Tout d'abord bonjour à tous.

Alors voilà, j'ai laissé mon ordinateur en marche quelques heures pensant que je m'absentais ; à mon retour j'ai constaté que le rogue "Antimalware Doctor" s'était installé ..

J'ai donc immédiatement redémarré mon ordinateur en mode sans échec et j'ai suivi la procédure d'analyse détaillée dans ce forum ..

Je vous adresse les trois rapports obtenus en espérant de tout coeur recevoir des conseils permettant de retrouver l'usage de mon ordinateur !

Merci d'avance

Cordialement, Nico.

1) Log :

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrateur at 2010-08-19 20:46:55
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 50 GB (21%) free of 238 GB
Total RAM: 1022 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:47:20, on 19/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2090C13A-BB65-4BA6-A2EB-52CFBF52C833} - c:\windows\system32\gaquxry.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PreSonusUSBInstallApp] C:\Program Files\AudioBox USB\InstPresonusUSBDrv.exe
O4 - HKLM\..\Run: [sta] rundll32 "E1890.dll",,Run
O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\R1890.exe
O4 - HKLM\..\Run: [bokbarbn] C:\Documents and Settings\proprietaire\Local Settings\Application Data\vwhwvpamr\rixabsyshdw.exe
O4 - HKLM\..\Run: [wdltjems] C:\Documents and Settings\proprietaire\Local Settings\Application Data\tkcwvhneg\rqmsjvbshdw.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258127838578
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Program Files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10146 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{B105FC66-6E33-4CD1-AD19-6BE20A3C101A}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2090C13A-BB65-4BA6-A2EB-52CFBF52C833}]
c:\windows\system32\gaquxry.dll [2008-04-14 739328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-23 7282688]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-08-18 14820864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-07-08 2048352]
"MedionVFD"=C:\Program Files\Medion Info Display\MdionLCM.exe [2005-10-11 126976]
"CmUCRRun"=C:\WINDOWS\system32\CmUCReye.exe [2005-08-04 237568]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-06-03 549376]
"ledpointer"=C:\WINDOWS\CNYHKey.exe [2003-07-21 5577216]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 248040]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2008-12-04 665424]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]
"PreSonusUSBInstallApp"=C:\Program Files\AudioBox USB\InstPresonusUSBDrv.exe [2008-03-07 28672]
"sta"=rundll32 E1890.dll,,Run []
"MChk"=C:\WINDOWS\system32\R1890.exe []
"bokbarbn"=C:\Documents and Settings\proprietaire\Local Settings\Application Data\vwhwvpamr\rixabsyshdw.exe [2010-08-19 254976]
"wdltjems"=C:\Documents and Settings\proprietaire\Local Settings\Application Data\tkcwvhneg\rqmsjvbshdw.exe [2010-08-19 254976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"=C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe [2006-11-16 10752]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-11-15 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\iPhoneBrowser\iPhoneBrowser.exe"="C:\Program Files\iPhoneBrowser\iPhoneBrowser.exe:*:Enabled:iPhoneBrowser"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\CoD6\iw4mp.exe"="C:\Program Files\CoD6\iw4mp.exe:*:Enabled:iw4mp"
"C:\Program Files\Call of Duty Modern Warfare 2\iw4mp.exe"="C:\Program Files\Call of Duty Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\Program Files\Call of Duty Modern Warfare 2b\iw4mp.exe"="C:\Program Files\Call of Duty Modern Warfare 2b\iw4mp.exe:*:Enabled:iw4mp"
"C:\Program Files\Steam\steamapps\common\zero gear\ZeroGear.bat"="C:\Program Files\Steam\steamapps\common\zero gear\ZeroGear.bat:*:Enabled:Zero Gear Demo"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Program Files\Cyanide\Pro Cycling Manager - Saison 2010\PCM.exe"="C:\Program Files\Cyanide\Pro Cycling Manager - Saison 2010\PCM.exe:*:Enabled:Pro Cycling Manager - Saison 2010"
"C:\Program Files\Cyanide\Pro Cycling Manager - Saison 2010\Autorun\Exe\Autorun.exe"="C:\Program Files\Cyanide\Pro Cycling Manager - Saison 2010\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Saison 2010 - Autorun"
"C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\0.9493581878319184.exe"="C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\0.9493581878319184.exe:*:Enabled:csrss"
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe"="C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2009"
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe"="C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2009 - AutoRun"
"C:\Program Files\SoulseekNS\slsk.exe"="C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-08-19 20:47:01 ----D---- C:\Program Files\trend micro
2010-08-19 20:46:55 ----D---- C:\rsit
2010-08-19 20:36:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2010-08-19 20:35:26 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-19 20:35:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-19 20:35:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-19 20:35:25 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-19 20:26:52 ----D---- C:\Documents and Settings\Administrateur\Application Data\Macromedia
2010-08-19 20:26:52 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe
2010-08-19 20:25:43 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2010-08-19 20:21:36 ----ASH---- C:\Documents and Settings\Administrateur\Application Data\desktop.ini
2010-08-19 20:21:35 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2010-08-19 20:21:20 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-19 19:08:24 ----D---- C:\WINDOWS\$NtUninstallMTF1011$
2010-08-16 03:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-16 03:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-16 03:11:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-16 03:10:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-16 03:07:28 ----SHD---- C:\Config.Msi
2010-08-16 03:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-16 03:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-16 03:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-16 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-04 11:12:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-02 16:02:12 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek
2010-08-02 16:01:56 ----D---- C:\Program Files\SoulseekNS
2010-07-30 12:41:19 ----A---- C:\WINDOWS\system32\USBFindDevice.dll
2010-07-30 12:41:18 ----D---- C:\Program Files\AudioBox USB
2010-07-30 12:41:18 ----A---- C:\WINDOWS\system32\drivers\PreSonusUSB_xfer.sys
2010-07-30 12:41:18 ----A---- C:\WINDOWS\system32\drivers\presonusUsb.sys
2010-07-30 12:15:32 ----D---- C:\WINDOWS\Minidump
2010-07-30 11:53:21 ----A---- C:\WINDOWS\system32\drivers\USBAUDIO.sys
2010-07-28 12:19:31 ----A---- C:\WINDOWS\system32\SYNSOEMU.DLL
2010-07-28 12:19:21 ----D---- C:\Program Files\Fichiers communs\VST3
2010-07-28 12:16:18 ----D---- C:\Documents and Settings\All Users\Application Data\VST3 Presets
2010-07-28 12:08:28 ----D---- C:\Program Files\Fichiers communs\Steinberg
2010-07-28 12:08:27 ----D---- C:\Documents and Settings\All Users\Application Data\Steinberg
2010-07-28 12:06:53 ----D---- C:\Program Files\Steinberg
2010-07-23 21:31:30 ----D---- C:\Program Files\Betclic Poker.fr

