Pb fenetre pub intempestive

RAPPORT OTMOVEIT:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c: \ windows \ system32 \ mspgw.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 208896 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 85101612 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 246162 bytes

User: FABRICE WININGER
->Temp folder emptied: 1111 bytes
->Temporary Internet Files folder emptied: 8306829 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 34289080 bytes
->Google Chrome cache emptied: 1464455 bytes
->Apple Safari cache emptied: 7614670 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2833408 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 133,63 mb

OTM by OldTimer - Version 3.0.0.5 log created on 07192009_112523

Files moved on Reboot…

Registry entries deleted on Reboot…

rapport malwarebyte’s:
Malwarebytes’ Anti-Malware 1.39
Version de la base de données: 2462
Windows 5.1.2600 Service Pack 3

19/07/2009 12:16:21
mbam-log-2009-07-19 (12-16-21).txt

Type de recherche: Examen complet (C:|D:|)
Eléments examinés: 207624
Temps écoulé: 20 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

rapport combofix:
ComboFix 09-07-14.08 - FABRICE WININGER 19/07/2009 12:46.1.2 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1500 [GMT 2:00]
Running from: c:\documents and settings\FABRICE WININGER\Bureau\fabwin.exe
AV: AVG Internet Security On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall enabled {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\emMON.exe
c:\windows\Installer\166bc6.msp
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-19 06:40 . 2009-07-19 06:40 -------- d-----w- c:\windows\BDOSCAN8
2009-07-18 16:45 . 2009-07-18 16:45 -------- d-----w- C:\ToolBar SD
2009-07-18 15:51 . 2009-07-18 15:51 -------- d-----w- c:\program files\trend micro
2009-07-18 15:51 . 2009-07-18 15:51 -------- d-----w- C:\rsit
2009-07-18 15:10 . 2009-07-18 15:10 -------- d-----w- c:\program files\RogueRemover FREE
2009-07-18 15:06 . 2009-07-18 15:06 -------- d-----w- c:\documents and settings\FABRICE WININGER\Application Data\Malwarebytes
2009-07-18 15:06 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-18 15:06 . 2009-07-18 15:06 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-07-18 15:06 . 2009-07-18 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-18 15:06 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 10:36 . 2009-07-18 10:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-18 10:36 . 2009-07-18 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-18 09:28 . 2009-07-18 09:28 16896 ----a-w- c:\windows\system32\mspgw.exe
2009-07-18 06:45 . 2009-07-18 06:45 -------- d-----w- c:\documents and settings\FABRICE WININGER\Local Settings\Application Data\Temp
2009-07-13 14:23 . 2009-07-13 14:23 -------- d-----w- c:\program files\FirefoxPortable
2009-07-11 19:43 . 2009-07-11 19:43 -------- d-----w- c:\documents and settings\FABRICE WININGER\Application Data\vlc
2009-07-07 09:56 . 2008-09-15 12:26 104960 ----a-r- c:\windows\system32\drivers\zteusbvoice.sys
2009-07-07 09:56 . 2008-09-15 12:26 110080 ----a-r- c:\windows\system32\drivers\ZTEusbnet.sys
2009-07-07 09:56 . 2008-09-15 12:26 104960 ----a-r- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-07-07 09:56 . 2008-09-15 12:26 104960 ----a-r- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-07-07 09:56 . 2008-09-15 12:26 104960 ----a-r- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-07-07 09:55 . 2009-07-07 09:55 -------- d-----w- c:\documents and settings\FABRICE WININGER\Application Data\Vodafone
2009-07-07 09:55 . 2009-07-07 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-07-07 09:55 . 2009-07-07 09:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone
2009-07-07 09:55 . 2008-09-15 12:26 7680 ----a-r- c:\windows\system32\drivers\massfilter.sys
2009-07-07 09:55 . 2009-07-07 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
2009-07-07 09:55 . 2009-07-07 09:55 -------- d-----w- c:\program files\Vodafone
2009-07-07 09:55 . 2009-07-07 09:55 -------- d-----w- c:\documents and settings\FABRICE WININGER\Local Settings\Application Data{BAD7C248-517D-4CE1-B65A-829C01BEFDB1}
2009-06-22 17:42 . 2009-06-22 17:42 -------- d-----w- c:\documents and settings\FABRICE WININGER\Local Settings\Application Data\Zattoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 17:34 . 2006-08-24 11:45 95594 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-18 17:34 . 2006-08-24 11:45 537790 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-04 16:30 . 2009-02-27 15:26 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-18 17:38 . 2009-06-18 17:38 -------- d-----w- c:\program files\Makayama Interactive
