Bonjour,

Un "beau rapport, suite à malware difficile à supprimer.

Merci

Logfile of random's system information tool 1.06 (written by random/random)
Run by Elorriaga Denis at 2009-11-23 12:03:24
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 6 GB (14%) free of 40 GB
Total RAM: 2039 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:32, on 23/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\fxredir.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\LG Electronics\LG PC Suite III\LG_PCSuiteIII.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Elorriaga Denis\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Documents and Settings\Elorriaga Denis\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Elorriaga Denis\Mes documents\RSIT.exe
C:\Program Files\trend micro\Elorriaga Denis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\system32\fxredir.exe
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Elorriaga Denis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [LG PC Suite III] C:\Program Files\LG Electronics\LG PC Suite III\LG_PCSuiteIII.exe /icon
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Elorriaga Denis\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12960 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1682526488-2147196821-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1682526488-2147196821-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43F7497C-7687-4DEA-A057-F21BD81BC896}]
CJava Object - C:\WINDOWS\system32\msjava32.dll [2009-03-21 362496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-08-27 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"monitr32"=C:\Program Files\Canon\MultiPASS4\monitr32.exe [2001-12-12 315392]
"fxredir"=C:\WINDOWS\system32\fxredir.exe [2001-12-12 65536]
"MPTBox"=C:\Program Files\Canon\MultiPASS4\MPTBox.exe [2001-12-12 151552]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"C-Media Mixer"=Mixer.exe /startup []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-07-09 36352]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-06-25 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-02-01 21898024]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-08 68856]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-04-23 243072]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Documents and Settings\Elorriaga Denis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-08 133104]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]
"LG PC Suite III"=C:\Program Files\LG Electronics\LG PC Suite III\LG_PCSuiteIII.exe [2009-10-18 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Fichiers communs\AOL\1202389184\ee\AOLSoftware.exe [2006-09-26 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-08 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2009-03-25 161776]

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Elorriaga Denis\Menu Démarrer\Programmes\Démarrage
Outil de notification Live Search.lnk - C:\Documents and Settings\Elorriaga Denis\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Fichiers communs\AOL\acs\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\acs\AOLDial.exe:*:Enabled:AOL Autoconnect"
"C:\Program Files\Fichiers communs\AOL\acs\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\acs\AOLacsd.exe:*:Enabled:module de connexion AOL"
"C:\Program Files\Fichiers communs\AOL\1202389184\ee\aolsoftware.exe"="C:\Program Files\Fichiers communs\AOL\1202389184\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\AOL 9.0 VR\waol.exe"="C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe"="C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Fichiers communs\AOL\System Information\sinf.exe"="C:\Program Files\Fichiers communs\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0910994e-d4eb-11dd-b922-00038a000015}]
shell\AutoRun\command - G:\3j2h0tf.bat
shell\open\command - G:\3j2h0tf.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0959238c-ff2e-11dc-b76b-00038a000015}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL JAnEd.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23007b84-edc7-11dc-b749-00038a000015}]
shell\AutoRun\command - p.exe
shell\open\command - p.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f33a905-d430-11de-84ff-00038a000015}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{717ff636-613d-11dd-b848-00038a000015}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(&0)\command - G:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0cff802-97ae-11de-849f-00038a000015}]
shell\AutoRun\command - p.exe
shell\open\command - p.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1276823-6883-11de-ba22-00038a000015}]
shell\AutoRun\command - G:\3j2h0tf.bat
shell\open\command - G:\3j2h0tf.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1e04a46-8196-11de-8480-806d6172696f}]
shell\AutoRun\command - p.exe
shell\open\command - p.exe

======List of files/folders created in the last 1 months======

2009-11-23 11:36:34 ----DC---- C:\rsit
2009-11-23 11:36:34 ----D---- C:\Program Files\trend micro
2009-11-22 18:56:01 ----D---- C:\Program Files\a-squared Free
2009-11-22 10:27:29 ----D---- C:\WINDOWS\ie8updates
2009-11-22 10:24:38 ----HDC---- C:\WINDOWS\ie8
2009-11-18 12:01:44 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\U3
2009-11-09 10:10:05 ----DC---- C:\Temp

======List of files/folders modified in the last 1 months======

2009-11-23 12:02:05 ----D---- C:\WINDOWS\Prefetch
2009-11-23 12:00:49 ----D---- C:\WINDOWS
2009-11-23 11:59:40 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\Skype
2009-11-23 11:59:37 ----D---- C:\WINDOWS\Temp
2009-11-23 11:58:03 ----SD---- C:\WINDOWS\Tasks
2009-11-23 11:57:38 ----D---- C:\WINDOWS\system32
2009-11-23 11:56:34 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-11-23 11:56:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-23 11:36:34 ----RD---- C:\Program Files
2009-11-23 11:33:22 ----HD---- C:\WINDOWS\inf
2009-11-23 11:33:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-23 11:33:15 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-23 11:25:29 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\skypePM
2009-11-23 11:24:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2009-11-22 18:51:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-11-22 18:50:51 ----SHD---- C:\WINDOWS\Installer
2009-11-22 18:50:51 ----HDC---- C:\Config.Msi
2009-11-22 18:50:50 ----D---- C:\Program Files\Fichiers communs
2009-11-22 18:49:55 ----D---- C:\WINDOWS\system32\drivers
2009-11-22 18:49:55 ----D---- C:\Program Files\Lavasoft
2009-11-22 17:45:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2009-11-22 17:42:10 ----D---- C:\Program Files\Starcraft
2009-11-22 17:37:13 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-22 12:14:26 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-22 11:44:00 ----D---- C:\Program Files\Unlocker
2009-11-22 11:43:03 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-11-22 11:13:48 ----D---- C:\WINDOWS\system32\LogFiles
2009-11-22 11:13:48 ----D---- C:\WINDOWS\Debug
2009-11-22 11:09:38 ----D---- C:\Program Files\CCleaner
2009-11-22 10:50:44 ----D---- C:\WINDOWS\system32\fr-fr
2009-11-22 10:50:43 ----D---- C:\WINDOWS\Media
2009-11-22 10:50:43 ----D---- C:\WINDOWS\Help
2009-11-22 10:50:43 ----D---- C:\Program Files\Internet Explorer
2009-11-21 12:57:06 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\HPAppData
2009-11-07 22:37:44 ----D---- C:\WINDOWS\ie7updates
2009-11-05 18:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-02 12:31:46 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-02 12:31:11 ----RSD---- C:\WINDOWS\assembly
2009-11-02 12:09:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-02 12:01:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-02 12:00:38 ----D---- C:\Program Files\Windows Live
2009-11-02 11:59:18 ----D---- C:\WINDOWS\system32\DirectX
2009-11-01 18:46:52 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\LG Electronics
2009-10-29 09:16:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys []
R2 cis1284;cis1284; \??\C:\WINDOWS\system32\drivers\cis1284.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys []
R2 Stltrk2k;Stltrk2k; C:\WINDOWS\system32\drivers\Stltrk2k.sys [2001-10-03 13325]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-04-23 33588]
S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-11-02 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-11-02 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-06 21568]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nuvaud2;NUVision II Audio Service; C:\WINDOWS\system32\DRIVERS\nuvaud2.sys [2001-07-11 25024]
S3 NUVision;NUVision II Video Service; C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-10-28 153760]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-04 152984]
R2 MpService;MpService; C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE [2001-12-12 49152]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Yop