======List of files/folders modified in the last 1 months======

2010-08-19 20:47:01 ----RD---- C:\Program Files
2010-08-19 20:42:52 ----D---- C:\WINDOWS\Temp
2010-08-19 20:35:26 ----D---- C:\WINDOWS\system32\drivers
2010-08-19 20:24:27 ----D---- C:\WINDOWS
2010-08-19 20:21:34 ----D---- C:\Documents and Settings
2010-08-19 20:18:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-19 20:17:29 ----SHD---- C:\System Volume Information
2010-08-19 20:17:29 ----D---- C:\WINDOWS\system32\Restore
2010-08-19 20:16:34 ----D---- C:\Program Files\DNA
2010-08-19 20:09:58 ----D---- C:\WINDOWS\Prefetch
2010-08-19 20:09:02 ----D---- C:\WINDOWS\system32
2010-08-19 19:57:34 ----HD---- C:\$AVG8.VAULT$
2010-08-19 11:27:41 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-08-19 11:24:36 ----D---- C:\WINDOWS\system32\Lang
2010-08-19 00:12:49 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-18 12:00:33 ----D---- C:\Program Files\uTorrent
2010-08-17 15:04:47 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2010-08-16 13:35:25 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-16 13:35:22 ----RSD---- C:\WINDOWS\assembly
2010-08-16 03:11:25 ----A---- C:\WINDOWS\imsins.BAK
2010-08-16 03:11:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-16 03:11:24 ----HD---- C:\WINDOWS\inf
2010-08-16 03:11:20 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-16 03:11:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-16 03:10:20 ----SHD---- C:\WINDOWS\Installer
2010-08-16 03:10:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-16 03:09:41 ----D---- C:\WINDOWS\WinSxS
2010-08-16 03:05:36 ----D---- C:\Program Files\Internet Explorer
2010-08-16 03:05:25 ----D---- C:\WINDOWS\ie8updates
2010-08-16 03:01:07 ----D---- C:\Program Files\Movie Maker
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-28 12:19:21 ----D---- C:\Program Files\Fichiers communs
2010-07-27 19:31:06 ----D---- C:\Documents and Settings\All Users\Application Data\X10 Settings
2010-07-27 08:30:01 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-26 18:30:59 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2010-07-25 13:58:00 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Contrôleur hôte compatible IEE 1394 VIA OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 tcrwdhyw;tcrwdhyw; C:\WINDOWS\system32\drivers\tcrwdhyw.sys [2008-04-14 23424]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-15 108552]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver; C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2005-08-04 69248]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12288]
R3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-07-14 241536]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S0 rseb;rseb; C:\WINDOWS\system32\drivers\rseb.sys []
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-25 691696]
S1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2010-07-14 3333808]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-15 335240]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-15 27784]
S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-13 19915]
S3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-17 826112]
S3 AgereSoftModem;Creatix V.92 Data Fax Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-06-30 1094848]
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ControlTransferDriver;AudioBox USB Control Transfer; C:\WINDOWS\System32\Drivers\PreSonusUsb_xfer.sys [2008-02-18 28576]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-19 3856896]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-23 3524640]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2009-04-30 495768]
S3 preSonusUsb;PreSonusUsb; C:\WINDOWS\System32\Drivers\preSonusUsb.sys [2008-02-18 49280]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2010-07-14 316888]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-11-15 908056]
S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-11-15 297752]
S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-10-19 61440]
S2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-23 131139]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-23 75064]
S2 PowerSave;PowerSave Service; C:\Program Files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [2009-04-06 1002016]
S2 rmpizafo;RT2500 USB Wireless LAN Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

2) Info :

info.txt logfile of random's system information tool 1.08 2010-08-19 20:47:25

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{028EC2AF-F501-4567-9CEA-140030DE8544}\setup.exe" -l0x40c -u
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2580F4DA-324F-4945-B16F-B2B867325085}\setup.exe" -l0x40c -u
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9.3.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{B5C3B892-0849-476C-9F46-B12F84819D57}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Betclic Poker.fr (Remove Only)-->C:\Program Files\Betclic Poker.fr\cstart.exe /uninstall
Bonjour-->MsiExec.exe /X{76BC2442-0002-47FA-9617-43BAD82BEF4C}
Call of Duty Modern Warfare 2-->"C:\Program Files\Call of Duty Modern Warfare 2\unins000.exe"
C-Media USB2.0 Card Reader-->C:\WINDOWS\CmiUCRUninstall.exe C:\Program Files\C-Media USB2.0 Card Reader
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Creatix V.92 Data Fax Modem-->agrsmdel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
Epson Easy Photo Print 2-->C:\Program Files\InstallShield Installation Information\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}\SETUP.EXE -runfromtemp -l0x040c UNINST -removeonly
Epson Event Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\SETUP.EXE" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Epson Stylus SX110_TX110 Manuel-->C:\Program Files\EPSON\TPMANUAL\ESSX110_TX110\FRA\USE_G\DOCUNINS.EXE
EPSON SX110 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSFBE.EXE /R /APD /P:"EPSON SX110 Series"
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
GameCenter 1.3.0.5-->"C:\Program Files\Cyanide\GameCenter\unins000.exe"
GameCenter-->C:\Program Files\Cyanide\GameCenter\uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iPhoneBrowser-->MsiExec.exe /I{495B6040-801F-474C-ADB8-309F132CF5F9}
iTunes-->MsiExec.exe /I{996A2FAA-7514-4628-9D12-A8FC34A0016E}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Logitech Webcam Software-->MsiExec.exe /I{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medion Info Display-->C:\WINDOWS\UnInst32.exe VFDUtil.uni
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Essentials-->MsiExec.exe /I{C1E544E5-EF3C-4103-A57B-3A499FD91036}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Packard Bell Software Suite-->C:\Program Files\Packard Bell\Software Suite\Uninstall.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PreSonus 1.0.9.0 Driver-->"C:\Program Files\AudioBox USB\unins000.exe"
Pro Cycling Manager - Saison 2010 version 1.0.1.8-->"C:\Program Files\Cyanide\Pro Cycling Manager - Saison 2010\unins000.exe"
Pro Cycling Manager - Season 2009 1.0.0.0-->"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\unins000.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x40c REMOVE
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Recuva-->"C:\Program Files\Recuva\uninst.exe"
RT2500 USB Wireless LAN Card-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}\setup.exe" -l0x40c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SoulSeek 157 NS 13e-->"C:\Program Files\SoulseekNS\uninstall.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Steinberg Cubase 5-->MsiExec.exe /I{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}
Steinberg Drum Loop Expansion 01-->MsiExec.exe /I{490BF87E-1F75-4453-BF55-9F540543A3CA}
Steinberg Groove Agent ONE Content-->MsiExec.exe /I{BD86F1AC-B594-46E4-85DC-1258AC9E2232}
Steinberg HALionOne Additional Content Set 01-->MsiExec.exe /I{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}
Steinberg HALionOne Expression Set-->MsiExec.exe /I{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}
Steinberg HALionOne GM Drum Set-->MsiExec.exe /I{AC997F93-0757-4ED4-A701-F40C2D654D09}
Steinberg HALionOne GM Set-->MsiExec.exe /I{F057965A-D974-4C64-ADB1-4381CD4B8956}
Steinberg HALionOne Pro Set-->MsiExec.exe /I{D82CDA0D-C182-42C8-8FF2-5649C98D6003}
Steinberg HALionOne Studio Drum Set-->MsiExec.exe /I{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}
Steinberg HALionOne Studio Set-->MsiExec.exe /I{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}
Steinberg HALionOne-->MsiExec.exe /I{E70E7159-93B1-470D-9FBD-D8E9EF34B538}
Steinberg LoopMash Content-->MsiExec.exe /I{4D454CF8-12FD-464D-B57B-B46FE27B78BB}
Steinberg REVerence Content 01-->MsiExec.exe /I{532B917B-8235-4FA5-BE36-643A8BB053A5}
Street-Ads Browser Enhancer-->"C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
USB Wireless Keyboard Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B338EA45-9F18-4FE4-A079-89668D1F6519}\Setup.exe" -l0x40c
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinSCP 4.2.5-->"C:\Program Files\WinSCP\unins000.exe"
X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: USER-8FAF3BEBEC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 73424
Source Name: Service Control Manager
Time Written: 20100713172928.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: USER-8FAF3BEBEC
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

Record Number: 73423
Source Name: Service Control Manager
Time Written: 20100713172928.000000+120
Event Type: Informations
User:

Computer Name: USER-8FAF3BEBEC
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 73422
Source Name: EventLog
Time Written: 20100713172911.000000+120
Event Type: Informations
User:

Computer Name: USER-8FAF3BEBEC
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 73421
Source Name: EventLog
Time Written: 20100713172911.000000+120
Event Type: Informations
User:

Computer Name: USER-8FAF3BEBEC
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.

