\BELARC\ADVISOR\INSTALL.LOG

Brain Coaching (Brain Coaching)
uninstall cmd: C:\Program Files\Micro Application\Brain Coaching\Desinstaller.exe

(Branding)

CCleaner (remove only) (CCleaner)
uninstall cmd: “C:\Program Files\CCleaner\uninst.exe”
publisher: Piriform

HDAUDIO Soft Data Fax Modem with SmartCP (CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10250093)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10250093\HXFSETUP.EXE -U -IGraS1025.inf

(Connection Manager)

DAEMON Tools Toolbar 1.0.7.0088 (DAEMON Tools Toolbar)
uninstall cmd: C:\Program Files\DAEMON Tools Toolbar\uninst.exe
publisher: DT Soft Ltd

(DirectAnimation)

(DirectDrawEx)

DivX Plus DirectShow Filters (DivX Plus DirectShow Filters)
install location: C:\Program Files\DivX\DivX Plus DirectShow Filters
uninstall cmd: C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
publisher: DivX, Inc.

(DXM_Runtime)

Easy WiFi Radar 1.0.5 1.0.5 (Easy WiFi Radar)
version (major): 1
install date: 2009-06-18 19:38:08
install location: C:\Program Files\Makayama Interactive\Easy WiFi Radar
install source: C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\ARC20
uninstall cmd: C:\PROGRA~1\MAKAYA~1\EASYWI~1\Setup.exe /remove /q0
publisher: Makayama Interactive
contact: support@makayama.com
help link: www.makayama.com…

eMule (eMule)
uninstall cmd: “C:\Program Files\eMule\Uninstall.exe”

EPSON Logiciel imprimante (EPSON Printer and Utilities)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

FilmOn HDi Player (FilmOn HDi Player)
uninstall cmd: C:\Program Files\FilmOn HDi Player\Uninstall.exe

(Fontcore)

Google Chrome 2.0.172.37 (Google Chrome)
install date: 20090317
install location: C:\Program Files\Google\Chrome\Application
uninstall cmd: “C:\Program Files\Google\Chrome\Application\2.0.172.37\Installer\setup.exe” --uninstall --system-level
publisher: Google Inc.

Outil de mise à jour Google 2.4.1536.6592 (Google Updater)
version (major): 2
version (minor): 4
install location: C:\Program Files\Google\Google Updater
uninstall cmd: “C:\Program Files\Google\Google Updater\GoogleUpdater.exe” -uninstall
publisher: Google Inc.
help link: pack.google.com:80…

Acer GridVista 2.53.0209 (GridVista)
uninstall cmd: C:\WINDOWS\UnInst32.exe GridV.UNI

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\FABRICE WININGER\Bureau\Sécurity\hijackthis_199\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

hp psc 2200 series (hp psc 2200 series_Driver)
uninstall cmd: rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe”
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 8 20090308.140743 (ie8)
install date: 20090319
uninstall cmd: “C:\WINDOWS\ie8\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: www.microsoft.com…

(IEData)

(InstallShield Uninstall Information)

NTI CD & DVD-Maker 7 (InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2})
version: 117440512
version (major): 7
estimated size: 164451
install date: 20060824
install location: C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
install source: C:\elements\install\CDMaker
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
publisher: NewTech Infosystems
comments: Vos remarques
contact: Service support clientèle
help link: www.votresociété.com…
help telephone: +1-555-555-4505

Texas Instruments PCIxx21/x515/xx12 drivers. 1.16.0000 (InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E})
version: 17825792
version (major): 1
version (minor): 16
estimated size: 800
install date: 20060824
install source: C:\elements\install\CardR
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1036
publisher: Texas Instruments Inc.
comments: TI PCIxx21/PCIx515/xx12 Software components
contact:
help link:
help telephone:

Acer eDataSecurity Management 2.0.3077 2.0.3077 (InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908})
version: 33557509
version (major): 2
estimated size: 49607
install date: 20090224
install location: C:\Acer\Empowering Technology\eDataSecurity
install source: C:\WINDOWS\Downloaded Installations{D097E1D4-7C6A-433E-8E01-39733D6629F2}
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1036
publisher: Acer

(KB884016)

(KB884267)

(KB885353)

(KB886612)

(KB887078)

(KB887626)

High Definition Audio Driver Package - KB888111 20040219.000000 (KB888111WXPSP2)
uninstall cmd: “C:\WINDOWS$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

(KB888656)

(KB889858)

(KB891122)

Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
install date: 20090224
publisher: Microsoft Corporation
help link: support.microsoft.com…

(KB892313)

(KB893240)

(KB893241)

3.1 (KB893803)
help link: go.microsoft.com…

(KB895181)

(KB895316)

(KB895572)

(KB897586)

(KB898549)

(KB900399)

(KB902344)

(KB907658)

Package de base Microsoft de service de chiffrement pour cartes à puce (KB909520)
uninstall cmd: “C:\WINDOWS$NtUninstallbasecsp$\spuninst\spuninst.exe”
publisher: Microsoft Corporation

(KB911565)

(KB911854)

Hotfix for Windows XP (KB915800-v4) 4 (KB915800-v4)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB915800-v4$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB923561) 1 (KB923561)
install date: 20090417
uninstall cmd: “C:\WINDOWS$NtUninstallKB923561$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB923789) (KB923789)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
publisher: Microsoft Corporation
help link: support.microsoft.com…