Deux infections à première vue....

• Télécharge Toolbar-S&D d'Eric71, AngelDark, Sham_Rock et XmichouX sur ton Bureau,
• Double-clique sur Toolbar-S&D afin de lancer l'installation, un raccourci sera ajouté sur le Bureau.
• Double-clique dessus pour démarrer l'outil; choisis la langue.
• Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
• Tape 1 puis sur la touche [Entrée] afin de lancer la recherche.
• Patiente jusqu'à la fin de la recherche.
• À la fin du scan, le rapport s'ouvrira dans le Bloc-notes.
• Poste ce rapport, par copier/coller, dans ta prochaine réponse.
• Le rapport se trouve également sous : C:\TB.txt

Aide en image : http://toolbarsd.googlepages.com/aideenimages

@++

merci pour ton aide

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz )
BIOS : Default System BIOS
USER : Elorriaga Denis ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1351 [VPS 091123-0] 4.8.1351 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:5 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:16 Go)
E:\ (Local Disk) - NTFS - Total:33 Go (Free:5 Go)
F:\ (CD or DVD)
H:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 23/11/2009|13:17 )

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr/"
"Search Bar"="http://recherche.neuf.fr/ie/default.html"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://recherche.neuf.fr/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

--------------------\\ Recherche d'autres infections

C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\arajgdczor.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\arajgdczor_nav.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\arajgdczor_navps.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\ccwdsj.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\ccwdsj_nav.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\ccwdsj_navps.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\eiysssq.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\eiysssq_nav.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\eiysssq_navps.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\mqwce.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\mqwce.exe
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\mqwce_nav.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\mqwce_navps.dat
C:\WINDOWS\System32\wiqseck.dat
C:\WINDOWS\System32\wiqseck.exe
C:\WINDOWS\System32\wiqseck_nav.dat
C:\WINDOWS\System32\wiqseck_navps.dat
C:\WINDOWS\System32\wscieui.dat
C:\WINDOWS\System32\wscieui_nav.dat
C:\WINDOWS\System32\wscieui_navps.dat
==> EGDACCESS <==

1 - "C:\ToolBar SD\TB_1.txt" - 23/11/2009|13:20 - Option : [1]

-----------\\ Fin du rapport a 13:20:09,29

De retour

• Désactive ton antivirus, ton antipsyware résidant (spybot par exemple) durant la phase de nettoyage. Voir ici.
• Double clique sur le raccourci de Toolbar-S&D présent sur ton bureau. Sous Vista : clic droit -> Exécuter en tant qu'administrateur.
• Au menu principal, choisis l'option 2 et valide par la touche [Entrée].

/!\ Ne ferme pas la fenêtre lors de la suppression /!\

• Un rapport sera généré. Poste ce rapport avec un nouveau rapport Hijackthis.

Note : Pour les utilisateurs de Vista, ToolBar-SD se charge de désactiver le "Contrôle des comptes utilisateurs" (UAC), il va redémarrer l'ordinateur et réactiver l'UAC.

-------------------------------------

• Redémarre et poste moi un nouveau rapport HJT stp ( avec le rapport de l'option 2 de ToolbarSD fait au préalable )

-------------------------------------

1.

• Télécharge Navilog1 de Il-Mafioso,
• Installe-le en cliquant sur le fichier Navilog1.exe,
• Une fois l'installation terminée, le fix s'exécutera automatiquement. Si ce n'est pas le cas, double-cliquer dans ce cas sur le raccourci Navilog1 présent sur le bureau.
• Laisse-toi guider par les indications qui apparaissent.
• Au menu principal, choisis 1 et valide par Entrée. Ne fais pas le choix 2,3 ou 4 sans l'avis de la personne qui t'aide.
• Patiente jusqu'au message : *** Analyse terminée le ..... ***
• Appuie sur une touche comme demandé, le bloc-note va s'ouvrir.
• Copie-colle l'intégralité dans ta prochaine réponse.
• Referme le bloc-note.
• Le rapport sera sauvegardé dans le dossier sous fixnavi.txt.