Record Number: 73420
Source Name: EventLog
Time Written: 20100713160157.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: USER-8FAF3BEBEC
Event Code: 0
Message:
Record Number: 471
Source Name: iPod Service
Time Written: 20091228160036.000000+060
Event Type: Informations
User:

Computer Name: USER-8FAF3BEBEC
Event Code: 1
Message:
Record Number: 470
Source Name: avg8emc
Time Written: 20091228155824.000000+060
Event Type: Informations
User:

Computer Name: USER-8FAF3BEBEC
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 469
Source Name: SecurityCenter
Time Written: 20091228155821.000000+060
Event Type: Informations
User:

Computer Name: USER-8FAF3BEBEC
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 468
Source Name: LightScribeService
Time Written: 20091228155817.000000+060
Event Type: Informations
User:

Computer Name: USER-8FAF3BEBEC
Event Code: 1
Message:
Record Number: 467
Source Name: Bonjour Service
Time Written: 20091228155817.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

3) Rapport Malwarebytes' Anti-Malware :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4449

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

19/08/2010 23:02:15
mbam-log-2010-08-19 (23-02-15).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 243200
Temps écoulé: 36 minute(s), 10 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 20

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bokbarbn (Trojan.FakeAlert.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdltjems (Trojan.FakeAlert.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\proprietaire\Application Data\123ABA02929EAAF0A16772259D194AEB\newsecureapp70700.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Temp\7A7.tmp (Rootkit.Dropper) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Temp\7A8.tmp (Rootkit.Dropper) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Temp\7AA.tmp (Rootkit.Dropper) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Temp\7AD.tmp (Rootkit.Dropper) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Temp\wtpvaae.exe (Adware.BHO) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Temporary Internet Files\Content.IE5\4F2RZDS5\newsecureapp70700[2].exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Temporary Internet Files\Content.IE5\4F2RZDS5\nezgb[3].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Temporary Internet Files\Content.IE5\UGIN33N9\mqupjickr[1].htm (Adware.BHO) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Temporary Internet Files\Content.IE5\UMVKGY32\mqupjickr[3].htm (Adware.BHO) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Temporary Internet Files\Content.IE5\UMVKGY32\qhysq[1].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Temporary Internet Files\Content.IE5\UMVKGY32\qhysq[2].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\proprietaire\Modèles\memory.tmp (Spyware.Passwords) -> No action taken.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> No action taken.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Application Data\vwhwvpamr\rixabsyshdw.exe (Trojan.FakeAlert.Gen) -> No action taken.
C:\Documents and Settings\proprietaire\Local Settings\Application Data\tkcwvhneg\rqmsjvbshdw.exe (Trojan.FakeAlert.Gen) -> No action taken.

Salut,

T'as supprimé la sélection avec MBAM ?

Télécharge OTL sur ton Bureau

• Double-clique sur OTL.exe pour le lancer. (Pour Vista/7, clique-droit > Exécuter en tant qu'administrateur)
• Coche la case Tous les utilisateurs
• Sous le cadre Personnalisation, copie-colle le contenu suivant :
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  CREATERESTOREPOINT

• Clique ensuite sur Analyse puis patiente pendant qu'il effectue son scan.
• Quand l'analyse est terminée, deux fenêtres du Bloc-notes vont s'ouvrir. OTL.Txt et Extras.Txt. Ces fichiers sont sauvegardés au même endroit que OTL.
• Copie-colle le dans ta prochaine réponse.

Note : Si le rapport est trop long, héberge-le sur

http://cjoint.com

Désolé du temps de réponse, semaine de vacances oblige ..

Alors oui j'avais supprimé la sélection avec MBAM et donc voici le rapport de OTL :

1) OTL.txt

OTL logfile created on: 29/08/2010 23:26:50 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\proprietaire\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 022,00 Mb Total Physical Memory | 118,00 Mb Available Physical Memory | 12,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 48,00 Gb Free Space | 20,61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-8FAF3BEBEC
Current User Name: proprietaire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/08/29 23:25:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\proprietaire\Mes documents\Téléchargements\OTL.exe
PRC - [2010/06/29 12:59:04 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/29 12:59:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/23 22:55:40 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/11/15 13:21:45 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/11/15 13:21:45 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/11/15 13:21:44 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/11/15 13:21:34 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/11/15 13:21:20 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/10/01 14:36:00 | 003,144,736 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Software Suite\PBSoftSuite.exe
PRC - [2009/09/15 15:38:04 | 000,530,432 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Software Suite\pbDevDetect.exe
PRC - [2009/04/06 11:35:46 | 001,002,016 | ---- | M] (Packard Bell Services) -- C:\Program Files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe
PRC - [2008/09/27 01:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE
PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/19 14:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2005/08/04 20:55:24 | 000,237,568 | ---- | M] () -- C:\WINDOWS\system32\CmUCREye.exe
PRC - [2005/07/29 14:13:52 | 000,638,976 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
PRC - [2004/06/03 22:07:00 | 000,549,376 | ---- | M] () -- C:\WINDOWS\mHotkey.exe
PRC - [2003/07/21 23:28:18 | 005,577,216 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe
PRC - [2001/11/12 15:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/08/29 23:25:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\proprietaire\Mes documents\Téléchargements\OTL.exe
MOD - [2008/04/14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/14 15:56:53 | 000,316,888 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/15 13:21:34 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/11/15 13:21:20 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/04/06 11:35:46 | 001,002,016 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Program Files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe -- (PowerSave)
SRV - [2008/04/14 14:00:00 | 000,739,328 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\gaquxry.dll -- (rmpizafo)
SRV - [2006/10/19 14:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2001/11/12 15:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/07/14 15:56:53 | 003,333,808 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2009/12/25 13:24:00 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/15 13:21:45 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/15 13:21:45 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/15 13:21:43 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 23:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 14:00:00 | 000,023,424 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tcrwdhyw.sys -- (tcrwdhyw)
DRV - [2008/04/13 12:46:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 11:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2008/02/18 15:59:34 | 000,049,280 | ---- | M] (PreSonus Audio Electronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\presonusUsb.sys -- (preSonusUsb)
DRV - [2008/02/18 15:53:48 | 000,028,576 | ---- | M] (PreSonus Audio Electronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PreSonusUSB_xfer.sys -- (ControlTransferDriver)
DRV - [2005/10/17 15:52:58 | 000,826,112 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005/09/23 00:21:00 | 003,524,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/08/19 00:35:04 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/08/04 01:30:52 | 000,069,248 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR)
DRV - [2005/07/14 21:58:38 | 000,241,536 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB)
DRV - [2005/06/30 13:16:00 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/05/19 17:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.skip-search.com/?cfg=2-82-0-nZJx
IE - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 5C DC AC 85 64 CA 01 [binary data]
IE - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.skip-search.com/?cfg=2-82-0-nZJx

IE - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://google.fr/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.12s
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/12 17:04:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 12:59:12 | 000,000,000 | ---D | M]