Hotfix for Windows Media Format 11 SDK (KB929399) (KB929399)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB929399$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Security Update for CAPICOM (KB931906) 2.1.0.2 (KB931906)
uninstall cmd: MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) (KB936782_WMP11)
install date: 20090226
uninstall cmd: “C:\WINDOWS$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2) 2 (KB938127-v2-IE7)
install date: 20090224
uninstall cmd: “C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB938464) 1 (KB938464)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB938464$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Correctif pour Lecteur Windows Media 11 (KB939683) (KB939683)
install date: 20090226
uninstall cmd: “C:\WINDOWS$NtUninstallKB939683$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Windows Search 4.0 04.00.6001.503 (KB940157)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB940157$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB941569) (KB941569)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB941569$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB946648) 1 (KB946648)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB946648$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB950760) 1 (KB950760)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB950760$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB950762) 1 (KB950762)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB950762$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB950974) 1 (KB950974)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB950974$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB951066) 1 (KB951066)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB951066$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB951376-v2) 2 (KB951376-v2)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB951376-v2$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB951698) 1 (KB951698)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB951698$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB951748) 1 (KB951748)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB951748$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour pour Windows XP (KB951978) 1 (KB951978)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB951978$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB952004) 1 (KB952004)
install date: 20090417
uninstall cmd: “C:\WINDOWS$NtUninstallKB952004$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Lecteur Windows Media (KB952069) (KB952069_WM9)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB952069_WM9$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Correctif pour Windows XP (KB952287) 1 (KB952287)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB952287$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB952954) 1 (KB952954)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB952954$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154) (KB954154_WM11)
install date: 20090226
uninstall cmd: “C:\WINDOWS$NtUninstallKB954154_WM11$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB954211) 1 (KB954211)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB954211$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB954459) 1 (KB954459)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB954459$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Hotfix for Windows XP (KB954550-v5) 5 (KB954550-v5)
install date: 20090224
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB954600) 1 (KB954600)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB954600$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB955069) 1 (KB955069)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB955069$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour pour Windows XP (KB955839) 1 (KB955839)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB955839$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390) 1 (KB956390-IE7)
install date: 20090224
uninstall cmd: “C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB956572) 1 (KB956572)
install date: 20090417
uninstall cmd: “C:\WINDOWS$NtUninstallKB956572$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB956802) 1 (KB956802)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB956802$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB956803) 1 (KB956803)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB956803$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB956841) 1 (KB956841)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB956841$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB957097) 1 (KB957097)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB957097$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB958215) 1 (KB958215)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB958215$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB958644) 1 (KB958644)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB958644$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB958687) 1 (KB958687)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB958687$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB958690) 1 (KB958690)
install date: 20090311
uninstall cmd: “C:\WINDOWS$NtUninstallKB958690$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB959426) 1 (KB959426)
install date: 20090417
uninstall cmd: “C:\WINDOWS$NtUninstallKB959426$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour critique pour Lecteur Windows Media 11 (KB959772) (KB959772_WM11)
install date: 20090303
uninstall cmd: “C:\WINDOWS$NtUninstallKB959772_WM11$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB960225) 1 (KB960225)
install date: 20090311
uninstall cmd: “C:\WINDOWS$NtUninstallKB960225$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB960714) 1 (KB960714)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB960714$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB960715) 1 (KB960715)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB960715$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB960803) 1 (KB960803)
install date: 20090417
uninstall cmd: “C:\WINDOWS$NtUninstallKB960803$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Correctif pour Windows XP (KB961118) 1 (KB961118)
install date: 20090225
uninstall cmd: “C:\WINDOWS$NtUninstallKB961118$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260) 1 (KB961260-IE7)
install date: 20090224
uninstall cmd: “C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB961371) 1 (KB961371)
install date: 20090715
uninstall cmd: “C:\WINDOWS$NtUninstallKB961371$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB961373) 1 (KB961373)
install date: 20090417
uninstall cmd: “C:\WINDOWS$NtUninstallKB961373$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB961501) 1 (KB961501)
install date: 20090612
uninstall cmd: “C:\WINDOWS$NtUninstallKB961501$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour pour Windows XP (KB961503) 1 (KB961503)
install date: 20090429
uninstall cmd: “C:\WINDOWS$NtUninstallKB961503$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Security Update for Windows Search 4 - KB963093 (KB963093)
install date: 20090612
uninstall cmd: “C:\WINDOWS$NtUninstallKB963093$\spuninst\spuninst.exe”
publisher: Microsoft Corporation

Mise à jour pour Windows XP (KB967715) 1 (KB967715)
install date: 20090224
uninstall cmd: “C:\WINDOWS$NtUninstallKB967715$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour pour Windows Internet Explorer 8 (KB968220) 1 (KB968220-IE8)
install date: 20090319
uninstall cmd: “C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB968537) 1 (KB968537)
install date: 20090612
uninstall cmd: “C:\WINDOWS$NtUninstallKB968537$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour pour Windows Internet Explorer 8 (KB969497) 1 (KB969497-IE8)
install date: 20090509
uninstall cmd: “C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897) 1 (KB969897-IE8)
install date: 20090612
uninstall cmd: “C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB969898) 1 (KB969898)
install date: 20090612
uninstall cmd: “C:\WINDOWS$NtUninstallKB969898$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB970238) 1 (KB970238)
install date: 20090612
uninstall cmd: “C:\WINDOWS$NtUninstallKB970238$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB971633) 1 (KB971633)
install date: 20090715
uninstall cmd: “C:\WINDOWS$NtUninstallKB971633$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Mise à jour de sécurité pour Windows XP (KB973346) 1 (KB973346)
install date: 20090715
uninstall cmd: “C:\WINDOWS$NtUninstallKB973346$\spuninst\spuninst.exe”
publisher: Microsoft Corporation
help link: support.microsoft.com…