2009-06-16 15:22 . 2009-02-27 15:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:40 . 2004-08-05 03:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 03:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 18:40 . 2009-03-09 18:36 625488 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-09 16:23 . 2009-06-09 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-09 16:23 . 2009-06-09 16:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-04 17:38 . 2009-06-04 17:38 -------- d-----w- c:\program files\iPod
2009-06-04 17:38 . 2009-06-04 17:38 -------- d-----w- c:\program files\iTunes
2009-06-04 17:37 . 2009-06-04 17:37 -------- d-----w- c:\program files\QuickTime
2009-06-04 17:31 . 2009-06-04 17:31 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 19:10 . 2004-08-05 03:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 19:12 . 2009-06-02 19:12 -------- d-----w- c:\documents and settings\FABRICE WININGER\Application Data\U3
2009-06-02 11:38 . 2009-06-10 06:25 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-21 13:59 . 2009-05-21 13:59 1017344 ----a-w- c:\windows\system32\libeay32.dll
2009-05-21 13:59 . 2009-05-21 13:59 200704 ----a-w- c:\windows\system32\ssleay32.dll
2009-05-13 05:04 . 2006-01-09 18:02 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 13:12 . 2004-11-18 08:42 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-09 16:29 . 2009-02-24 06:18 107192 ----a-w- c:\documents and settings\FABRICE WININGER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 15:33 . 2004-08-05 03:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-28 16:08 . 2009-04-28 16:08 116048 ----a-w- c:\documents and settings\All Users\Application Data\Skyline\TEDetect.dll
2009-04-27 15:52 . 2009-02-27 15:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-27 15:51 . 2009-02-27 15:27 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-27 15:51 . 2009-02-27 15:25 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-04-27 15:51 . 2009-02-27 15:25 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-04-27 15:51 . 2009-02-27 15:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-22 17:13 . 2009-06-18 20:34 98304 ----a-w- c:\documents and settings\FABRICE WININGER\Application Data\Mozilla\Firefox\Profiles\fbiayap8.default\extensions{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-04-22 17:13 . 2009-06-18 20:34 77824 ----a-w- c:\documents and settings\FABRICE WININGER\Application Data\Mozilla\Firefox\Profiles\fbiayap8.default\extensions{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-07-18 06:49 . 2009-02-24 15:44 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{A3BC75A2-1F87-4686-AA43-5347D756017C}”= “c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:08 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“H/PC Connection Agent”=“c:\program files\Microsoft ActiveSync\wcescomm.exe” [2006-11-13 1289000]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“preload”=“c:\windows\RUNXMLPL.exe” [2005-05-19 32768]
“AzMixerSel”=“c:\program files\Realtek\InstallShield\AzMixerSel.exe” [2005-06-11 53248]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2006-05-25 786521]
“IMJPMIG8.1”=“c:\windows\IME\imjp8_1\IMJPMIG.EXE” [2004-08-05 208952]
“LManager”=“c:\progra~1\LAUNCH~1\LManager.exe” [2006-08-08 634880]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-01-30 86016]
“AVG8_TRAY”=“c:\progra~1\AVG\AVG8\avgtray.exe” [2009-06-09 1948440]
“ePower_DMC”=“c:\acer\Empowering Technology\ePower\ePower_DMC.exe” [2006-07-18 438272]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-01-30 13594624]
“MobileConnect”=“c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe” [2008-09-22 2073088]
“Manage Program Gateway”=“c:\windows\system32\mspgw.exe” [2009-07-18 16896]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2009-05-26 413696]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” - c:\windows\KHALMNPR.Exe [2007-11-29 55824]

c:\documents and settings\All Users\Menu D?marrer\Programmes\D?marrage
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 789008]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 10:30 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-27 15:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
“Debugger”=0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
“Debugger”=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^officejet 6100.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\officejet 6100.lnk
backup=c:\windows\pss\officejet 6100.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Streaming Server.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Streaming Server.lnk
backup=c:\windows\pss\Pinnacle Streaming Server.lnkCommon Startup