[2009/11/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\proprietaire\Application Data\Mozilla\Extensions
[2020/11/30 21:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\proprietaire\Application Data\Mozilla\Firefox\Profiles\1fu0jcpp.default\extensions
[2010/06/12 11:16:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\proprietaire\Application Data\Mozilla\Firefox\Profiles\1fu0jcpp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 11:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\proprietaire\Application Data\Mozilla\Firefox\Profiles\1fu0jcpp.default\extensions\SkipScreen@SkipScreen
[2010/02/17 20:40:46 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\proprietaire\Application Data\Mozilla\Firefox\Profiles\1fu0jcpp.default\searchplugins\ask.uk.xml
[2010/08/27 11:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/29 12:59:06 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/06/29 12:59:06 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/06/29 12:59:06 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/06/29 12:59:06 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/06/29 12:59:06 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2008/04/14 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: () - {2090C13A-BB65-4BA6-A2EB-52CFBF52C833} - C:\WINDOWS\System32\gaquxry.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe ()
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe ()
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MedionVFD] C:\Program Files\Medion Info Display\MdionLCM.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PreSonusUSBInstallApp] C:\Program Files\AudioBox USB\InstPresonusUSBDrv.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-220523388-1606980848-1801674531-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe ()
O4 - HKU\S-1-5-21-220523388-1606980848-1801674531-1004..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-220523388-1606980848-1801674531-1004..\Run: [bokbarbn] C:\Documents and Settings\proprietaire\Local Settings\Application Data\vwhwvpamr\rixabsyshdw.exe File not found
O4 - HKU\S-1-5-21-220523388-1606980848-1801674531-1004..\Run: [EPSON SX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-220523388-1606980848-1801674531-1004..\Run: [JDK5SWFMZY] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Vxx.exe File not found
O4 - HKU\S-1-5-21-220523388-1606980848-1801674531-1004..\Run: [newsecureapp70700.exe] C:\Documents and Settings\proprietaire\Application Data\123ABA02929EAAF0A16772259D194AEB\newsecureapp70700.exe File not found
O4 - HKU\S-1-5-21-220523388-1606980848-1801674531-1004..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Software Suite\PBSoftSuite.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-220523388-1606980848-1801674531-1004..\Run: [Software Suite] C:\Program Files\Packard Bell\Software Suite\PBSoftSuite.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-220523388-1606980848-1801674531-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-220523388-1606980848-1801674531-1004..\Run: [wdltjems] C:\Documents and Settings\proprietaire\Local Settings\Application Data\tkcwvhneg\rqmsjvbshdw.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Olivia\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1606980848-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258127838578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\proprietaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\proprietaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/13 16:32:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7454347c-8e9a-11df-b7aa-0012bf5299da}\Shell - "" = AutoRun
O33 - MountPoints2\{7454347c-8e9a-11df-b7aa-0012bf5299da}\Shell\AutoRun\command - "" = I:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: rmpizafo - C:\WINDOWS\System32\gaquxry.dll ()
NetSvcs: SSHNAS - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/08/22 16:39:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/08/20 12:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/20 02:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/19 23:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\proprietaire\Application Data\Malwarebytes
[2010/08/19 20:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/08/19 20:46:55 | 000,000,000 | ---D | C] -- C:\rsit
[2010/08/19 20:35:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/19 20:35:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/19 20:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/19 20:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/19 20:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/19 20:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/19 19:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\proprietaire\Local Settings\Application Data\tkcwvhneg
[2010/08/19 19:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\proprietaire\Local Settings\Application Data\vwhwvpamr
[2010/08/19 19:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\proprietaire\Local Settings\Application Data\Windows Server
[2010/08/19 19:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\proprietaire\Application Data\123ABA02929EAAF0A16772259D194AEB
[2010/08/16 03:07:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/03 01:17:33 | 000,214,016 | ---- | C] (Internet) -- C:\Documents and Settings\proprietaire\binternet.exe
[2010/08/02 16:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/08/02 16:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\SoulseekNS
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\proprietaire\*.tmp files -> C:\Documents and Settings\proprietaire\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/08/29 23:34:28 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B105FC66-6E33-4CD1-AD19-6BE20A3C101A}.job
[2010/08/29 23:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/08/29 23:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/08/29 22:47:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/08/29 22:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/08/29 22:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/08/29 21:47:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/08/29 21:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/08/29 21:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/08/29 20:47:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/08/29 20:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/08/29 20:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/08/29 19:47:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/08/29 19:32:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/29 19:18:00 | 000,037,469 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/29 19:17:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/29 19:17:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/27 19:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/08/27 19:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/08/27 18:47:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/08/27 18:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/08/27 18:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/08/27 17:47:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/08/27 17:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/08/27 17:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/08/27 16:47:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/08/27 16:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/08/27 16:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/08/27 15:47:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/08/27 15:41:26 | 064,013,829 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/27 15:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/08/27 15:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/08/27 14:52:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/08/27 14:48:38 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6r3qC6ak3.dat
[2010/08/27 14:48:36 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\50P3he0G.exe
[2010/08/27 14:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/08/27 13:52:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/08/27 13:00:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/08/27 12:52:01 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/08/27 12:51:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EEventManager .INI
[2010/08/27 12:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/08/27 11:52:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/08/20 15:55:00 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\proprietaire\NTUSER.DAT
[2010/08/20 15:55:00 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\proprietaire\ntuser.ini
[2010/08/20 15:50:52 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\proprietaire\Application Data\winscp.rnd
[2010/08/20 15:36:09 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2010/08/19 20:35:29 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/08/19 19:08:27 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/19 19:02:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/19 00:12:49 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/17 22:25:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/16 12:51:05 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/16 03:11:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/16 03:10:10 | 001,050,372 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/16 03:10:10 | 000,500,900 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/16 03:10:10 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/16 03:10:10 | 000,080,748 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/16 03:10:10 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/03 01:25:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\proprietaire\tmp1.3
[2010/08/03 01:17:33 | 000,214,016 | ---- | M] (Internet) -- C:\Documents and Settings\proprietaire\binternet.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\proprietaire\*.tmp files -> C:\Documents and Settings\proprietaire\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/08/27 14:48:40 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/08/27 12:51:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager .INI
[2010/08/27 12:11:03 | 000,002,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\2090C13A-BB65-4BA6-A2EB-52CFBF52C833.txt
[2010/08/27 11:41:10 | 000,072,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\50P3he0G.exe
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/08/27 11:41:10 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/08/27 11:41:08 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6r3qC6ak3.dat
[2010/08/27 11:39:46 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/08/27 11:39:46 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/08/27 11:39:45 | 000,035,840 | ---- | C] () -- C:\WINDOWS\Fonts\h12Oa.com
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/08/27 11:39:45 | 000,000,334 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/08/19 23:57:32 | 000,003,048 | ---- | C] () -- C:\Documents and Settings\proprietaire\Local Settings\Application Data\2090C13A-BB65-4BA6-A2EB-52CFBF52C833.txt
[2010/08/19 23:56:39 | 000,002,630 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\2090C13A-BB65-4BA6-A2EB-52CFBF52C833.txt
[2010/08/19 20:35:29 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/08/19 19:08:25 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/03 01:25:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\proprietaire\tmp1.3
[2010/03/14 14:31:33 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\proprietaire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/18 05:41:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/02/17 18:46:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/12/31 20:27:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/12/25 13:24:00 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/23 21:18:07 | 000,138,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/12/23 03:27:36 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\proprietaire\Application Data\winscp.rnd
[2009/11/14 00:12:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/13 18:00:28 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/13 18:00:27 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/13 17:31:21 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2009/11/13 17:31:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2009/11/13 17:31:21 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2009/11/13 17:31:21 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2009/11/13 17:31:21 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2009/11/13 17:28:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/11/13 17:26:08 | 000,000,066 | ---- | C] () -- C:\WINDOWS\CMICARDREADER.INI
[2009/11/13 17:26:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll
[2009/11/13 17:22:29 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Install2500USB.dll
[2009/11/13 17:22:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll
[2009/11/13 17:13:12 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/11/13 17:13:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/11/13 17:13:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009/11/13 17:13:11 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/11/13 17:13:11 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/11/13 17:13:10 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/14 14:00:00 | 000,739,328 | ---- | C] () -- C:\WINDOWS\System32\gaquxry.dll
[2008/04/14 14:00:00 | 000,023,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\tcrwdhyw.sys
[2008/04/14 14:00:00 | 000,023,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\shvitvie.sys
[2007/06/07 08:48:34 | 000,034,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\OxUSBTIMOUT.sys