Launch Manager (LManager)
uninstall cmd: C:\WINDOWS\UnInst32.exe LManager.UNI

Microsoft .NET Framework 1.1 Hotfix (KB928366) (M928366)
uninstall cmd: “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe” “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp”

Magic Button (Magic Button)
uninstall cmd: C:\Program Files\Microsoft ActiveSync\Magic Button\Uninstall.exe Magic Button

Malwarebytes’ Anti-Malware (Malwarebytes’ Anti-Malware_is1)
install date: 20090718
install location: C:\Program Files\Malwarebytes’ Anti-Malware
uninstall cmd: “C:\Program Files\Malwarebytes’ Anti-Malware\unins000.exe”
publisher: Malwarebytes Corporation
help link: www.malwarebytes.org…

Malwarebytes’ RogueRemover (Malwarebytes’ RogueRemover FREE_is1)
install date: 20090718
install location: C:\Program Files\RogueRemover FREE
uninstall cmd: “C:\Program Files\RogueRemover FREE\unins000.exe”
publisher: Malwarebytes
help link: www.malwarebytes.org…

Micro Application - MediaDICO Les 4 Dictionnaires Utiles (MediaDICO 4 Dictionnaires Utiles)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\Uninst.isu"

Messenger Plus! Live 4.82.0.368 (Messenger Plus! Live)
install location: C:\Program Files\Messenger Plus! Live
uninstall cmd: “C:\Program Files\Messenger Plus! Live\Uninstall.exe”
publisher: Patchou

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm…](file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm)

Module linguistique Microsoft .NET Framework 3.5 SP1- fra (Microsoft .NET Framework 3.5 Language Pack SP1 - fra)
install location: C:\WINDOWS\Microsoft.NET\Framework\v3.5
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
publisher: Microsoft Corporation
help link: go.microsoft.com…

Microsoft

Je suis toujours infesté!!!
help
voiçi le rapport hijack:
Logfile of HijackThis v1.99.1
Scan saved at 18:34:24, on 18/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\mspgw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\FABRICE WININGER\Bureau\Sécurity\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mail.eu.sodexonet.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM…\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM…\Run: [Manage Program Gateway] C:\WINDOWS\system32\mspgw.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr…
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un Favori de l’appareil mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com…
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - t.live.cctv.com…
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - www.tvucricket.com…
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1c9a6ebd8afaf4c) (gupdate1c9a6ebd8afaf4c) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

Salut

1)Version d Hijackthis Obsoléte==>Logfile of HijackThis v1.99.1

cest ici ==>Hijackthis

  1. Désactive toutes tes protections résidentes ( Antivirus-Antispyware)

Télécharge Toolbar-S&D (de la Team IDN) sur ton Bureau.

==>Toolbar-S&D

==>Double clique l’icône ToolBar S&D sur le bureau

==>Sous Vista, faire un clic droit et “Exécuter en tant qu’administrateur” (Elévation des privilèges), puis -> Continuer.

==>Choisi F pour français et valide
==>Au menu principal de ToolBar S&D choisi l’option 1 (Recherche)
==>Le menu Démarrer et les icônes vont disparaîtrent, c’est normal
==>La recherche s’effectue, cela peut prendre plusieurs minutes, ne touche à rien.
==>Une fois l’analyse terminée, le rapport de recherche s’ouvre dans le Bloc-Note. (Dans le cas où le rapport ne s’ouvre pas, ce dernier se trouve sur C:\TB.txt)

Réactive toutes tes protections résidentes (Antivirus-Antispyware)
Copier/coller le rapport ici même

ensuite

  1. Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

==>Random’s System Information Tool (RSIT)

=>Important (Sous Vista)

Tu dois exécuter RSIT avec les droits d’administrateur, pour cela Clique droit sur RSIT et “Lancer en tant qu’administrateur”

==> Double-clique sur RSIT.exe afin de lancer RSIT.
==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

et en dernier

  1. Télécharges ==>GenProc
    –> sur le bureau

==>GenProc

–> Décompresse le sur le bureau
–>Ouvre le dossier créé et lance GenProc.bat(double-cliquer UNE SEULE FOIS sur le fichier GenProc.bat)
->le rapport s’affiche en très peu de temps, c’est normal.

tu repondras oui a ce message==>
–>Tu obtiendras alors un rapport ==> fais un copié/collé ici

Re

j ai oublié

pour GenProc réponds “oui” a ce message==>http://i26.tinypic.com/d5xl3.png

rapport toolbar:

-----------\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion™ 64 X2 Mobile Technology TL-50 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : FABRICE WININGER ( Administrator )
BOOT : Normal boot
Antivirus : AVG Internet Security 8.5 (Activated)
Firewall : AVG Firewall 8.5 (Activated)
C:\ (Local Disk) - FAT32 - Total:53 Go (Free:3 Go)
D:\ (Local Disk) - FAT32 - Total:54 Go (Free:15 Go)
E:\ (CD or DVD)
G:\ (CD or DVD)

“C:\ToolBar SD” ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 18/07/2009|18:46 )

-----------\ Recherche de Fichiers / Dossiers …

C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\Resources
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
C:\Program Files\DAEMON Tools Toolbar\uninst.exe
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
C:\Program Files\DAEMON Tools Toolbar_DTLite.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.png
C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png
C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\install.rdf
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome.manifest
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome\dttoolbar.jar
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.xpt
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

-----------\ Extensions

(FABRICE WININGER) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(FABRICE WININGER) - {62760FD6-B943-48C9-AB09-F99C6FE96088} => ebaycompanion
(FABRICE WININGER) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Search Page”=“http://www.google.com
“Search Bar”=“http://www.google.com/ie
“Default_Search_URL”=“http://www.google.com/ie

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157

--------------------\ Recherche d’autres infections

Aucune autre infection trouvée !