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Acer\Acer Arcade\PCMService.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\Windows Live\Messenger\wlcsdk.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Program Files\AVG\AVG8\avgam.exe”=
“c:\Program Files\AVG\AVG8\avgupd.exe”=
“c:\Program Files\AVG\AVG8\avgnsx.exe”=
“c:\Program Files\Steam\steamapps\common\monster trucks nitro demo\MonsterTrucksNitro.exe”=
“c:\Program Files\Steam\steamapps\fabwin1973\race07 demo\SteamProxy.exe”=
“c:\Program Files\Steam\steamapps\fabwin1973\race07 demo\RaceConfig_Steam.exe”=
“c:\program files\Microsoft ActiveSync\rapimgr.exe”= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
“c:\program files\Microsoft ActiveSync\wcescomm.exe”= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
“c:\program files\Microsoft ActiveSync\WCESMgr.exe”= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
“c:\Program Files\Steam\steamapps\COMMON\smashingtoys_demo\SmashingToys.exe”=
“c:\Program Files\iTunes\iTunes.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27/02/2009 17:27 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27/02/2009 17:26 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27/02/2009 17:27 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/02/2009 17:26 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [27/04/2009 17:51 1368952]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [05/08/2004 05:00 14336]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [22/09/2008 13:40 14336]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [27/02/2009 17:25 29208]
S2 gupdate1c9a6ebd8afaf4c;Service Google Update (gupdate1c9a6ebd8afaf4c);c:\program files\Google\Update\GoogleUpdate.exe [17/03/2009 11:33 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [27/02/2009 17:25 29208]
S3 AVHybrid;AVHybrid service;c:\windows\system32\drivers\AVHybrid.sys [04/04/2009 20:34 1024576]
S3 epindd;epindd;c:\windows\system32\drivers\EPINDD.SYS [24/02/2009 07:11 8448]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07/07/2009 11:55 7680]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [24/02/2009 19:23 13440]
S3 VAGUSB;VAGUSB.SYS USB Driver;c:\windows\system32\drivers\VAGUSB.sys [15/12/2005 15:27 34639]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [07/07/2009 11:56 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [07/07/2009 11:56 104960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder

2009-07-19 c:\windows\Tasks\Google Software Updater.job

  • c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-02 05:48]

2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job

  • c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-06-14 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF236112486.job

  • c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-26 23:46]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

  • c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 09:33]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

  • c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 09:33]

2009-07-19 c:\windows\Tasks\User_Feed_Synchronization-{0575D345-112F-4C43-AB4D-04B92B393531}.job

  • c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
        • ORPHANS REMOVED - - - -

HKCU-Run-PMCRemote - (no file)

.
------- Supplementary Scan -------
.
uStart Page = mail.eu.sodexonet.com…
uDefault_Search_URL = www.google.com…
uSearchURL,(Default) = www.google.com…
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - www.bitdefender.fr…
FF - ProfilePath - c:\documents and settings\FABRICE WININGER\Application Data\Mozilla\Firefox\Profiles\fbiayap8.default
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - news.google.fr…
FF - component: c:\documents and settings\FABRICE WININGER\Application Data\Mozilla\Firefox\Profiles\fbiayap8.default\extensions{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\FABRICE WININGER\Application Data\Mozilla\Firefox\Profiles\fbiayap8.default\extensions{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.enforce_same_site_origin”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.cache_size”, 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.ogg.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.wave.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.autoplay.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.urlbar.autocomplete.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“capability.policy.mailnews.*.wholeText”, “noAccess”);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“dom.storage.default_quota”, 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“content.sink.event_probe_rate”, 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.http.prompt-temp-redirect”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“layout.css.dpi”, -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“layout.css.devPixelsPerPx”, -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“gestures.enable_single_finger_input”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“dom.max_chrome_script_run_time”, 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.tcp.sendbuffer”, 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“geo.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.remember_cert_checkbox_default_setting”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr”, “moz35”);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-cjkt”, “moz35”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.blocklist.level”, 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.urlbar.restrict.typed”, “~”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.urlbar.default.behavior”, 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.history”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.formdata”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.passwords”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.downloads”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.cookies”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.cache”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.sessions”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.offlineApps”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.siteSettings”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.history”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.formdata”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.passwords”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.downloads”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.cookies”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.cache”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.sessions”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.offlineApps”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.siteSettings”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.sanitize.migrateFx3Prefs”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.ssl_override_behavior”, 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“security.alternate_certificate_error_page”, “certerror”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.privatebrowsing.autostart”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.privatebrowsing.dont_prompt_on_enter”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“geo.wifi.uri”, “https://www.google.com/loc/json”);
.