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 12:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 12:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/04/14 14:00:00 | 000,739,328 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\gaquxry.dll
[2010/06/24 14:25:22 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

< End of report >

2) Extras.txt

OTL Extras logfile created on: 29/08/2010 23:26:50 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\proprietaire\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 022,00 Mb Total Physical Memory | 118,00 Mb Available Physical Memory | 12,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 48,00 Gb Free Space | 20,61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-8FAF3BEBEC
Current User Name: proprietaire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-220523388-1606980848-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- ()
"C:\Program Files\iPhoneBrowser\iPhoneBrowser.exe" = C:\Program Files\iPhoneBrowser\iPhoneBrowser.exe:*:Enabled:iPhoneBrowser -- (Cranium Consulting and Custom Software)
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\CoD6\iw4mp.exe" = C:\Program Files\CoD6\iw4mp.exe:*:Enabled:iw4mp -- File not found
"C:\Program Files\Call of Duty Modern Warfare 2\iw4mp.exe" = C:\Program Files\Call of Duty Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp -- ()
"C:\Program Files\Call of Duty Modern Warfare 2b\iw4mp.exe" = C:\Program Files\Call of Duty Modern Warfare 2b\iw4mp.exe:*:Enabled:iw4mp -- ()
"C:\Program Files\Steam\steamapps\common\zero gear\ZeroGear.bat" = C:\Program Files\Steam\steamapps\common\zero gear\ZeroGear.bat:*:Enabled:Zero Gear Demo -- File not found
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe" = C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- (Cyanide)
"C:\Program Files\Cyanide\Pro Cycling Manager - Saison 2010\PCM.exe" = C:\Program Files\Cyanide\Pro Cycling Manager - Saison 2010\PCM.exe:*:Enabled:Pro Cycling Manager - Saison 2010 -- (Cyanide)
"C:\Program Files\Cyanide\Pro Cycling Manager - Saison 2010\Autorun\Exe\Autorun.exe" = C:\Program Files\Cyanide\Pro Cycling Manager - Saison 2010\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Saison 2010 - Autorun -- ()
"C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\0.9493581878319184.exe" = [String data over 1000 bytes]
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe" = C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2009 -- (Cyanide)
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe" = C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2009 - AutoRun -- ()
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CDF9C0F-6C77-4307-80A6-0A9D47C174D8}_is1" = Call of Duty Modern Warfare 2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{495B6040-801F-474C-ADB8-309F132CF5F9}" = iPhoneBrowser
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}" = RT2500 USB Wireless LAN Card
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B338EA45-9F18-4FE4-A079-89668D1F6519}" = USB Wireless Keyboard Driver
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E544E5-EF3C-4103-A57B-3A499FD91036}" = Nero 7 Essentials
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioBox USB_is1" = PreSonus 1.0.9.0 Driver
"AVG8Uninstall" = AVG Free 8.5
"Betclic Poker.fr" = Betclic Poker.fr (Remove Only)
"C-Media USB2.0 Card Reader" = C-Media USB2.0 Card Reader
"Creatix V.92 Data Fax Modem" = Creatix V.92 Data Fax Modem
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 Guide d'utilisation" = Epson Stylus SX110_TX110 Manuel
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"GameCenter" = GameCenter
"GameCenter_is1" = GameCenter 1.3.0.5
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MedionVFD" = Medion Info Display
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Packard Bell Software Suite" = Packard Bell Software Suite
"Picasa 3" = Picasa 3
"Pro Cycling Manager 2009_is1" = Pro Cycling Manager - Season 2009 1.0.0.0
"Pro Cycling Manager 2010_is1" = Pro Cycling Manager - Saison 2010 version 1.0.1.8
"Recuva" = Recuva
"Soulseek2" = SoulSeek 157 NS 13e
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Logiciel d'archivage WinRAR
"winscp3_is1" = WinSCP 4.2.5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"Xvid_is1" = Xvid 1.1.3 final uninstall

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-220523388-1606980848-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor
"BitTorrent DNA" = DNA
"CodeBlocks" = CodeBlocks

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 15/07/2010 07:07:00 | Computer Name = USER-8FAF3BEBEC | Source = Application Error | ID = 1000
Description = Application défaillante , version 0.0.0.0, module défaillant unknown,
version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 15/07/2010 12:14:10 | Computer Name = USER-8FAF3BEBEC | Source = Application Error | ID = 1004
Description = Application défaillante svchost.exe, version 0.0.0.0, module défaillant
unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 15/07/2010 13:28:30 | Computer Name = USER-8FAF3BEBEC | Source = Application Error | ID = 1000
Description = Application défaillante pcm.exe, version 1.0.3.3, module défaillant
pcm.exe, version 1.0.3.3, adresse de défaillance 0x0037b8f6.

Error - 16/07/2010 13:38:14 | Computer Name = USER-8FAF3BEBEC | Source = Application Error | ID = 1000
Description = Application défaillante pcm.exe, version 1.0.3.3, module défaillant
pcm.exe, version 1.0.3.3, adresse de défaillance 0x0010050f.

Error - 18/07/2010 14:24:12 | Computer Name = USER-8FAF3BEBEC | Source = Application Hang | ID = 1002
Description = Application bloquée iTunes.exe, version 9.1.0.79, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 18/07/2010 14:26:16 | Computer Name = USER-8FAF3BEBEC | Source = Bonjour Service | ID = 100
Description = 216: ERROR: read_msg errno 10054 (Une connexion existante a dû être
fermée par l'hôte distant.)

Error - 18/07/2010 14:26:16 | Computer Name = USER-8FAF3BEBEC | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (Une connexion existante a dû être
fermée par l'hôte distant.)

Error - 18/07/2010 14:26:16 | Computer Name = USER-8FAF3BEBEC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Une connexion existante a dû être
fermée par l'hôte distant.)

Error - 18/07/2010 14:26:16 | Computer Name = USER-8FAF3BEBEC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Une connexion existante a dû être
fermée par l'hôte distant.)

Error - 18/07/2010 14:26:16 | Computer Name = USER-8FAF3BEBEC | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (Une connexion existante a dû être
fermée par l'hôte distant.)

[ System Events ]
Error - 29/08/2010 14:00:00 | Computer Name = USER-8FAF3BEBEC | Source = Schedule | ID = 7901
Description = La commande At69.job n'a pas pu démarrer du fait de l'erreur suivante :
%%2147942405

Error - 29/08/2010 14:47:00 | Computer Name = USER-8FAF3BEBEC | Source = Schedule | ID = 7901
Description = La commande At21.job n'a pas pu démarrer du fait de l'erreur suivante :
%%2147942405

Error - 29/08/2010 15:00:00 | Computer Name = USER-8FAF3BEBEC | Source = Schedule | ID = 7901
Description = La commande At46.job n'a pas pu démarrer du fait de l'erreur suivante :
%%2147942405

Error - 29/08/2010 15:00:00 | Computer Name = USER-8FAF3BEBEC | Source = Schedule | ID = 7901
Description = La commande At70.job n'a pas pu démarrer du fait de l'erreur suivante :
%%2147942405

Error - 29/08/2010 15:47:00 | Computer Name = USER-8FAF3BEBEC | Source = Schedule | ID = 7901
Description = La commande At22.job n'a pas pu démarrer du fait de l'erreur suivante :
%%2147942405