-----------------------------------

Edit : correction ( infection PE après )

@++

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz )
BIOS : Default System BIOS
USER : Elorriaga Denis ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1351 [VPS 091123-0] 4.8.1351 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:6 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:16 Go)
E:\ (Local Disk) - NTFS - Total:33 Go (Free:5 Go)
F:\ (CD or DVD)
H:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 23/11/2009|16:39 )

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr/"
"Search Bar"="http://recherche.neuf.fr/ie/default.html"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://recherche.neuf.fr/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"

--------------------\\ Recherche d'autres infections

C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\arajgdczor.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\arajgdczor_nav.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\arajgdczor_navps.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\ccwdsj.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\ccwdsj_nav.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\ccwdsj_navps.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\eiysssq.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\eiysssq_nav.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\eiysssq_navps.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\mqwce.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\mqwce.exe
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\mqwce_nav.dat
C:\DOCUME~1\ELORRI~1\LOCALS~1\APPLIC~1\mqwce_navps.dat
C:\WINDOWS\System32\wiqseck.dat
C:\WINDOWS\System32\wiqseck.exe
C:\WINDOWS\System32\wiqseck_nav.dat
C:\WINDOWS\System32\wiqseck_navps.dat
C:\WINDOWS\System32\wscieui.dat
C:\WINDOWS\System32\wscieui_nav.dat
C:\WINDOWS\System32\wscieui_navps.dat
==> EGDACCESS <==

1 - "C:\ToolBar SD\TB_1.txt" - 23/11/2009|13:20 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 23/11/2009|16:38 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 23/11/2009|16:40 - Option : [2]

-----------\\ Fin du rapport a 16:40:45,32

puis rapport hijack :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Elorriaga Denis at 2009-11-23 16:43:28
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (17%) free of 40 GB
Total RAM: 2039 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:32, on 23/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\fxredir.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\LG Electronics\LG PC Suite III\LG_PCSuiteIII.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Elorriaga Denis\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Documents and Settings\Elorriaga Denis\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Ahead\nero\nero.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Elorriaga Denis\Mes documents\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Elorriaga Denis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\system32\fxredir.exe
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Elorriaga Denis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [LG PC Suite III] C:\Program Files\LG Electronics\LG PC Suite III\LG_PCSuiteIII.exe /icon
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Elorriaga Denis\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12437 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1682526488-2147196821-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1682526488-2147196821-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43F7497C-7687-4DEA-A057-F21BD81BC896}]
CJava Object - C:\WINDOWS\system32\msjava32.dll [2009-03-21 362496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-08-27 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"monitr32"=C:\Program Files\Canon\MultiPASS4\monitr32.exe [2001-12-12 315392]
"fxredir"=C:\WINDOWS\system32\fxredir.exe [2001-12-12 65536]
"MPTBox"=C:\Program Files\Canon\MultiPASS4\MPTBox.exe [2001-12-12 151552]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-07-09 36352]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-06-25 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 172544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-08 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Documents and Settings\Elorriaga Denis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-08 133104]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]
"LG PC Suite III"=C:\Program Files\LG Electronics\LG PC Suite III\LG_PCSuiteIII.exe [2009-10-18 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Fichiers communs\AOL\1202389184\ee\AOLSoftware.exe [2006-09-26 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe [2008-04-23 243072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-02-01 21898024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-08 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2009-03-25 161776]

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Elorriaga Denis\Menu Démarrer\Programmes\Démarrage
Outil de notification Live Search.lnk - C:\Documents and Settings\Elorriaga Denis\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Fichiers communs\AOL\acs\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\acs\AOLDial.exe:*:Enabled:AOL Autoconnect"
"C:\Program Files\Fichiers communs\AOL\acs\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\acs\AOLacsd.exe:*:Enabled:module de connexion AOL"
"C:\Program Files\Fichiers communs\AOL\1202389184\ee\aolsoftware.exe"="C:\Program Files\Fichiers communs\AOL\1202389184\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\AOL 9.0 VR\waol.exe"="C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe"="C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Fichiers communs\AOL\System Information\sinf.exe"="C:\Program Files\Fichiers communs\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0910994e-d4eb-11dd-b922-00038a000015}]
shell\AutoRun\command - G:\3j2h0tf.bat
shell\open\command - G:\3j2h0tf.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0959238c-ff2e-11dc-b76b-00038a000015}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL JAnEd.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23007b84-edc7-11dc-b749-00038a000015}]
shell\AutoRun\command - p.exe
shell\open\command - p.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f33a905-d430-11de-84ff-00038a000015}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{717ff636-613d-11dd-b848-00038a000015}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(&0)\command - G:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0cff802-97ae-11de-849f-00038a000015}]
shell\AutoRun\command - p.exe
shell\open\command - p.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7ad71d8-cb53-11dc-9c7f-806d6172696f}]
shell\AutoRun\command - p.exe
shell\open\command - p.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7ad71d9-cb53-11dc-9c7f-806d6172696f}]
shell\AutoRun\command - p.exe
shell\open\command - p.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7ad71da-cb53-11dc-9c7f-806d6172696f}]
shell\AutoRun\command - p.exe
shell\open\command - p.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1276823-6883-11de-ba22-00038a000015}]
shell\AutoRun\command - G:\3j2h0tf.bat
shell\open\command - G:\3j2h0tf.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1e04a46-8196-11de-8480-806d6172696f}]
shell\AutoRun\command - p.exe
shell\open\command - p.exe

======List of files/folders created in the last 1 months======

2009-11-23 13:17:50 ----AC---- C:\TB.txt
2009-11-23 13:16:53 ----DC---- C:\ToolBar SD
2009-11-23 11:36:34 ----DC---- C:\rsit
2009-11-23 11:36:34 ----D---- C:\Program Files\trend micro
2009-11-22 18:56:01 ----D---- C:\Program Files\a-squared Free
2009-11-22 10:27:29 ----D---- C:\WINDOWS\ie8updates
2009-11-22 10:24:38 ----HDC---- C:\WINDOWS\ie8
2009-11-18 12:01:44 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\U3
2009-11-09 10:10:05 ----DC---- C:\Temp