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-07-19 12:54
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“cd042efbbd7f7af1647644e76e06692b”=hex:c8,28,51,af,b0,29,a3,98,ef,c3,0c,a1,fc,
a9,45,1e,c8,28,51,af,b0,29,a3,98,c3,59,af,6b,eb,14,7d,08,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“bca643cdc5c2726b20d2ecedcc62c59b”=hex:6a,9c,d6,61,af,45,84,18,0d,30,f5,a6,9e,
c5,fe,82,71,3b,04,66,8b,46,0d,96,f8,fd,a1,41,f8,b0,57,4c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“2c81e34222e8052573023a60d06dd016”=hex:25,da,ec,7e,55,20,c9,26,39,1e,a4,2a,94,
87,29,ac,25,da,ec,7e,55,20,c9,26,c3,57,fc,71,7b,ea,9a,31,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“2582ae41fb52324423be06337561aa48”=hex:86,8c,21,01,be,91,eb,e7,58,fd,f4,5d,bf,
96,2c,e7,3e,1e,9e,e0,57,5a,93,61,0a,69,20,ea,17,30,b2,70,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“caaeda5fd7a9ed7697d9686d4b818472”=hex:cd,44,cd,b9,a6,33,6c,cd,be,85,a5,5f,b7,
69,f2,cf,cd,44,cd,b9,a6,33,6c,cd,35,64,27,82,fd,66,b9,20,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“a4a1bcf2cc2b8bc3716b74b2b4522f5d”=hex:b0,18,ed,a7,3f,8d,37,a4,88,45,6d,6a,c0,
6d,43,99,b0,18,ed,a7,3f,8d,37,a4,bb,06,da,9a,4a,19,64,3a,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“4d370831d2c43cd13623e232fed27b7b”=hex:fb,a7,78,e6,12,2f,9a,ea,6e,6d,57,b6,08,
c5,29,6a,31,77,e1,ba,b1,f8,68,02,3b,e1,2a,cf,22,2e,94,4a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“1d68fe701cdea33e477eb204b76f993d”=hex:01,3a,48,fc,e8,04,4a,f1,a4,52,54,2b,fc,
46,29,64,83,6c,56,8b,a0,85,96,ab,06,91,0d,90,ff,95,9e,98,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“1fac81b91d8e3c5aa4b0a51804d844a3”=hex:51,fa,6e,91,28,9e,14,cc,60,c5,89,0c,51,
b9,80,3a,51,fa,6e,91,28,9e,14,cc,7a,10,6d,f1,bf,2d,75,64,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“f5f62a6129303efb32fbe080bb27835b”=hex:3d,ce,ea,26,2d,45,aa,78,d2,a0,3b,4f,9b,
21,f5,6b,b1,cd,45,5a,a8,c4,f8,b9,fb,51,2a,2c,2d,d7,43,ab,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“fd4e2e1a3940b94dceb5a6a021f2e3c6”=hex:f8,31,0f,a9,5f,a0,ec,fb,38,13,84,7d,5c,
96,72,96,e3,0e,66,d5,eb,bc,2f,6b,3c,52,60,12,e4,e7,7e,93,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“8a8aec57dd6508a385616fbc86791ec2”=hex:05,73,21,dd,54,d8,4a,c5,be,93,e3,76,f6,
65,4c,9b,fa,ea,66,7f,d4,3b,6b,70,8f,b1,69,07,cb,03,70,bb,6c,43,2d,1e,aa,22,
.
--------------------- DLLs Loaded Under Running Processes ---------------------

              • ‘winlogon.exe’(1520)
                c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
                c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll

              • ‘explorer.exe’(3952)
                c:\program files\Logitech\SetPoint\lgscroll.dll
                c:\progra~1\WINDOW~2\wmpband.dll
                c:\acer\Empowering Technology\ePower\SysHook.dll
                c:\windows\system32\eappprxy.dll
                c:\windows\system32\webcheck.dll
                c:\windows\system32\WPDShServiceObj.dll
                c:\windows\system32\PortableDeviceTypes.dll
                c:\windows\system32\PortableDeviceApi.dll
                .
                ------------------------ Other Running Processes ------------------------
                .
                c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
                c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
                c:\program files\AVG\AVG8\AVGWDSVC.EXE
                c:\program files\AVG\AVG8\AVGFWS8.EXE
                c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
                c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
                c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
                c:\program files\JAVA\JRE6\BIN\JQS.EXE
                c:\program files\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
                c:\windows\SYSTEM32\NVSVC32.EXE
                c:\program files\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
                c:\program files\GOOGLE\UPDATE\1.2.183.7\GOOGLECRASHHANDLER.EXE
                c:\windows\SYSTEM32\SEARCHINDEXER.EXE
                c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
                c:\progra~1\AVG\AVG8\avgam.exe
                c:\program files\AVG\AVG8\AVGRSX.EXE
                c:\progra~1\AVG\AVG8\avgnsx.exe
                c:\windows\system32\wscntfy.exe
                c:\windows\system32\wbem\wmiapsrv.exe
                c:\windows\SYSTEM32\RUNDLL32.EXE
                c:\progra~1\MI3AA1~1\rapimgr.exe
                c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
                c:\windows\system32\wbem\unsecapp.exe
                c:\program files\Internet Explorer\iexplore.exe
                c:\program files\Internet Explorer\iexplore.exe
                .