1 - “C:\ToolBar SD\TB_1.txt” - 18/07/2009|18:47 - Option : [1]

-----------\ Fin du rapport a 18:47:45,87

RAPPORT RSIT/
Logfile of random’s system information tool 1.06 (written by random/random)
Run by FABRICE WININGER at 2009-07-18 18:50:31
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 4 GB (6%) free of 55 GB
Total RAM: 2047 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:47, on 18/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\mspgw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\FABRICE WININGER\Bureau\Sécurity\hijackthis_199\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Download\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Download\RSIT(2).exe
D:\Download\FABRICE WININGER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mail.eu.sodexonet.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM…\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM…\Run: [Manage Program Gateway] C:\WINDOWS\system32\mspgw.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr…
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un Favori de l’appareil mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com…
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - t.live.cctv.com…
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - www.tvucricket.com…
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1c9a6ebd8afaf4c) (gupdate1c9a6ebd8afaf4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe


End of file - 12562 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1236112486.job
C:\WINDOWS\tasks\SesamTVMC.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{0575D345-112F-4C43-AB4D-04B92B393531}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-15 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-26 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“preload”=C:\Windows\RUNXMLPL.exe [2005-05-19 32768]
“RTHDCPL”=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632]
“Alcmtr”=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
“AzMixerSel”=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
“”= []
“IMJPMIG8.1”=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
“MSPY2002”=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392]
“PHIME2002ASync”=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
“PHIME2002A”=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
“LManager”=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-08-08 634880]
“nwiz”=nwiz.exe /install []
“NvMediaCenter”=C:\WINDOWS\system32\NvMcTray.dll [2009-01-30 86016]
“Kernel and Hardware Abstraction Layer”=C:\WINDOWS\KHALMNPR.EXE [2007-11-29 55824]
“AVG8_TRAY”=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-09 1948440]
“ePower_DMC”=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-07-18 438272]
“NvCplDaemon”=C:\WINDOWS\system32\NvCpl.dll [2009-01-30 13594624]
“MobileConnect”=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-09-22 2073088]
“Manage Program Gateway”=C:\WINDOWS\system32\mspgw.exe [2009-07-18 16896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
“msnmsgr”=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
“PMCRemote”= []
“H/PC Connection Agent”=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
“SpybotSD TeaTimer”=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-06-07 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-07-18 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmOn HDi Player]
C:\Program Files\FilmOn HDi Player\FilmOn HDi Player.exe [2009-07-02 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matchlock Scheduling]
C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\Monitor.exe [2005-06-09 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO4Ut]
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe [2004-03-03 252416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2006-05-15 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-01-30 13594624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Acer\Acer Arcade\PCMService.exe [2006-04-27 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe [2007-09-27 109640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-06-14 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-26 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Remote Control Center]
C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\RMC.exe [2005-05-28 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk]
C:\Acer\EMPOWE~1\ACEREM~1.EXE [2006-06-13 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe [2002-06-27 323646]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^officejet 6100.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe [2002-06-27 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Streaming Server.lnk]
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\STRMSE~1\STRMSE~1.EXE [2007-09-21 577536]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-04-27 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2008-01-09 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“HonorAutoRunSetting”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Acer\Acer Arcade\PCMService.exe”="C:\Program Files\Acer\Acer Arcade\PCMService.exe:
:Enabled:CyberLink PowerCinema Resident Program"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Documents and Settings\FABRICE WININGER\Local Settings\Temp\WZSE0.TMP\SymNRT.exe”="C:\Documents and Settings\FABRICE WININGER\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:
:Enabled:Norton Removal Tool"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:
:Enabled:Windows Live Messenger”
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook"
“C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe”=“C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server”
“C:\Program Files\AVG\AVG8\avgam.exe”="C:\Program Files\AVG\AVG8\avgam.exe:
:Enabled:avgam.exe”
“C:\Program Files\AVG\AVG8\avgupd.exe”=“C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe"
“C:\Program Files\AVG\AVG8\avgnsx.exe”="C:\Program Files\AVG\AVG8\avgnsx.exe:
:Enabled:avgnsx.exe”
“C:\Program Files\Bonjour\mDNSResponder.exe”=“C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour"
“C:\Program Files\Steam\steamapps\common\monster trucks nitro demo\MonsterTrucksNitro.exe”="C:\Program Files\Steam\steamapps\common\monster trucks nitro demo\MonsterTrucksNitro.exe:
:Enabled:Monster Trucks Nitro Demo”
“C:\Program Files\Steam\steamapps\fabwin1973\race07 demo\SteamProxy.exe”=“C:\Program Files\Steam\steamapps\fabwin1973\race07 demo\SteamProxy.exe::Enabled:RACE 07 Demo"
“C:\Program Files\Steam\steamapps\fabwin1973\race07 demo\RaceConfig_Steam.exe”="C:\Program Files\Steam\steamapps\fabwin1973\race07 demo\RaceConfig_Steam.exe:
:Enabled:RACE 07 Demo”
“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”=“C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager”
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager”
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”=“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application”
“C:\Program Files\Steam\steamapps\COMMON\smashingtoys_demo\SmashingToys.exe”=“C:\Program Files\Steam\steamapps\COMMON\smashingtoys_demo\SmashingToys.exe::Enabled:SmashingToys_Demo"
“C:\Program Files\iTunes\iTunes.exe”="C:\Program Files\iTunes\iTunes.exe:
:Enabled:iTunes”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:
:Enabled:Windows Live Messenger”
“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”=“C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager”
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager”
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”=“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application”