======List of files/folders modified in the last 1 months======

2009-11-23 16:40:52 ----D---- C:\WINDOWS\Temp
2009-11-23 16:39:41 ----D---- C:\WINDOWS\Prefetch
2009-11-23 12:51:21 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-23 12:30:59 ----SHC---- C:\boot.ini
2009-11-23 12:30:59 ----AC---- C:\WINDOWS\SYSTEM.INI
2009-11-23 12:30:59 ----A---- C:\WINDOWS\win.ini
2009-11-23 12:00:49 ----D---- C:\WINDOWS
2009-11-23 11:59:40 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\Skype
2009-11-23 11:58:03 ----SD---- C:\WINDOWS\Tasks
2009-11-23 11:57:38 ----D---- C:\WINDOWS\system32
2009-11-23 11:56:34 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-11-23 11:56:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-23 11:36:34 ----RD---- C:\Program Files
2009-11-23 11:33:22 ----HD---- C:\WINDOWS\inf
2009-11-23 11:33:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-23 11:33:15 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-23 11:25:29 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\skypePM
2009-11-23 11:24:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2009-11-22 18:51:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-11-22 18:50:51 ----SHD---- C:\WINDOWS\Installer
2009-11-22 18:50:51 ----HDC---- C:\Config.Msi
2009-11-22 18:50:50 ----D---- C:\Program Files\Fichiers communs
2009-11-22 18:49:55 ----D---- C:\WINDOWS\system32\drivers
2009-11-22 18:49:55 ----D---- C:\Program Files\Lavasoft
2009-11-22 17:45:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2009-11-22 17:42:10 ----D---- C:\Program Files\Starcraft
2009-11-22 17:37:13 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-22 11:44:00 ----D---- C:\Program Files\Unlocker
2009-11-22 11:43:03 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-11-22 11:13:48 ----D---- C:\WINDOWS\system32\LogFiles
2009-11-22 11:13:48 ----D---- C:\WINDOWS\Debug
2009-11-22 11:09:38 ----D---- C:\Program Files\CCleaner
2009-11-22 10:50:44 ----D---- C:\WINDOWS\system32\fr-fr
2009-11-22 10:50:43 ----D---- C:\WINDOWS\Media
2009-11-22 10:50:43 ----D---- C:\WINDOWS\Help
2009-11-22 10:50:43 ----D---- C:\Program Files\Internet Explorer
2009-11-21 12:57:06 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\HPAppData
2009-11-07 22:37:44 ----D---- C:\WINDOWS\ie7updates
2009-11-05 18:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-02 12:31:46 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-02 12:31:11 ----RSD---- C:\WINDOWS\assembly
2009-11-02 12:09:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-02 12:01:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-02 12:00:38 ----D---- C:\Program Files\Windows Live
2009-11-02 11:59:18 ----D---- C:\WINDOWS\system32\DirectX
2009-11-01 18:46:52 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\LG Electronics
2009-10-29 09:16:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys []
R2 cis1284;cis1284; \??\C:\WINDOWS\system32\drivers\cis1284.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys []
R2 Stltrk2k;Stltrk2k; C:\WINDOWS\system32\drivers\Stltrk2k.sys [2001-10-03 13325]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-11-02 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-11-02 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-06 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-04-23 33588]
S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nuvaud2;NUVision II Audio Service; C:\WINDOWS\system32\DRIVERS\nuvaud2.sys [2001-07-11 25024]
S3 NUVision;NUVision II Video Service; C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-10-28 153760]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-04 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 MpService;MpService; C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE [2001-12-12 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re

Ok...

Passe donc à ceci maintenant stp

• Télécharge Navilog1 de Il-Mafioso,
• Installe-le en cliquant sur le fichier Navilog1.exe,
• Une fois l'installation terminée, le fix s'exécutera automatiquement. Si ce n'est pas le cas, double-cliquer dans ce cas sur le raccourci Navilog1 présent sur le bureau.
• Laisse-toi guider par les indications qui apparaissent.
• Au menu principal, choisis 1 et valide par Entrée. Ne fais pas le choix 2,3 ou 4 sans l'avis de la personne qui t'aide.
• Patiente jusqu'au message : *** Analyse terminée le ..... ***
• Appuie sur une touche comme demandé, le bloc-note va s'ouvrir.
• Copie-colle l'intégralité dans ta prochaine réponse.
• Referme le bloc-note.
• Le rapport sera sauvegardé dans le dossier sous fixnavi.txt.

@++

Fix Navipromo version 4.0.5 commencé le 23/11/2009 17:00:31,00

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz )
BIOS : Default System BIOS
USER : Elorriaga Denis ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1351 [VPS 091123-0] 4.8.1351 (Not Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:6 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:16 Go)
E:\ (Local Disk) - NTFS - Total:33 Go (Free:5 Go)
F:\ (CD or DVD)
H:\ (USB)

Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur

C:\WINDOWS\system32\wiqseck.exe supprimé !
C:\WINDOWS\system32\wiqseck.dat supprimé !
C:\WINDOWS\system32\wiqseck_nav.dat supprimé !
C:\WINDOWS\system32\wiqseck_navps.dat supprimé !
C:\WINDOWS\system32\wscieui.dat supprimé !
C:\WINDOWS\system32\wscieui_nav.dat supprimé !
C:\WINDOWS\system32\wscieui_navps.dat supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\arajgdczor.dat supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\arajgdczor_nav.dat supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\arajgdczor_navps.dat supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\ccwdsj.dat supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\ccwdsj_nav.dat supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\ccwdsj_navps.dat supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\eiysssq.dat supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\eiysssq_nav.dat supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\eiysssq_navps.dat supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\mqwce.exe supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\mqwce.dat supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\mqwce_nav.dat supprimé !
c:\docume~1\elorri~1\locals~1\applic~1\mqwce_navps.dat supprimé !

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Elorriaga Denis\locals~1\Temp effectué !

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Egroup supprimé !
Certificat OOO-Favorit supprimé !

*** Scan terminé 23/11/2009 17:04:30,93 ***

Re

• Ok,on ratisse avec ceci :

• Télécharge et installe Malwarebyte's Anti-Malware,
• A la fin de l'installation, veille à ce que l'option Mettre à jour Malwarebytes' Anti-Malware soit cochée.
• Clique sur "Terminer".
• Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur le bureau.
• Au premier lancement, une fenêtre t'annonce que la version est Free. Clique alors sur ok.
• Laisse les Mises à jour se télécharger.
• Lance Malwarebyte's Anti-Malware.
• Choisis ceci Onglet "Recherche". Coche Exécuter un examen complet puis Rechercher.
• Sélectionne ton disque dur et clique clic sur "lancer l'examen".
• A la fin du scan, clique sur Afficher les résultats.
• Suppression des éléments détectés : Clique sur Supprimer la sélection.
• Si un redémarrage est demandé, clique sur "Yes".
• Un rapport de scan s'ouvre, poste le rapport.
• Pour t'aider, tu as un très bon tuto ici.