.
Completion time: 2009-07-19 12:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 10:59

Pre-Run: 3 370 582 016 octets libres
Post-Run: 3 243 573 248 octets libres

413 — E O F — 2009-07-15 17:08


j'ai toujours ces fenêtres intempestives!!! :@:@:@

Ok

1 suppression avec MBAM
et COMBOFIX

((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ( autres Suppressions)
.

c:\windows\emMON.exe
c:\windows\Installer\166bc6.msp
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\install.exe
je regarde ce soir ceci

tu fais ceci

telecharge ATF-Cleaner

==>http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25

fais un nettoyage

Tutoriel==>http://b.marlow.free.fr/atf-cleaner.html

ATF-Cleaner

==>[ATF-Cleaner[/url]]www.atribune.org…]( Tutoriel ATF -Cleaner

Tutoriel

==>[url=http://www.dualforum.com/viewtopic15681.html)

et tu postes [b]deux nouveaux logs RSIT (log txt et infos txt ) si tu en obtiens que un supprimes RSIT tu le télécharges à nouveau

et je regarde ce soir et te tiens au courant

ok je vais manger et je m’en occupe!!
encore merci pour ton aide

Pas de probs fabwin

fais tout ceci

tu pourras également en attendant

telecharges SUPERAntiSpyware (free)

==> SUPERAntiSpyware

installes + mise à jour

fais une analyse compléte + suppression(s)

je te conseille également de changer d Antivirus plus léger que AVG

fais dans l ordre si tu es décidé à toi de voir

  1. telecharge ==>Avira AntiVir Personal Free 9.0.0.65

==>http://www.clubic.com/lancer-le-telechargement-253562-0-avira-antivir-personal-free.html

==> IMPORTANT sans l EXECUTER pour l instant

  1. désinstalles AVG

“Démarrer” > “Tous les programmes” > “AVG8” > “Unistall AVG”

passes un coup cet utilitaire AVG Remover

==>AVG Remover

  1. passe un coup de Ccleaner

  2. REDEMARRES ton PC

  3. installes Avira AntiVir Personal + mises à jour

et tu feras une analyse et poste le rapport

@+ cricri58

rapport rsit:

Logfile of random’s system information tool 1.06 (written by random/random)
Run by FABRICE WININGER at 2009-07-19 14:18:43
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (5%) free of 55 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:18:59, on 19/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\mspgw.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\FABRICE WININGER\Bureau\RSIT.exe
D:\Download\FABRICE WININGER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mail.eu.sodexonet.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM…\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM…\Run: [Manage Program Gateway] C:\WINDOWS\system32\mspgw.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr…
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un Favori de l’appareil mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com…
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - www.tvucricket.com…
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1c9a6ebd8afaf4c) (gupdate1c9a6ebd8afaf4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe


End of file - 10991 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1236112486.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{0575D345-112F-4C43-AB4D-04B92B393531}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-15 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-26 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“preload”=C:\Windows\RUNXMLPL.exe [2005-05-19 32768]
“AzMixerSel”=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
“IMJPMIG8.1”=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
“LManager”=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-08-08 634880]
“NvMediaCenter”=C:\WINDOWS\system32\NvMcTray.dll [2009-01-30 86016]
“Kernel and Hardware Abstraction Layer”=C:\WINDOWS\KHALMNPR.EXE [2007-11-29 55824]
“AVG8_TRAY”=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-09 1948440]
“ePower_DMC”=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-07-18 438272]
“NvCplDaemon”=C:\WINDOWS\system32\NvCpl.dll [2009-01-30 13594624]
“MobileConnect”=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-09-22 2073088]
“Manage Program Gateway”=C:\WINDOWS\system32\mspgw.exe [2009-07-18 16896]
“QuickTime Task”=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“PMCRemote”= []
“H/PC Connection Agent”=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
“ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-06-07 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-07-18 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmOn HDi Player]
C:\Program Files\FilmOn HDi Player\FilmOn HDi Player.exe [2009-07-02 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matchlock Scheduling]
C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\Monitor.exe [2005-06-09 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO4Ut]
C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe [2004-03-03 252416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2006-05-15 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-01-30 13594624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Acer\Acer Arcade\PCMService.exe [2006-04-27 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe [2007-09-27 109640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-06-14 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-26 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Remote Control Center]
C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\RMC.exe [2005-05-28 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk]
C:\Acer\EMPOWE~1\ACEREM~1.EXE [2006-06-13 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe [2002-06-27 323646]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^officejet 6100.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe [2002-06-27 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Streaming Server.lnk]
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\STRMSE~1\STRMSE~1.EXE [2007-09-21 577536]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-04-27 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2008-01-09 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=323
“NoDriveAutoRun”=67108863
“NoDrives”=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“HonorAutoRunSetting”=
“NoDriveAutoRun”=
“NoDriveTypeAutoRun”=
“NoDrives”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Acer\Acer Arcade\PCMService.exe”="C:\Program Files\Acer\Acer Arcade\PCMService.exe:
:Enabled:CyberLink PowerCinema Resident Program"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:
:Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:
:Enabled:Microsoft Office Outlook”
“C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe”=“C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server”
“C:\Program Files\AVG\AVG8\avgam.exe”=“C:\Program Files\AVG\AVG8\avgam.exe::Enabled:avgam.exe"
“C:\Program Files\AVG\AVG8\avgupd.exe”="C:\Program Files\AVG\AVG8\avgupd.exe:
:Enabled:avgupd.exe”
“C:\Program Files\AVG\AVG8\avgnsx.exe”=“C:\Program Files\AVG\AVG8\avgnsx.exe::Enabled:avgnsx.exe"
“C:\Program Files\Steam\steamapps\common\monster trucks nitro demo\MonsterTrucksNitro.exe”="C:\Program Files\Steam\steamapps\common\monster trucks nitro demo\MonsterTrucksNitro.exe:
:Enabled:Monster Trucks Nitro Demo”
“C:\Program Files\Steam\steamapps\fabwin1973\race07 demo\SteamProxy.exe”=“C:\Program Files\Steam\steamapps\fabwin1973\race07 demo\SteamProxy.exe::Enabled:RACE 07 Demo"
“C:\Program Files\Steam\steamapps\fabwin1973\race07 demo\RaceConfig_Steam.exe”="C:\Program Files\Steam\steamapps\fabwin1973\race07 demo\RaceConfig_Steam.exe:
:Enabled:RACE 07 Demo”
“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”=“C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager”
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager”
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”=“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application”
“C:\Program Files\Steam\steamapps\COMMON\smashingtoys_demo\SmashingToys.exe”=“C:\Program Files\Steam\steamapps\COMMON\smashingtoys_demo\SmashingToys.exe::Enabled:SmashingToys_Demo"
“C:\Program Files\iTunes\iTunes.exe”="C:\Program Files\iTunes\iTunes.exe:
:Enabled:iTunes”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:
:Enabled:Windows Live Messenger”
“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”=“C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager”
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager”
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”=“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application”