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1e4a9fd0-6adc-11de-9ed6-0016d348b339}]
shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

======List of files/folders created in the last 1 months======

2009-07-18 18:45:58 ----A---- C:\TB.txt
2009-07-18 18:45:32 ----D---- C:\ToolBar SD
2009-07-18 18:09:09 ----A---- C:\cleannavi.txt
2009-07-18 17:51:49 ----D---- C:\Program Files\trend micro
2009-07-18 17:51:47 ----D---- C:\rsit
2009-07-18 17:10:17 ----D---- C:\Program Files\RogueRemover FREE
2009-07-18 17:06:14 ----D---- C:\Documents and Settings\FABRICE WININGER\Application Data\Malwarebytes
2009-07-18 17:06:03 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2009-07-18 17:06:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-18 12:36:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-18 12:36:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-18 11:28:27 ----A---- C:\WINDOWS\system32\mspgw.exe
2009-07-15 19:07:48 ----HD---- C:\WINDOWS$NtUninstallKB973346$
2009-07-15 19:07:43 ----HD---- C:\WINDOWS$NtUninstallKB971633$
2009-07-15 19:03:46 ----HD---- C:\WINDOWS$NtUninstallKB961371$
2009-07-13 16:23:21 ----D---- C:\Program Files\FirefoxPortable
2009-07-13 10:57:41 ----A---- C:\WINDOWS\Jcmkr32.INI
2009-07-11 21:43:47 ----D---- C:\Documents and Settings\FABRICE WININGER\Application Data\vlc
2009-07-07 12:00:58 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt
2009-07-07 11:55:54 ----D---- C:\Documents and Settings\FABRICE WININGER\Application Data\Vodafone
2009-07-07 11:55:51 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-07-07 11:55:25 ----D---- C:\Documents and Settings\All Users\Application Data\Vodafone
2009-07-07 11:55:19 ----D---- C:\Program Files\Vodafone

======List of files/folders modified in the last 1 months======

2009-07-18 18:14:16 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-07-18 18:10:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-12 14:19:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-03-03 82380]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43520]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-04 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-16 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-27 108552]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 int15;int15; ??\C:\WINDOWS\system32\drivers\int15.sys []
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-05 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-05 55936]
R2 tvicport;tvicport; ??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; ??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-01-10 449888]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-04-27 29208]
R3 AVHybrid;AVHybrid service; C:\WINDOWS\system32\DRIVERS\AVHybrid.sys [2005-08-23 1024576]
R3 Cam5603D;Acer OrbiCam; C:\WINDOWS\System32\Drivers\BisonCam.sys [2006-06-30 775936]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-01-20 17408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-24 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-30 6250848]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-04 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-04 13056]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 11136]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-05-17 162560]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d’hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 a6nm2hzb;a6nm2hzb; C:\WINDOWS\system32\drivers\a6nm2hzb.sys []
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-04-27 29208]
S3 catchme;catchme; ??\C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 emAudio;PCTV EMP Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2007-08-07 23168]
S3 epindd;epindd; ??\C:\WINDOWS\system32\drivers\epindd.sys []
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 int15.sys;int15.sys; ??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2008-09-15 7680]
S3 mod7700;DiBcom DIB7700 based TV tuner device; C:\WINDOWS\System32\Drivers\mod7700.sys [2007-04-18 473728]
S3 MODRC;DiBcom Infrared Receiver; C:\WINDOWS\system32\DRIVERS\modrc.sys [2007-02-06 13440]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 32512]
S3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 psdfilter;psdfilter; ??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk; ??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USB28xxBGA;PCTV 320e Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-07 476288]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-07 38656]
S3 usbprint;Classe d’imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 VAGUSB;VAGUSB.SYS USB Driver; C:\WINDOWS\System32\Drivers\VAGUSB.sys [2005-12-15 34639]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-09-15 104960]
S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys [2008-09-15 110080]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-09-15 104960]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-09-15 104960]
S3 ZTEusbvoice;ZTE VoUSB Port; C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys [2008-09-15 104960]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Service d’application d’assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-05-11 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-27 298776]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-07-04 1368952]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2006-04-27 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2006-04-27 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2006-04-27 61440]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-26 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-30 168004]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-09-22 14336]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 gupdate1c9a6ebd8afaf4c;Service Google Update (gupdate1c9a6ebd8afaf4c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-17 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 vvdsvc;VJVodClientServices; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2008-01-09 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-03-15 81920]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Merci de ton aide.
Le rapport de genproc m’indique tout un processus à suivre qui rejoint celui que tu m’as dit de faire (toolbar,…) dois-je le refaire?


rapport hijack version2: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:44:09, on 18/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\mspgw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\FABRICE WININGER\Bureau\Sécurity\hijackthis_199\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Download\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mail.eu.sodexonet.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=htt

RE

Fais [/b]GenProc poste le rapport[b]

et ensuite

Désactive ton Antivirus et antispyware avant le scan :

==> Double clique sur l’icône ToolBar S&D sur le bureau

==>Sous Vista : clic droit -> Exécuter en tant qu’administrateur.