-----------------------------------------------

• Tu peux désinstaller ToolsbardSD

-----------------------------------------------

• Télécharge OTM (de Old_Timer) sur ton bureau,
• Double-clique sur OTMoveIt.exe pour lancer le programme,
• Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Instructions for Items to be Moved" :

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43F7497C-7687-4DEA-A057-F21BD81BC896}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}]


:Files
c:\windows\system32\msjava32.dll

:Commands
[purity]
[emptytemp]

• Clique sur MoveIt! pour lancer la suppression,
• Le résultat appraraîtra dans le cadre Results.
• Clique sur Exit pour fermer le programme.
• Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
• Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

-------------------------------------------

• Fixe ces lignes stp :
• O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
• R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
• R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
• O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
• O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
• http://forum.pcastuces.com/hijackthis__fixer_les_elements_indesirables-f31s16.htm

------------------------------------------

• Poste moi ensuite le rapport MBAM ,OTM et un nouveau rsit stp
• On s'occupe de l'infection PE ensuite !

@++

Malwarebytes' Anti-Malware 1.41

Version de la base de données: 3218

Windows 5.1.2600 Service Pack 3

23/11/2009 22:14:09

mbam-log-2009-11-23 (22-14-09).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)

Eléments examinés: 241401

Temps écoulé: 49 minute(s), 33 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 2

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{43f7497c-7687-4dea-a057-f21bd81bc896} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43f7497c-7687-4dea-a057-f21bd81bc896} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

C:\System Volume Information\_restore{BD29577C-9283-41A2-A984-DBCD3B4F6651}\RP554\A0174489.exe (Adware.ADON) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{BD29577C-9283-41A2-A984-DBCD3B4F6651}\RP554\A0174490.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.

otm?

fnere a écrit :

otm?

Re

le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles

@++

Pardon, retrouvé

All processes killed

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43F7497C-7687-4DEA-A057-F21BD81BC896}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\ not found.

========== FILES ==========

File/Folder c:\windows\system32\msjava32.dll not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur

->Temp folder emptied: 70480 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: All Users.WINDOWS

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: denis

File delete failed. C:\Documents and Settings\denis\Local Settings\Temp\Répertoire temporaire 1 pour Win XP SP2 Activator _ Activacion Windows XP_ Profesional_Service pack 2_PRO_CRACK_KEYGEN.zip\Win XP SP2 Activator _ Activacion Windows XP_ Profesional_Service pack 2_PRO_CRACK_KEYGEN.exe scheduled to be deleted on reboot.

->Temp folder emptied: 4017962 bytes

->Temporary Internet Files folder emptied: 259680859 bytes

User: Elorriaga Denis

->Temp folder emptied: 40426738 bytes

File delete failed. C:\Documents and Settings\Elorriaga Denis\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 479149 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 29317849 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.AUTORITE NT

->Temp folder emptied: 66016 bytes

File delete failed. C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 10540332 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.AUTORITE NT

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 2173091 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2134506 bytes

%systemroot%\System32 .tmp files removed: 3072 bytes

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_530.dat scheduled to be deleted on reboot.

Windows Temp folder emptied: 31609 bytes

RecycleBin emptied: 472740 bytes

Total Files Cleaned = 333,42 mb

OTM by OldTimer - Version 3.0.0.6 log created on 11232009_204853

Files moved on Reboot...

File C:\Documents and Settings\denis\Local Settings\Temp\Répertoire temporaire 1 pour Win XP SP2 Activator _ Activacion Windows XP_ Profesional_Service pack 2_PRO_CRACK_KEYGEN.zip\Win XP SP2 Activator _ Activacion Windows XP_ Profesional_Service pack 2_PRO_CRACK_KEYGEN.exe not found!

File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

File C:\WINDOWS\temp\Perflib_Perfdata_530.dat not found!

Registry entries deleted on Reboot...

Re

On s'occupe de l'infection PE

• Télécharge USBFIX de Chiquitine29 sur ton Bureau,
• L'outil peut faire réagir l'antivirus. Dans ce cas, tu ignores les alertes ou tu désactives temporairement ton antivirus.
• Lance l'installation avec les paramètres par défaut.
• Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
• Double-clique sur le raccourci UsbFix sur ton Bureau (Pour Vista, le programme doit être lancé via un clic droit, et il faut choisir d'exécuter en tant qu'administrateur). Choisis l'option 1.
• Le PC va redémarrer.
• Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

Edit : correction de lien

@++

############################## | UsbFix V6.056 |

User : Elorriaga Denis (Administrateurs) # UNICORNI-29681C

Update on 23/11/2009 by Chiquitine29, C_XX & Chimay8

Start at: 23:24:56 | 23/11/2009

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz

Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : avast! antivirus 4.8.1351 [VPS 091123-1] 4.8.1351 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces

C:\ -> Disque fixe local # 39,06 Go (6,59 Go free) # NTFS

D:\ -> Disque fixe local # 39,06 Go (16,65 Go free) [photo 1] # NTFS

E:\ -> Disque fixe local # 33,63 Go (5,63 Go free) [music1] # NTFS

F:\ -> Disque CD-ROM

G:\ -> Disque amovible # 487,73 Mo (120,2 Mo free) # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 592