======List of files/folders created in the last 1 months======

2009-07-19 13:27:54 ----SHD---- C:\Recycled
2009-07-19 12:59:04 ----A---- C:\ComboFix.txt
2009-07-19 12:41:20 ----A---- C:\WINDOWS\zip.exe
2009-07-19 12:41:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-19 12:41:20 ----A---- C:\WINDOWS\SWSC.exe
2009-07-19 12:41:20 ----A---- C:\WINDOWS\SWREG.exe
2009-07-19 12:41:20 ----A---- C:\WINDOWS\sed.exe
2009-07-19 12:41:20 ----A---- C:\WINDOWS\PEV.exe
2009-07-19 12:41:20 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-19 12:41:20 ----A---- C:\WINDOWS\grep.exe
2009-07-19 12:41:16 ----D---- C:\WINDOWS\ERDNT
2009-07-19 12:39:15 ----D---- C:\Qoobox
2009-07-19 11:51:19 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-19 08:40:21 ----D---- C:\WINDOWS\BDOSCAN8
2009-07-18 21:11:58 ----SHD---- C:\Config.Msi
2009-07-18 19:31:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-18 18:45:58 ----A---- C:\TB.txt
2009-07-18 18:45:32 ----D---- C:\ToolBar SD
2009-07-18 18:09:09 ----A---- C:\cleannavi.txt
2009-07-18 17:51:49 ----D---- C:\Program Files\trend micro
2009-07-18 17:51:47 ----D---- C:\rsit
2009-07-18 17:10:17 ----D---- C:\Program Files\RogueRemover FREE
2009-07-18 17:06:14 ----D---- C:\Documents and Settings\FABRICE WININGER\Application Data\Malwarebytes
2009-07-18 17:06:03 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2009-07-18 17:06:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-18 12:36:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-18 12:36:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-18 11:28:27 ----A---- C:\WINDOWS\system32\mspgw.exe
2009-07-15 19:07:48 ----HD---- C:\WINDOWS$NtUninstallKB973346$
2009-07-15 19:07:43 ----HD---- C:\WINDOWS$NtUninstallKB971633$
2009-07-15 19:03:46 ----HD---- C:\WINDOWS$NtUninstallKB961371$
2009-07-13 16:23:21 ----D---- C:\Program Files\FirefoxPortable
2009-07-13 10:57:41 ----A---- C:\WINDOWS\Jcmkr32.INI
2009-07-11 21:43:47 ----D---- C:\Documents and Settings\FABRICE WININGER\Application Data\vlc
2009-07-07 12:00:58 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt
2009-07-07 11:55:54 ----D---- C:\Documents and Settings\FABRICE WININGER\Application Data\Vodafone
2009-07-07 11:55:51 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-07-07 11:55:25 ----D---- C:\Documents and Settings\All Users\Application Data\Vodafone
2009-07-07 11:55:19 ----D---- C:\Program Files\Vodafone

======List of files/folders modified in the last 1 months======

2009-07-19 12:55:24 ----A---- C:\WINDOWS\system.ini
2009-07-19 12:54:12 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-07-18 19:34:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-03-03 82380]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43520]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-04 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-16 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-27 108552]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 int15;int15; ??\C:\WINDOWS\system32\drivers\int15.sys []
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-05 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-05 55936]
R2 tvicport;tvicport; ??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; ??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-01-10 449888]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-04-27 29208]
R3 Cam5603D;Acer OrbiCam; C:\WINDOWS\System32\Drivers\BisonCam.sys [2006-06-30 775936]
R3 catchme;catchme; ??\C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-01-20 17408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-24 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-30 6250848]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-04 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-04 13056]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 11136]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-05-17 162560]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d’hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 anq96xi9;anq96xi9; C:\WINDOWS\system32\drivers\anq96xi9.sys []
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-04-27 29208]
S3 AVHybrid;AVHybrid service; C:\WINDOWS\system32\DRIVERS\AVHybrid.sys [2005-08-23 1024576]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 emAudio;PCTV EMP Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2007-08-07 23168]
S3 epindd;epindd; ??\C:\WINDOWS\system32\drivers\epindd.sys []
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 int15.sys;int15.sys; ??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2008-09-15 7680]
S3 mbr;mbr; ??\C:\DOCUME~1\FABRIC~1\LOCALS~1\Temp\mbr.sys []
S3 mod7700;DiBcom DIB7700 based TV tuner device; C:\WINDOWS\System32\Drivers\mod7700.sys [2007-04-18 473728]
S3 MODRC;DiBcom Infrared Receiver; C:\WINDOWS\system32\DRIVERS\modrc.sys [2007-02-06 13440]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 psdfilter;psdfilter; ??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk; ??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USB28xxBGA;PCTV 320e Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-07 476288]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-07 38656]
S3 usbprint;Classe d’imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 VAGUSB;VAGUSB.SYS USB Driver; C:\WINDOWS\System32\Drivers\VAGUSB.sys [2005-12-15 34639]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-09-15 104960]
S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys [2008-09-15 110080]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-09-15 104960]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-09-15 104960]
S3 ZTEusbvoice;ZTE VoUSB Port; C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys [2008-09-15 104960]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Service d’application d’assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-05-11 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-27 298776]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-07-04 1368952]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2006-04-27 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2006-04-27 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2006-04-27 61440]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-26 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-30 168004]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-09-22 14336]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 gupdate1c9a6ebd8afaf4c;Service Google Update (gupdate1c9a6ebd8afaf4c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-17 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 vvdsvc;VJVodClientServices; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2008-01-09 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-03-15 81920]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
ps: je n’ai pas de rapport info.txt alors que j’ai re-télécharger rsit!!