Error - 29/08/2010 16:00:00 | Computer Name = USER-8FAF3BEBEC | Source = Schedule | ID = 7901
Description = La commande At47.job n'a pas pu démarrer du fait de l'erreur suivante :
%%2147942405

Error - 29/08/2010 16:00:00 | Computer Name = USER-8FAF3BEBEC | Source = Schedule | ID = 7901
Description = La commande At71.job n'a pas pu démarrer du fait de l'erreur suivante :
%%2147942405

Error - 29/08/2010 16:47:00 | Computer Name = USER-8FAF3BEBEC | Source = Schedule | ID = 7901
Description = La commande At23.job n'a pas pu démarrer du fait de l'erreur suivante :
%%2147942405

Error - 29/08/2010 17:00:00 | Computer Name = USER-8FAF3BEBEC | Source = Schedule | ID = 7901
Description = La commande At48.job n'a pas pu démarrer du fait de l'erreur suivante :
%%2147942405

Error - 29/08/2010 17:00:00 | Computer Name = USER-8FAF3BEBEC | Source = Schedule | ID = 7901
Description = La commande At72.job n'a pas pu démarrer du fait de l'erreur suivante :
%%2147942405


< End of report >

Salut,

Beh c'est bien le binz encore.

J'espère que ta semaine de vacances a été bonne et que t'en as bien profité

Télécharge ComboFix sur ton Bureau (et pas ailleurs)

• Prends connaissance de ce tutoriel : Tutoriel ComboFix Bleeping Computer
• Désactive ton antivirus
• Ferme toutes les fenêtres
• Double-clique sur ComboFix.exe (Pour Vista/7, clique-droit > Exécuter en tant qu'administrateur)
• Clique sur Oui/YES pour accepter la limitation de garantie !

--> Si ComboFix te demande d'installer la console de récupération, accepte (YES, puis OUI), c'est TRÈS IMPORTANT !

• Lance le scan (ne clique pas sur la fenêtre qui s'ouvre).
• A la fin du scan (cela peut prendre du temps), un rapport sera créé.
• Copie-colle ce rapport dans ton prochain message (C:\Combofix.txt)

Oui, merci, des vacances font toujours le plus grand bien ! :)

Voici donc le rapport de ComboFix :

ComboFix 10-08-31.02 - proprietaire 01/09/2010 17:31:06.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.557 [GMT 2:00]
Lancé depuis: c:\documents and settings\proprietaire\Mes documents\Téléchargements\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\cbss.dll
c:\documents and settings\All Users\Documents\Settings\cbss.dll
c:\documents and settings\proprietaire\Application Data\123ABA02929EAAF0A16772259D194AEB
c:\documents and settings\proprietaire\Application Data\123ABA02929EAAF0A16772259D194AEB\enemies-names.txt
c:\documents and settings\proprietaire\Application Data\123ABA02929EAAF0A16772259D194AEB\local.ini
c:\documents and settings\proprietaire\Application Data\123ABA02929EAAF0A16772259D194AEB\lsrslt.ini
c:\documents and settings\proprietaire\Application Data\EurekaLog
c:\documents and settings\proprietaire\binternet.exe
c:\documents and settings\proprietaire\Local Settings\Application Data\Windows Server
c:\documents and settings\proprietaire\Local Settings\Application Data\Windows Server\server.dat
C:\Install.exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask.exe
c:\windows\Fonts\h12Oa.com
c:\windows\system32\drivers\shvitvie.sys
c:\windows\system32\drivers\tcrwdhyw.sys
c:\windows\system32\gaquxry.dll
c:\windows\system32\scrrnfr.dll
c:\windows\system32\xxcocyp.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At17.job

[code] <pre>
c:\program files\QuickTime\qttask .exe ---^> c:\program files\QuickTime\qttask.exe
</pre> [/code]
.
Une copie infectée de c:\windows\system32\drivers\isapnp.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RMPIZAFO
-------\Legacy_SSHNAS
-------\Legacy_TCRWDHYW
-------\Service_rmpizafo
-------\Service_tcrwdhyw


((((((((((((((((((((((((((((( Fichiers créés du 2010-08-01 au 2010-09-01 ))))))))))))))))))))))))))))))))))))
.

2010-08-27 10:25 . 2010-08-27 10:25 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-27 10:00 . 2010-08-27 10:00 -------- d-----r- c:\documents and settings\LocalService\Favoris
2010-08-20 10:01 . 2010-08-27 09:44 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-08-19 21:45 . 2010-08-19 21:45 -------- d-----w- c:\documents and settings\proprietaire\Application Data\Malwarebytes
2010-08-19 18:47 . 2010-08-19 18:47 -------- d-----w- c:\program files\trend micro
2010-08-19 18:46 . 2010-08-19 18:47 -------- d-----w- C:\rsit
2010-08-19 18:36 . 2010-08-19 18:36 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2010-08-19 18:35 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-19 18:35 . 2010-08-19 18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-19 18:35 . 2010-08-19 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-19 18:35 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 18:25 . 2010-08-19 18:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2010-08-19 18:23 . 2010-08-19 18:23 17864 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-19 18:22 . 2010-08-19 18:22 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2010-08-19 17:08 . 2010-08-19 21:42 -------- d-----w- c:\documents and settings\proprietaire\Local Settings\Application Data\tkcwvhneg
2010-08-19 17:08 . 2010-08-19 21:42 -------- d-----w- c:\documents and settings\proprietaire\Local Settings\Application Data\vwhwvpamr
2010-08-16 11:20 . 2010-08-16 11:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 15:42 . 2009-12-24 15:12 -------- d-----w- c:\documents and settings\proprietaire\Application Data\uTorrent
2010-09-01 15:41 . 2009-12-23 20:55 -------- d-----w- c:\program files\DNA
2010-09-01 15:41 . 2009-12-23 20:55 -------- d-----w- c:\documents and settings\proprietaire\Application Data\DNA
2010-09-01 15:41 . 2009-11-15 13:41 -------- d-----w- c:\program files\QuickTime
2010-08-31 15:52 . 2010-02-17 14:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-31 10:00 . 2010-07-30 10:41 -------- d-----w- c:\program files\AudioBox USB
2010-08-31 10:00 . 2010-04-13 20:42 -------- d-----w- c:\program files\iTunes
2010-08-31 10:00 . 2009-11-13 15:25 -------- d-----w- c:\program files\Medion Info Display
2010-08-27 12:48 . 2010-08-27 09:41 112 ----a-w- c:\documents and settings\All Users\Application Data\6r3qC6ak3.dat
2010-08-25 14:13 . 2009-11-13 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-18 10:00 . 2009-12-24 15:13 -------- d-----w- c:\program files\uTorrent
2010-08-16 01:10 . 2008-04-14 12:00 80748 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-16 01:10 . 2008-04-14 12:00 500900 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-15 18:02 . 2010-06-27 22:30 -------- d-----w- c:\documents and settings\proprietaire\Application Data\codeblocks
2010-08-07 12:49 . 2009-11-13 16:28 1 ----a-w- c:\documents and settings\proprietaire\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-02 23:17 . 2009-12-12 12:05 2061 ----a-w- c:\documents and settings\proprietaire\errorlog.tmp
2010-08-02 14:02 . 2010-08-02 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-08-02 14:01 . 2010-08-02 14:01 -------- d-----w- c:\program files\SoulseekNS
2010-07-29 12:54 . 2010-07-29 12:54 -------- d-----w- c:\documents and settings\proprietaire\Application Data\VST3 Presets
2010-07-28 10:20 . 2010-07-28 10:06 -------- d-----w- c:\documents and settings\proprietaire\Application Data\Steinberg
2010-07-28 10:19 . 2010-07-28 10:19 -------- d-----w- c:\program files\Fichiers communs\VST3
2010-07-28 10:16 . 2010-07-28 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\VST3 Presets
2010-07-28 10:08 . 2010-07-28 10:08 -------- d-----w- c:\program files\Fichiers communs\Steinberg
2010-07-28 10:08 . 2010-07-28 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Steinberg
2010-07-28 10:07 . 2010-07-28 10:06 -------- d-----w- c:\program files\Steinberg
2010-07-27 17:31 . 2009-11-13 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\X10 Settings
2010-07-25 11:57 . 2010-07-23 19:31 -------- d-----w- c:\program files\Betclic Poker.fr
2010-07-23 18:51 . 2010-07-14 22:06 -------- d-----w- c:\documents and settings\proprietaire\Application Data\Pro Cycling Manager 2009
2010-07-19 09:26 . 2010-03-28 12:11 1 ----a-w- c:\documents and settings\Olivia\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-16 20:32 . 2009-11-13 16:00 -------- d-----w- c:\documents and settings\proprietaire\Application Data\vlc
2010-07-16 16:17 . 2010-02-17 17:13 -------- d-----w- c:\documents and settings\proprietaire\Application Data\Epson
2010-07-15 10:21 . 2010-07-14 21:34 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-14 21:40 . 2010-07-14 10:40 -------- d-----w- c:\program files\Cyanide
2010-07-14 13:56 . 2010-07-14 13:56 3333808 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2010-07-14 13:56 . 2010-07-14 13:56 316888 ----a-w- c:\windows\system32\appdrvrem01.exe
2010-07-14 13:35 . 2010-07-14 13:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-14 12:24 . 2010-07-14 19:53 153002 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1036.dat
2010-07-14 10:36 . 2010-07-13 18:46 -------- d-----w- c:\documents and settings\proprietaire\Application Data\DAEMON Tools Pro
2010-07-14 10:29 . 2010-07-13 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-07-13 16:22 . 2010-07-13 16:19 -------- d-----w- c:\program files\Widestream6
2010-07-13 16:20 . 2010-07-13 16:20 -------- d-----w- c:\documents and settings\proprietaire\Application Data\widestream
2010-07-05 12:54 . 2010-07-05 12:54 12988 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-30 12:32 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-14 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-11-13 14:30 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
[code]<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AudioBox USB\InstPresonusUSBDrv .exe
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Epson Software\Event Manager\EEventManager .exe
c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Fichiers communs\Ahead\Lib\NeroCheck .exe
c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor .exe
c:\program files\Fichiers communs\Java\Java Update\jusched .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Logitech\Logitech WebCam Software\LWS .exe
c:\program files\Medion Info Display\MdionLCM .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
</pre>[/code]