==>Choisi F pour français et valide
==>Au menu principal de ToolBar S&D choisi l’option 2 (Suppression)
==>Le menu démarrer et les icônes vont à nouveau disparaître… c’est normal.
-==>Le nettoyage va prendre quelques minutes…
==>Une fois l’opération terminée, le rapport de nettoyage s’ouvre
==>Pour les utilisateurs de Vista, ToolBar-SD se charge de désactiver le “Contrôle des comptes utilisateurs” (UAC), il va redémarrer l’ordinateur et réactiver l’UAC.

[b]Copier/coller le rapport

[/b]Réactive ton Antivirus et antispyware[b]

RAPPORT TOOLBAR:

-----------\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion™ 64 X2 Mobile Technology TL-50 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : FABRICE WININGER ( Administrator )
BOOT : Fail-safe with network boot
Antivirus : AVG Internet Security 8.5 (Activated)
Firewall : AVG Firewall 8.5 (Activated)
C:\ (Local Disk) - FAT32 - Total:53 Go (Free:5 Go)
D:\ (Local Disk) - FAT32 - Total:54 Go (Free:15 Go)
E:\ (CD or DVD)
G:\ (CD or DVD)

“C:\ToolBar SD” ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 18/07/2009|19:25 )

-----------\ SUPPRESSION

Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
Supprime! - C:\Program Files\DAEMON Tools Toolbar_DTLite.xml
Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\ Recherche de Fichiers / Dossiers …

-----------\ Extensions

(FABRICE WININGER) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(FABRICE WININGER) - {62760FD6-B943-48C9-AB09-F99C6FE96088} => ebaycompanion
(FABRICE WININGER) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Search Page”=“http://www.google.com
“Search Bar”=“http://www.google.com/ie
“Default_Search_URL”=“http://www.google.com/ie

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157

--------------------\ Recherche d’autres infections

Aucune autre infection trouvée !

1 - “C:\ToolBar SD\TB_1.txt” - 18/07/2009|18:47 - Option : [1]
2 - “C:\ToolBar SD\TB_2.txt” - 18/07/2009|19:27 - Option : [2]

-----------\ Fin du rapport a 19:27:10,57

RAPPORT HIJACK:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:15, on 18/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\mspgw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Download\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mail.eu.sodexonet.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM…\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM…\Run: [Manage Program Gateway] C:\WINDOWS\system32\mspgw.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr…
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un Favori de l’appareil mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com…
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - t.live.cctv.com…
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - www.tvucricket.com…
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1c9a6ebd8afaf4c) (gupdate1c9a6ebd8afaf4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe


End of file - 12294 bytes

RAPPORT GENPROC:

apport GenProc 2.605 [2] - 18/07/2009 à 19:39:16
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.5.1) [Navigateur par défaut]

~~ ECHEC DU TELECHARGEMENT DE MBR.EXE ~~

GenProc n’a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Etape 1/ Télécharge :

ToolsCleaner! pc-system.fr… (A.Rothstein & Dj QUIOU) sur ton Bureau.

Etape 2/

  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport C:\TCleaner.txt
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:).

Etape 3/

Poste un rapport Nod32 www.eset-nod32.fr… (il faut utiliser Internet Explorer)