Je ne pense pas supprimer avg (je le paie et je suis en réseau avec 3pc) et mis à part ce problème, j’en suis content.

J’ai exécuté “superantispyware” en début d’après-midi et depuis, je n’ai plus de fenêtres intempestives. Avoir donc avec le temps.

En attendant d’être sur à 100% que je ne sois plus infecté, je tiens à te remercier encore pour tes réponses, ta disponibilité.

Un super forum avec des gens très sympas,compétents.
A recommander!!!

MERCI

Re fabwin

Lances Hijackthis

Cliques sur==> Do a System Scan Only

coches ces Lignes
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM…\Run: [Manage Program Gateway] C:\WINDOWS\system32\mspgw.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - www.tvucricket.com

Fermes tes autres applications sauf Hijackthis bien sûr ==> et Cliques sur Fix Checked

aprés
regarde Comment désactiver la barre d’outils de sécurité AVG

==>Comment désactiver la barre d’outils de sécurité AVG

tu feras aussi

Dans Explorer change ta page d acceuil

outils ==> options internet , et dans le cadre inscrire ==> www.google.fr…

aprés ==> Combofix

crée un nouveau document texte sur ton bureau
==> pour cela clic droit sur le bureau > Nouveau > document texte > copie et colle le contenu de la citation ci-dessous à l’intérieur

Respect à la lettre la procédure d’enregistrement suivante,c’est important

==> ensuite clic sur fichier > enregistrer sous…
==> dans la fenêtre d’enregistrement choisie le bureau comme destination > dans type choisie tous les fichiers > et dans nom du fichier tape CFScript.txt > ensuite clic sur enregistrer et ferme le document texte.

==> fait un glisser/déposer(clic-gauche enfoncer sur CFScrit.txt et tu fait glisser) de ce fichier CFScript.txt sur l’icône de ComboFix.exe(dans ton cas c’est “xxxxx.exe”) comme sur cette capture.

http://i25.tinypic.com/350qxw0.gif

==> une fenêtre bleue va apparaître >> au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
patiente le temps du scan. Le bureau va disparaître à plusieurs reprises,c’est normal!
==> ne touche à rien tant que le scan n’est pas terminé
=> une fois le scan achevé, un rapport va s’afficher,poste son contenu dans ta prochaine réponse.
==> si le rapport ne s’ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt

ensuite faire

désactiver Restauration de ton système :

==> sert à supprimer les infections qui se trouvent dans la restauration du système.

==>Cliques sur démarrer.
==>Clic droit sur “Poste de travail” puis choisir “Propriétés”.
==>Sélectionnes l’onglet “Restauration du système”.
==>Coches “Désactiver la Restauration du système sur tous les lecteurs” ou “Désactiver la Restauration du système” puis appliquer.
==>OK==>Redémarres ton PC

Puis retournes sur “Poste de travail” , “Propriétés” décoches cette fois “Désactiver la Restauration du système”==>appliquer==> puis ok.

aprés Création du point de restauration:

==>vas dans le Menu Démarrer puis dans Programmes,
==> Accessoires et enfin dans Outils système,
==>Choisis Restauration du système,
=>Sélectionnes==> Créer un point de restauration,
==>Cliques sur Suivant,
==>Entres un nom pour le point de restauration : ce nom assez simple pour que tu le retrouves
=> Cliques ==>Créer et le point de restauration se créé automatiquement

fais ceci également aprés

Télécharges ToolsCleaner! de A.Rothstein pour enlever les programmes utilisés pendant la procédure.
==>http://pc-system.fr/TC/ToolsCleaner2.exe

==> Enregistres ToolsCleaner2.exe sur le Bureau.
Sous Vista,Clic-droit > Exécuter en tant qu’ Administrateur
==> Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés
------> Il se peut que la fenêtre devienne blanche pendant le scan, c’est normal !
==> Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés, cliquez sur “Suppression” afin de les supprimer.
et==>vidage Corbeille
Fermes le programme en cliquant sur "Quitter ".

Postes le rapport qui se trouve ici >>> C:\TCleaner.txt

et ça devrait aller

Encore merci pour ton aide.
J’ai refait donc hijack mais il a 2 erreurs lorsque je fais le fix!!!

Pour le reste je vais le faire dans la semaine dés que j’ai 5mn parce que c’est ma dernière semaine avant les vacances donc il y a du boulot.

Je te tiens au courant!!
Encore merci