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-12-23 323392]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-08-17 327472]
"Software Suite"="c:\program files\Packard Bell\Software Suite\PBSoftSuite.exe" [2009-10-01 3144736]
"Packard Bell Software Suite"="c:\program files\Packard Bell\Software Suite\PBSoftSuite.exe" [2009-10-01 3144736]
"newsecureapp70700.exe"="c:\documents and settings\proprietaire\Application Data\123ABA02929EAAF0A16772259D194AEB\newsecureapp70700.exe" [N/A]
"bokbarbn"="c:\documents and settings\proprietaire\Local Settings\Application Data\vwhwvpamr\rixabsyshdw.exe" [N/A]
"wdltjems"="c:\documents and settings\proprietaire\Local Settings\Application Data\tkcwvhneg\rqmsjvbshdw.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"nwiz"="nwiz.exe" [2005-09-22 1519616]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568]
"CHotkey"="mHotkey.exe" [2004-06-03 549376]
"ledpointer"="CNYHKey.exe" [2003-07-21 5577216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Olivia\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Ralink Wireless Utility.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2009-11-13 638976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-15 11:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iPhoneBrowser\\iPhoneBrowser.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2b\\iw4mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Saison 2010\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Saison 2010\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2009\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2009\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [14/07/2010 15:56 3333808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/11/2009 17:24 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/11/2009 17:24 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [15/11/2009 13:21 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15/11/2009 13:21 297752]
R2 PowerSave;PowerSave Service;c:\program files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [06/04/2009 11:35 1002016]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [13/11/2009 17:13 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [13/11/2009 17:26 69248]
S0 rseb;rseb; [x]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 ControlTransferDriver;AudioBox USB Control Transfer;c:\windows\system32\drivers\PreSonusUSB_xfer.sys [30/07/2010 12:41 28576]
S3 preSonusUsb;PreSonusUsb;c:\windows\system32\drivers\presonusUsb.sys [30/07/2010 12:41 49280]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/12/2009 13:24 691696]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - TCRWDHYW
*Deregistered* - tcrwdhyw
.
Contenu du dossier 'Tâches planifiées'

2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{B105FC66-6E33-4CD1-AD19-6BE20A3C101A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.skip-search.com/?cfg=2-82-0-nZJx
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\proprietaire\Application Data\Mozilla\Firefox\Profiles\1fu0jcpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.fr/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 17:42
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(7764)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\mHotkey.exe
c:\windows\CNYHKey.exe
c:\program files\Packard Bell\Software Suite\pbDevDetect.exe
.
**************************************************************************
.
Heure de fin: 2010-09-01 17:47:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-01 15:47

Avant-CF: 51 399 741 440 octets libres
Après-CF: 52 462 067 712 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP �dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 809EFB6F69A9ED8BC79901EBAC6C9F50

Bon courage ! :)

Salut,

Désactive tes protections résidentes (Antivirus, pare-feu etc..)

• Ouvre le Bloc-notes (Vérifie que dans le menu format, le retour automatique à la ligne est décoché).
• Copie-colle ceci dedans :

  Driver::
  tcrwdhyw
  Folder::
  c:\documents and settings\proprietaire\Local Settings\Application Data\tkcwvhneg
  c:\documents and settings\proprietaire\Local Settings\Application Data\vwhwvpamr
  File::
  c:\documents and settings\All Users\Application Data\6r3qC6ak3.dat
  RenV::
  c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
  c:\program files\AudioBox USB\InstPresonusUSBDrv .exe
  c:\program files\AVG\AVG8\avgtray .exe
  c:\program files\Epson Software\Event Manager\EEventManager .exe
  c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM .exe
  c:\program files\Fichiers communs\Ahead\Lib\NeroCheck .exe
  c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor .exe
  c:\program files\Fichiers communs\Java\Java Update\jusched .exe
  c:\program files\iTunes\iTunesHelper .exe
  c:\program files\Logitech\Logitech WebCam Software\LWS .exe
  c:\program files\Medion Info Display\MdionLCM .exe
  c:\program files\Windows Live\Messenger\msnmsgr .exe
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "newsecureapp70700.exe"=-
  "bokbarbn"=-
  "wdltjems"=-
  
  

• Sauvegarde cela comme fichier texte nommé CFScript, sur le Bureau.
• Fais un glisser-déposer de ce fichier CFScript sur ComboFix.exe comme sur la capture
• Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises : c'est normal!Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, le PC va certainement redémarrer : un rapport va s'afficher, copie-colle son contenu dans ton prochain message.
• Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
  Note : Le script proposé est adapté à cet utilisateur : merci de ne pas s'en servir hors contexte !