C:\WINDOWS\system32\csrss.exe 640

C:\WINDOWS\system32\winlogon.exe 664

C:\WINDOWS\system32\services.exe 708

C:\WINDOWS\system32\lsass.exe 720

C:\WINDOWS\system32\svchost.exe 896

C:\WINDOWS\system32\svchost.exe 944

C:\WINDOWS\System32\svchost.exe 1040

C:\WINDOWS\system32\svchost.exe 1140

C:\WINDOWS\system32\svchost.exe 1240

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1284

C:\Program Files\Alwil Software\Avast4\ashServ.exe 1332

C:\WINDOWS\system32\spoolsv.exe 1692

C:\WINDOWS\system32\svchost.exe 280

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 312

C:\Program Files\Bonjour\mDNSResponder.exe 324

C:\WINDOWS\system32\FsUsbExService.Exe 408

C:\WINDOWS\system32\svchost.exe 504

C:\Program Files\Java\jre6\bin\jqs.exe 608

C:\WINDOWS\System32\svchost.exe 1124

C:\WINDOWS\System32\svchost.exe 1396

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1172

C:\WINDOWS\system32\svchost.exe 1820

C:\WINDOWS\system32\WgaTray.exe 536

C:\WINDOWS\system32\igfxtray.exe 2176

C:\WINDOWS\system32\igfxpers.exe 2192

C:\WINDOWS\system32\fxredir.exe 2208

C:\Program Files\Canon\MultiPASS4\MPTBox.exe 2216

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 2228

C:\Program Files\Winamp\winampa.exe 2240

C:\Program Files\QuickTime\QTTask.exe 2256

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 2268

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 2300

C:\WINDOWS\system32\ctfmon.exe 2428

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 2464

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 2536

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe 2564

C:\Program Files\LG Electronics\LG PC Suite III\LG_PCSuiteIII.exe 2588

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 2624

C:\Documents and Settings\Elorriaga Denis\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe 2660

C:\Documents and Settings\Elorriaga Denis\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe 2944

C:\Documents and Settings\Elorriaga Denis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3088

C:\Documents and Settings\Elorriaga Denis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3228

C:\WINDOWS\system32\wbem\wmiapsrv.exe 3832

C:\WINDOWS\System32\alg.exe 4040

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 2816

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 2836

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 2316

C:\WINDOWS\explorer.exe 3388

C:\WINDOWS\system32\wscntfy.exe 152

C:\WINDOWS\system32\wbem\wmiprvse.exe 3484

################## | Fichiers # Dossiers infectieux |

C:\autorun.inf

C:\autorun.inf -> fichier appelé : "C:\p.exe" ( Absent ! )

D:\autorun.inf

D:\autorun.inf -> fichier appelé : "D:\p.exe" ( Absent ! )

E:\autorun.inf

E:\autorun.inf -> fichier appelé : "E:\p.exe" ( Absent ! )

G:\e.cmd

G:\ej10fkdo.bat

G:\il0byu3h.com

G:\ravmon.exe

################## | Registre # Clés infectieuses |

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{0910994e-d4eb-11dd-b922-00038a000015}

Shell\AutoRun\command =G:\3j2h0tf.bat

Shell\open\Command =G:\3j2h0tf.bat

HKCU\..\..\Explorer\MountPoints2\{0959238c-ff2e-11dc-b76b-00038a000015}

Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL JAnEd.EXE

HKCU\..\..\Explorer\MountPoints2\{23007b84-edc7-11dc-b749-00038a000015}

Shell\AutoRun\command =p.exe

Shell\open\Command =p.exe

HKCU\..\..\Explorer\MountPoints2\{3f33a905-d430-11de-84ff-00038a000015}

Shell\AutoRun\command =G:\LaunchU3.exe

HKCU\..\..\Explorer\MountPoints2\{717ff636-613d-11dd-b848-00038a000015}

Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

Shell\Open(&0)\command =G:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{a0cff802-97ae-11de-849f-00038a000015}

Shell\AutoRun\command =p.exe

Shell\open\Command =p.exe

HKCU\..\..\Explorer\MountPoints2\{b7ad71d8-cb53-11dc-9c7f-806d6172696f}

Shell\AutoRun\command =p.exe

Shell\open\Command =p.exe

HKCU\..\..\Explorer\MountPoints2\{b7ad71d9-cb53-11dc-9c7f-806d6172696f}

Shell\AutoRun\command =p.exe

Shell\open\Command =p.exe

HKCU\..\..\Explorer\MountPoints2\{b7ad71da-cb53-11dc-9c7f-806d6172696f}

Shell\AutoRun\command =p.exe

Shell\open\Command =p.exe

HKCU\..\..\Explorer\MountPoints2\{d1276823-6883-11de-ba22-00038a000015}

Shell\AutoRun\command =G:\3j2h0tf.bat

Shell\open\Command =G:\3j2h0tf.bat

HKCU\..\..\Explorer\MountPoints2\{e1e04a46-8196-11de-8480-806d6172696f}

Shell\AutoRun\command =p.exe

Shell\open\Command =p.exe

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\denis\Mes documents\Windows Genuine Advantage WGA patch (bypass validation check) 892130 crack\WgaPatch892130.exe"

29/05/2006 09:17 |Size 7008294 |Crc32 9cd07aac |Md5 584426ebab9596624c79262f0579d240

"C:\Program Files\eMule\Incoming\Free cracked serial windows xp professionnel sp3 oem fr.zip"

Contain : Setup32.exe 2246144 DFLT-N 2% 2200054 04-09-2009 19:17:02 921bb86f

################## | ! Fin du rapport # UsbFix V6.056 ! |

Re

Tant que j'y pense :

Ton disque C est beaucoup trop rempli ! Ton PC va devenir instable du fait de la mémoire virtuelle qui n’aura plus assez de place et la défragmentation ne se fera plus correctement !
Il faudra que tu penses rapidement à désinstaller certains programmes dont tu ne sers pas, mettre tes documents/Photos/Musiques/Vidéos etc sur un autre support tel que sur des Dvd ou un autre DD.

------------------------------------

• Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
• Double-clique sur le raccourci UsbFix sur ton Bureau (Pour Vista, le programme doit être lancé via un clic droit, et il faut choisir d'exécuter en tant qu'administrateur). Choisis l'option 2. ( Suppression )
• Tu enchaines ensuite avec l'option 3 ( vacciner )

------------------------------------

• Poste moi ensuite les deux rapports Usbfix stp + un nouveau Rsit et..........Comment se comporte ton PC ?