  • coche toutes les cases à chaque fois, et lorsque c’est terminé, colle le rapport :
  • C:\Program Files\EsetOnlineScanner\log.txt

~~~~ INFORMATION COMPLEMENTAIRE ~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:26, on 18/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\mspgw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Download\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\FABRICE WININGER\Bureau\GenProc\outil\FABRICE WININGER_GenProc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mail.eu.sodexonet.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM…\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM…\Run: [Manage Program Gateway] C:\WINDOWS\system32\mspgw.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr…
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un Favori de l’appareil mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com…
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - t.live.cctv.com…
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - www.tvucricket.com…
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1c9a6ebd8afaf4c) (gupdate1c9a6ebd8afaf4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe


End of file - 12499 bytes


Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

~~ Fin à 19:40:40 ~~

je suis toujours infesté!!!

Re

Lances Hijackthis

Cliques sur==> Do a System Scan Only

coches ces Lignes
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com.
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - t.live.cctv.com

Fermes tes autres applications sauf Hijackthis bien sûr==> et Cliques sur Fix Checked

ensuite

désactive a TeaTimer qui ne sert à rien tu le laisseras [b]désactiver à l Avenir
Afficher d’abord le Mode Avancé dans Spybot
==>Options Avancées :
==>menu Mode, Mode Avancé.
Une colonne de menus apparaît dans la partie gauche :
==>cliquer sur Outils,
=>cliquer sur Résident,
==>Dans Résident :
==>décocher Résident “TeaTimer” pour le désactiver

aprés

[/b]Supprimes Bonjour [b]

  1. Démarrer > Exécuter > “%PROGRAMFILES%\Bonjour\mDNSResponder.exe” -remove
  2. Se rendre dans le dossier : C:\Program Files\Bonjour\
  3. Renommer “mdnsNSP.dll” en “mdnsNSP.bak”
  4. Redémarrer le PC
  5. Supprimer le dossier C:\Program Files\Bonjour

ou

Supprimes Bonjour automatiquement

Un utilitaire de suppression du service “Bonjour” a été crée par le projet Gizmo,

==>utilitaire de suppression du service “Bonjour”

fais ceci

Télécharges et installes Ccleaner==> ne le télécharge pas si tu l as déja

==>Ccleaner

Une fois sur le bureau, clic sur l’install de CCleaner.
-> Mais avant de cliquer sur le bouton “installer”, décoche toutes les “options supplémentaires”.(install de la barre yahoo,etc…)

–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

Redémarres ton Pc-

et

tu te rends ici–> Bitdefender Online scanner -->Uniquement avec–> Explorer

–>Bitdefender Online scanner

–> fermes tes autres applications et [/b]désactives ton Anivirus et antispyware Temporairement[b]

En bas, à gauche de la fenêtre, cliquez sur ->Analyse en Ligne

Dans la fenêtre suivante, cliquez sur -> J’accepte

acceptez l’installation du “Contrôle ActiveX”

–> Une petite fenêtre s’ouvre, cliquez sur -> Installer
–> La fenêtre change encore, cliquez sur -> Démarrez l’analyse
–>Les signatures se chargent et BitDefender SCAN ONLINE démarre l’analyse
Une fois le scan terminé, dans cette fenêtre cliquez sur -> Cliquer pour exporter le rapport d’analyse
–> Choisir le -> Bureau (sur la gauche)

–> En > Type : choisir -> fichier HTML (*.html)
–> Cliques sur -> Enregistrer

[/b]N oublies pas de réactiver Ton Antivirus et antispyware[b]

poste le rapport ou sinon tu me diras ce qui à été supprimé(s)

et reposte un log Hijackthis

merci beaucoup de ton aide.
Alors j’ai effectué les suppression dans hijack comme tu le l’as dis.
j’ai supprimer “bonjour” et désactivé teatimer ds spybot.
J’utilise déja CCleaner donc ok. mais j’ai fais 2 passes sur le registre avec.
IL me reste donc juste à utiliser bitdefender. Cependant je n’ai plus actuellement de fenêtre intempestive qui s’ouvre.
Donc je pense que je vais voir cela demain.

En attendant, encore merci pour ton aide très précieuse. Je te tiens au courant demain si tout fonctionne.
Bonne soirée

Re

Pas de probs

Fais bitedefender ==> poste le rapport ==> passe un coup de Ccleaner =>et refais un RSIT

Disgrâce!!!
J’allume mon pc ce matin et j’ai encore ces fenêtre qui s’ouvre!!! :@

Je vais donc faire bitdefender!

Salut

Fais Bitdefneder Online Scanner ==>poste le rapport

Fais ceci aprés

Télécharge Navilog1

==>navilog1

==> Double clique sur navilog1.exe pour lancer l’ installation.

==> Une fois l’ installation terminée, le fix s’ exécutera automatiquement.

(Si ce n’est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

==> Laisse-toi guider et au menu principal, choisis Mode 1 (Recherche/Désinfection auto…)

==>et valide.

==> Patiente jusqu’ au message : " Analyse terminée le …"

==>Appuie sur une touche comme demandé, le Bloc-notes va s’ ouvrir.

Copie-colle l’ intégralité du rapport ici et referme le Bloc-notes.

(Le rapport est en outre sauvegardé à la racine du disque : fixnavi.txt)

ensuite passe Ccleaner et Poste un nouveau Log Hjackthis

Le rapport bitdefender annonce aucun virus!!!
BitDefender Online Scanner

Rapport d’analyse généré à: Sun, Jul 19, 2009 - 09:23:01

Voie d’analyse: C:;D:;E:;G:;

Statistiques

Temps

00:37:02

Fichiers

95005

Directoires

20013

Secteurs de boot

0

Archives

1945

Paquets programmes

8954

Résultats

Virus identifiés

0

Fichiers infectés

0

Fichiers suspects

0

Avertissements

0

Désinfectés

0

Fichiers effacés

0

Info sur les moteurs

Définition virus

3774143

Version des moteurs

AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Analyse des plugins

17

Archive des plugins

45

Unpack des plugins

7

E-mail plugins

6

Système plugins

4

Paramètres d’analyse

Première action

Désinfecté

Seconde Action

Supprimé

Heuristique

Oui

Acceptez les avertissements

Oui

Extensions analysées

exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions

Analyse d’emails

Oui

Analyse des Archives

Oui

Analyser paquets programmes

Oui

Analyse des fichiers

Oui

Analyse de boot

Oui

Fichier analysé

Statut

Aucun virus trouvé.


Je passe donc à navilog


rapport navilog: Fix Navipromo version 4.0.1 commencé le 19/07/2009 9:27:22,37

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion™ 64 X2 Mobile Technology TL-50 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : FABRICE WININGER ( Administrator )
BOOT : Normal boot

Antivirus : AVG Internet Security 8.5 (Activated)
Firewall : AVG Firewall 8.5 (Activated)

C:\ (Local Disk) - FAT32 - Total:53 Go (Free:3 Go)
D:\ (Local Disk) - FAT32 - Total:54 Go (Free:15 Go)
E:\ (CD or DVD)
G:\ (CD or DVD)

Recherche executée en mode normal

Aucune Infection Navipromo/Egdaccess trouvé

*** Scan terminé 19/07/2009 9:29:10,14 ***

rapport hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:04, on 19/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\mspgw.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Download\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mail.eu.sodexonet.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM…\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM…\Run: [Manage Program Gateway] C:\WINDOWS\system32\mspgw.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr…
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un Favori de l’appareil mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com…
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - www.tvucricket.com…
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1c9a6ebd8afaf4c) (gupdate1c9a6ebd8afaf4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe


End of file - 10922 bytes

Une question liée.
je viens de lancer spybot qui me trouve toujours hupigon13 et une 2ème infection dans le registre.
Or je n’arrive pas à accéder à regedit “accès refusé”!!! Est-ce normal???

rapport spybot:
Microsoft.Windows.Security.InternetExplorer: [SBI $366713D4] Réglages (Modification du Registre, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

Hupigon13: [SBI $D5A7DCB6] Réglages (Clé du Registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

Right Media: Cookie traceur (Internet Explorer: FABRICE WININGER) (Cookie, nothing done)

— Spybot - Search & Destroy version: 1.6.2 (build: 20090126) —

2009-07-18 unins000.exe (51.49.0.0)
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 SDShred.exe (1.0.2.5)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-26 advcheck.dll (1.6.2.15)
2009-01-26 SDHelper.dll (1.6.2.14)
2009-01-26 Tools.dll (2.1.6.10)
2008-06-14 DelZip179.dll (1.79.11.1)
2007-04-02 aports.dll (2.1.0.0)
2008-06-19 sqlite3.dll
2009-01-22 Includes\Revision.sbi ()
2009-01-22 Includes\Cookies.sbi (
)
2009-05-19 Includes\Dialer.sbi ()
2009-01-22 Includes\HeavyDuty.sbi (
)
2009-05-26 Includes\Hijackers.sbi ()
2009-06-23 Includes\Keyloggers.sbi (
)
2004-11-29 Includes\LSP.sbi ()
2009-06-30 Includes\Malware.sbi (
)
2009-03-25 Includes\PUPS.sbi ()
2009-01-13 Includes\Security.sbi (
)
2008-06-03 Includes\Spybots.sbi ()
2009-04-07 Includes\Spyware.sbi (
)
2009-05-19 Includes\Adware.sbi ()
2009-06-08 Includes\Tracks.uti
2009-07-07 Includes\Trojans.sbi (
)
2009-06-02 Includes\DialerC.sbi ()
2009-07-07 Includes\HijackersC.sbi (
)
2009-07-07 Includes\KeyloggersC.sbi ()
2009-07-07 Includes\MalwareC.sbi (
)
2009-07-07 Includes\PUPSC.sbi ()
2009-06-02 Includes\SecurityC.sbi (
)
2008-06-03 Includes\SpybotsC.sbi ()
2009-07-07 Includes\SpywareC.sbi (
)
2009-06-02 Includes\AdwareC.sbi ()
2009-07-08 Includes\TrojansC.sbi (
)
2007-12-24 Plugins\TCPIPAddress.dll
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll

Re

Télécharge OTMoveIt3 (de Old_Timer) sur le bureau :

==>OTMovelt3

Double-clique sur OTMoveIt3.exe sur le bureau

  • Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée

  • Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

==>http://i28.tinypic.com/2h6zrjl.jpg

  • Clique sur MoveIt! pour lancer la suppression.
  • Ferme OTMoveIt3

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTMoveIt qui se trouve dans C:_OTMoveIt\MovedFiles.

ensuite

Mets à jour Malwarebytes

Connectes les supports amovibles (clés usb etc.) avant de lancer l’analyse

et ensuite

Redémarre en “Mode sans échec”

tapote sur la touche F8 jusqu’à l’affichage du menu des options avancées de Windows, et sélectionne “Mode sans échec”.
Choisis ta session habituelle

Lances–> Malwarebytes (MBAM)

  • Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”
  • Sélectionnes tes disques durs" puis clique sur “Lancer l’examen”
  • A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
  • Suppression des éléments détectés --> IMPORTANT cliques sur Supprimer la sélection–>a faire
  • S’il t’ es demandé de redémarrer, clique sur "oui "

aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

ensuite

désactive ton Anti-virus le temps de faire ces manipulations.

Télécharge Winsockxpfix

sur ton bureau sans l executer au cas tu en aurai besoin aprés

==>Winsockxpfix

ensuite

Télécharge Combofix

==>Combofix

==>sur ton Bureau(et pas ailleurs) et renomme le avant qu’il vienne sur ton bureau
pour ce faire fait un clic droit sur Combofix.exe ,choisis “enregistrer la cible du lien sous…” et renomme le en==>fabwin.exe
==> et pour l’emplacement choisis ton bureau et pas ailleurs et cliques sur “enregistrer”

Double clique==> fabwin.exe ==>(Fichier renommé)
Tapes sur la touche1 pour démarrer le scan et suis les instructions indiquées par combofix.
Lorsque le scan sera terminé, un rapport apparaîtra. Copie/colle ce rapport ici même.
==>Le rapport se trouve également ici : C:\Combofix.txt
==> tu ne devras pas cliquer dans la fenêtre de Combofix pendant l’analyse ; ceci provoquerait le blocage du programme.

==> N oublies pas ==>réactives ton Antivirus

PS
si ta connexion internet n’est plus active après le redémarrage

Fait un double clic sur le fichier de WinsockXPFix
clique sur “Fix” au cas faudra faire une réparation manuelle