@++

############################## | UsbFix V6.056 |

User : Elorriaga Denis (Administrateurs) # UNICORNI-29681C

Update on 23/11/2009 by Chiquitine29, C_XX & Chimay8

Start at: 00:06:08 | 24/11/2009

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz

Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : avast! antivirus 4.8.1351 [VPS 091123-1] 4.8.1351 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces

C:\ -> Disque fixe local # 39,06 Go (9,89 Go free) # NTFS

D:\ -> Disque fixe local # 39,06 Go (16,65 Go free) [photo 1] # NTFS

E:\ -> Disque fixe local # 33,63 Go (5,63 Go free) [music1] # NTFS

F:\ -> Disque CD-ROM

G:\ -> Disque amovible # 487,73 Mo (119,38 Mo free) # FAT

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.

# D:\autorun.inf -> Dossier créé par UsbFix.

# E:\autorun.inf -> Dossier créé par UsbFix.

# G:\autorun.inf -> Dossier créé par UsbFix.

################## | ! Fin du rapport # UsbFix V6.056 ! |

Logfile of random's system information tool 1.06 (written by random/random)

Run by Elorriaga Denis at 2009-11-24 00:07:09

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 10 GB (25%) free of 40 GB

Total RAM: 2039 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:07:17, on 24/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Elorriaga Denis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Elorriaga Denis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Elorriaga Denis\Mes documents\RSIT.exe

C:\Program Files\trend micro\HijackThis\Elorriaga Denis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe

O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\system32\fxredir.exe

O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Elorriaga Denis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [LG PC Suite III] C:\Program Files\LG Electronics\LG PC Suite III\LG_PCSuiteIII.exe /icon

O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Elorriaga Denis\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 11059 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1682526488-2147196821-1003Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1682526488-2147196821-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-08-27 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]

"monitr32"=C:\Program Files\Canon\MultiPASS4\monitr32.exe [2001-12-12 315392]

"fxredir"=C:\WINDOWS\system32\fxredir.exe [2001-12-12 65536]

"MPTBox"=C:\Program Files\Canon\MultiPASS4\MPTBox.exe [2001-12-12 151552]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]

"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-07-09 36352]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-06-25 198160]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]

"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-08 68856]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

"Google Update"=C:\Documents and Settings\Elorriaga Denis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-08 133104]

"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]

"LG PC Suite III"=C:\Program Files\LG Electronics\LG PC Suite III\LG_PCSuiteIII.exe [2009-10-18 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

Mixer.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

C:\Program Files\Fichiers communs\AOL\1202389184\ee\AOLSoftware.exe [2006-09-26 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]

C:\Program Files\IncrediMail\bin\IncMail.exe [2008-04-23 243072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files\Skype\Phone\Skype.exe [2008-02-01 21898024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-08 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

C:\Program Files\Unlocker\UnlockerAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]

C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2009-03-25 161776]

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Elorriaga Denis\Menu Démarrer\Programmes\Démarrage

Outil de notification Live Search.lnk - C:\Documents and Settings\Elorriaga Denis\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDriveAutoRun"=145

"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Fichiers communs\AOL\acs\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\acs\AOLDial.exe:*:Enabled:AOL Autoconnect"

"C:\Program Files\Fichiers communs\AOL\acs\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\acs\AOLacsd.exe:*:Enabled:module de connexion AOL"

"C:\Program Files\Fichiers communs\AOL\1202389184\ee\aolsoftware.exe"="C:\Program Files\Fichiers communs\AOL\1202389184\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"

"C:\Program Files\AOL 9.0 VR\waol.exe"="C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL"

"C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"

"C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe"="C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\Fichiers communs\AOL\System Information\sinf.exe"="C:\Program Files\Fichiers communs\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"

"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"

"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"

"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"

"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-11-24 00:06:08 ----RASHDC---- C:\autorun.inf

2009-11-24 00:06:07 ----AC---- C:\UsbFix.txt

2009-11-23 23:24:08 ----DC---- C:\UsbFix

2009-11-23 20:48:53 ----DC---- C:\_OTM

2009-11-23 19:37:16 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\Malwarebytes

2009-11-23 19:37:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-11-23 19:37:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2009-11-23 17:00:31 ----AC---- C:\cleannavi.txt

2009-11-23 16:59:55 ----D---- C:\Program Files\Navilog1

2009-11-23 13:17:50 ----AC---- C:\TB.txt

2009-11-23 13:16:53 ----DC---- C:\ToolBar SD

2009-11-23 11:36:34 ----DC---- C:\rsit

2009-11-23 11:36:34 ----D---- C:\Program Files\trend micro

2009-11-22 18:56:01 ----D---- C:\Program Files\a-squared Free

2009-11-22 10:27:29 ----D---- C:\WINDOWS\ie8updates

2009-11-22 10:24:38 ----HDC---- C:\WINDOWS\ie8

2009-11-18 12:01:44 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\U3

2009-11-09 10:10:05 ----DC---- C:\Temp

======List of files/folders modified in the last 1 months======

2009-11-24 00:00:18 ----D---- C:\WINDOWS\Temp

2009-11-23 23:58:54 ----SHD---- C:\RECYCLER

2009-11-23 23:58:43 ----D---- C:\WINDOWS

2009-11-23 23:54:01 ----SD---- C:\WINDOWS\Tasks

2009-11-23 23:52:21 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-11-23 23:52:20 ----D---- C:\WINDOWS\system32\CatRoot2

2009-11-23 23:24:56 ----D---- C:\WINDOWS\Prefetch

2009-11-23 22:43:56 ----HD---- C:\WINDOWS\inf

2009-11-23 20:51:33 ----D---- C:\WINDOWS\system32

2009-11-23 20:48:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-11-23 20:42:40 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\Desktopicon

2009-11-23 19:37:10 ----D---- C:\WINDOWS\system32\drivers

2009-11-23 19:37:07 ----RD---- C:\Program Files

2009-11-23 17:37:23 ----SHD---- C:\WINDOWS\Installer

2009-11-23 17:37:23 ----HDC---- C:\Config.Msi

2009-11-23 17:37:20 ----D---- C:\Program Files\Windows Live

2009-11-23 17:34:16 ----D---- C:\Program Files\Winamp

2009-11-23 12:51:21 ----A---- C:\WINDOWS\NeroDigital.ini

2009-11-23 12:30:59 ----SHC---- C:\boot.ini

2009-11-23 12:30:59 ----AC---- C:\WINDOWS\SYSTEM.INI

2009-11-23 12:30:59 ----A---- C:\WINDOWS\win.ini

2009-11-23 11:59:40 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\Skype

2009-11-23 11:33:20 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-11-23 11:33:15 ----HD---- C:\WINDOWS\$hf_mig$

2009-11-23 11:25:29 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\skypePM

2009-11-23 11:24:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater

2009-11-22 18:51:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2009-11-22 18:50:50 ----D---- C:\Program Files\Fichiers communs

2009-11-22 18:49:55 ----D---- C:\Program Files\Lavasoft

2009-11-22 17:45:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2009-11-22 17:42:10 ----D---- C:\Program Files\Starcraft

2009-11-22 17:37:13 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-11-22 11:44:00 ----D---- C:\Program Files\Unlocker

2009-11-22 11:43:03 ----D---- C:\Program Files\Fichiers communs\Symantec Shared

2009-11-22 11:13:48 ----D---- C:\WINDOWS\system32\LogFiles

2009-11-22 11:13:48 ----D---- C:\WINDOWS\Debug

2009-11-22 11:09:38 ----D---- C:\Program Files\CCleaner

2009-11-22 10:50:44 ----D---- C:\WINDOWS\system32\fr-fr

2009-11-22 10:50:43 ----D---- C:\WINDOWS\Media

2009-11-22 10:50:43 ----D---- C:\WINDOWS\Help

2009-11-22 10:50:43 ----D---- C:\Program Files\Internet Explorer

2009-11-21 12:57:06 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\HPAppData

2009-11-07 22:37:44 ----D---- C:\WINDOWS\ie7updates

2009-11-05 18:36:21 ----A---- C:\WINDOWS\system32\MRT.exe

2009-11-02 12:31:46 ----D---- C:\WINDOWS\Microsoft.NET

2009-11-02 12:31:11 ----RSD---- C:\WINDOWS\assembly

2009-11-02 12:09:14 ----D---- C:\WINDOWS\system32\CatRoot

2009-11-02 12:01:03 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-11-02 11:59:18 ----D---- C:\WINDOWS\system32\DirectX

2009-11-01 18:46:52 ----D---- C:\Documents and Settings\Elorriaga Denis\Application Data\LG Electronics

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]

R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys []

R2 cis1284;cis1284; \??\C:\WINDOWS\system32\drivers\cis1284.sys []

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys []

R2 Stltrk2k;Stltrk2k; C:\WINDOWS\system32\drivers\Stltrk2k.sys [2001-10-03 13325]

R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]

R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]

R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-04-23 33588]

S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-11-02 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-11-02 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-06 21568]

S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nuvaud2;NUVision II Audio Service; C:\WINDOWS\system32\DRIVERS\nuvaud2.sys [2001-07-11 25024]

S3 NUVision;NUVision II Video Service; C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-10-28 153760]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]

S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys []

S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]

S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]

R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-04 152984]

R2 MpService;MpService; C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE [2001-12-12 49152]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]

R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re

Je zieute

Réponse dans un moment

@++

Re

Pour moi c'est bon ! Ton PC se comprorte correctement par rapport au début ?

Si ca roule, je te donne les dernières consignes

ATTENTION avec le P2P

@++

Yop

Je présume que ca roule ! Je te donne donc les dernières consignes ,//ce qui suit un important //

--------------------------------------------------

Télécharge ToolsCleaner (de A.Rothstein et Dj Quiou).

* Clique sur Recherche et laisse le scan se terminer.
* Tu peux si tu le souhaites te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Rends-toi de temps en temps sur Secunia pour mettre à jour tes programmes

1. Clique sur "Start scanner"
2. Clique sur "Start"
3. Coche "Enable through system inspection"
4. Suis, éventuellement, les directives si besoin est......
5. http://forum.pcastuces.com/tutoriel_secunia_online-f25s46364.htm ( Merci le Kangourou )

Quelques conseils :

Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.

• Pour suivre l'évolution des mises à jour de quelques logiciels de protection ainsi que de Java :

http://forum.pcastuces.com/sujet.asp?f=25&s=25842

Tu peux supprimer tous les logiciels que nous avons utilisés (Type: SmitFraufix,Usbifix.... ect.....) qui traitent des infections spécifiques et qui sont mis à jour régulièrement. Il est inutile de les garder sur ton PC.

Tu peux par contre, garder Malwarebytes' Anti-Malware et CCleaner et les utiliser régulìèrement.
=========================================================================

/!\ Maintenant que ton PC n'est plus infecté, désactive la "Restauration du système" afin de créer un point de restauration sain.

Je te conseille de défragmenter ton PC :

Défragmenter avec XP

Et/ou

Défragmenter avec Vista/Seven

=========================================================================

/!\ Pour améliorer la sécurité de ton PC, prends quelques instants pour lire...

Sécuriser son PC +WIFI (versions "hot" & "light") : http://forum.pcastuces.com/sujet.asp?f=25&s=25892 ( merci Philae )

Prévention et protection - Comment vous prémunir : http://forum.pcastuces.com/sujet.asp?f=25&s=36131 ( merci Morgane )

Les risques sécuritaires du peer-to-peer en 10 points : http://www.libellules.ch/phpBB2/les-risques-securitaires-du-peer-to-peer-en-10-points-t28947.html ( merci Ogu )

Pourquoi éviter le P2P ? Point législatif et dangers : http://pitcatsite.ovh.org/php/p2p.php ( merci Pitcat )

LE CRACK dans toute sa splendeur : http://forum.zebulon.fr/prevention-le-crack-dans-toute-sa-splendeur-t93281.html ( merci tesgaz )

==========================================================================

Tu peux mettre ton sujet en (Résolu) ici s'il te plaît.

Prudence sur le net

@++