Voici le rapport :

Rapport ComboFix :

ComboFix 10-08-31.02 - proprietaire 03/09/2010 15:51:44.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.567 [GMT 2:00]
Lancé depuis: c:\documents and settings\proprietaire\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés
c:\documents and settings\proprietaire\Bureau\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE
:: "c:\documents and settings\All Users\Application Data\6r3qC6ak3.dat"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\6r3qC6ak3.dat
c:\documents and settings\proprietaire\Local Settings\Application Data\tkcwvhneg
c:\documents and settings\proprietaire\Local Settings\Application Data\vwhwvpamr
c:\windows\system32\scrrnfr.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCRWDHYW


((((((((((((((((((((((((((((( Fichiers créés du 2010-08-03 au 2010-09-03 ))))))))))))))))))))))))))))))))))))
.

2010-08-27 10:25 . 2010-08-27 10:25 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-27 10:00 . 2010-08-27 10:00 -------- d-----r- c:\documents and settings\LocalService\Favoris
2010-08-20 10:01 . 2010-08-27 09:44 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-08-19 21:45 . 2010-08-19 21:45 -------- d-----w- c:\documents and settings\proprietaire\Application Data\Malwarebytes
2010-08-19 18:47 . 2010-08-19 18:47 -------- d-----w- c:\program files\trend micro
2010-08-19 18:46 . 2010-08-19 18:47 -------- d-----w- C:\rsit
2010-08-19 18:36 . 2010-08-19 18:36 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2010-08-19 18:35 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-19 18:35 . 2010-08-19 18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-19 18:35 . 2010-08-19 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-19 18:35 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 18:25 . 2010-08-19 18:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2010-08-19 18:23 . 2010-08-19 18:23 17864 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-19 18:22 . 2010-08-19 18:22 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2010-08-16 11:20 . 2010-08-16 11:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-03 14:01 . 2009-12-24 15:12 -------- d-----w- c:\documents and settings\proprietaire\Application Data\uTorrent
2010-09-03 14:01 . 2009-12-23 20:55 -------- d-----w- c:\program files\DNA
2010-09-03 14:01 . 2009-12-23 20:55 -------- d-----w- c:\documents and settings\proprietaire\Application Data\DNA
2010-09-03 13:51 . 2010-04-13 20:42 -------- d-----w- c:\program files\iTunes
2010-09-03 13:51 . 2009-11-13 15:25 -------- d-----w- c:\program files\Medion Info Display
2010-09-03 13:51 . 2010-07-30 10:41 -------- d-----w- c:\program files\AudioBox USB
2010-09-03 13:22 . 2009-12-24 15:13 -------- d-----w- c:\program files\uTorrent
2010-09-01 20:07 . 2010-02-17 14:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-01 15:41 . 2009-11-15 13:41 -------- d-----w- c:\program files\QuickTime
2010-08-25 14:13 . 2009-11-13 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-16 01:10 . 2008-04-14 12:00 80748 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-16 01:10 . 2008-04-14 12:00 500900 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-15 18:02 . 2010-06-27 22:30 -------- d-----w- c:\documents and settings\proprietaire\Application Data\codeblocks
2010-08-07 12:49 . 2009-11-13 16:28 1 ----a-w- c:\documents and settings\proprietaire\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-02 23:17 . 2009-12-12 12:05 2061 ----a-w- c:\documents and settings\proprietaire\errorlog.tmp
2010-08-02 14:02 . 2010-08-02 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-08-02 14:01 . 2010-08-02 14:01 -------- d-----w- c:\program files\SoulseekNS
2010-07-29 12:54 . 2010-07-29 12:54 -------- d-----w- c:\documents and settings\proprietaire\Application Data\VST3 Presets
2010-07-28 10:20 . 2010-07-28 10:06 -------- d-----w- c:\documents and settings\proprietaire\Application Data\Steinberg
2010-07-28 10:19 . 2010-07-28 10:19 -------- d-----w- c:\program files\Fichiers communs\VST3
2010-07-28 10:16 . 2010-07-28 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\VST3 Presets
2010-07-28 10:08 . 2010-07-28 10:08 -------- d-----w- c:\program files\Fichiers communs\Steinberg
2010-07-28 10:08 . 2010-07-28 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Steinberg
2010-07-28 10:07 . 2010-07-28 10:06 -------- d-----w- c:\program files\Steinberg
2010-07-27 17:31 . 2009-11-13 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\X10 Settings
2010-07-25 11:57 . 2010-07-23 19:31 -------- d-----w- c:\program files\Betclic Poker.fr
2010-07-23 18:51 . 2010-07-14 22:06 -------- d-----w- c:\documents and settings\proprietaire\Application Data\Pro Cycling Manager 2009
2010-07-19 09:26 . 2010-03-28 12:11 1 ----a-w- c:\documents and settings\Olivia\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-16 20:32 . 2009-11-13 16:00 -------- d-----w- c:\documents and settings\proprietaire\Application Data\vlc
2010-07-16 16:17 . 2010-02-17 17:13 -------- d-----w- c:\documents and settings\proprietaire\Application Data\Epson
2010-07-15 10:21 . 2010-07-14 21:34 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-14 21:40 . 2010-07-14 10:40 -------- d-----w- c:\program files\Cyanide
2010-07-14 13:56 . 2010-07-14 13:56 3333808 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2010-07-14 13:56 . 2010-07-14 13:56 316888 ----a-w- c:\windows\system32\appdrvrem01.exe
2010-07-14 13:35 . 2010-07-14 13:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-14 12:24 . 2010-07-14 19:53 153002 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1036.dat
2010-07-14 10:36 . 2010-07-13 18:46 -------- d-----w- c:\documents and settings\proprietaire\Application Data\DAEMON Tools Pro
2010-07-14 10:29 . 2010-07-13 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-07-13 16:22 . 2010-07-13 16:19 -------- d-----w- c:\program files\Widestream6
2010-07-13 16:20 . 2010-07-13 16:20 -------- d-----w- c:\documents and settings\proprietaire\Application Data\widestream
2010-07-05 12:54 . 2010-07-05 12:54 12988 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-30 12:32 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-14 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-11-13 14:30 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-09-01_15.41.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-03 13:59 . 2010-09-03 13:59 16384 c:\windows\Temp\Perflib_Perfdata_6dc.dat
+ 2010-09-03 13:59 . 2009-10-07 00:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2010-09-01 15:41 . 2009-10-07 00:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-12-23 323392]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-03 328568]
"Software Suite"="c:\program files\Packard Bell\Software Suite\PBSoftSuite.exe" [2009-10-01 3144736]
"Packard Bell Software Suite"="c:\program files\Packard Bell\Software Suite\PBSoftSuite.exe" [2009-10-01 3144736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"nwiz"="nwiz.exe" [2005-09-22 1519616]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568]
"CHotkey"="mHotkey.exe" [2004-06-03 549376]
"ledpointer"="CNYHKey.exe" [2003-07-21 5577216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Olivia\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Ralink Wireless Utility.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2009-11-13 638976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-15 11:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iPhoneBrowser\\iPhoneBrowser.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2b\\iw4mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Saison 2010\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Saison 2010\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2009\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2009\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [14/07/2010 15:56 3333808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/11/2009 17:24 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/11/2009 17:24 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [15/11/2009 13:21 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15/11/2009 13:21 297752]
R2 PowerSave;PowerSave Service;c:\program files\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe [06/04/2009 11:35 1002016]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [13/11/2009 17:13 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [13/11/2009 17:26 69248]
S0 rseb;rseb; [x]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 ControlTransferDriver;AudioBox USB Control Transfer;c:\windows\system32\drivers\PreSonusUSB_xfer.sys [30/07/2010 12:41 28576]
S3 preSonusUsb;PreSonusUsb;c:\windows\system32\drivers\presonusUsb.sys [30/07/2010 12:41 49280]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/12/2009 13:24 691696]
.
Contenu du dossier 'Tâches planifiées'

2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-03 c:\windows\Tasks\User_Feed_Synchronization-{B105FC66-6E33-4CD1-AD19-6BE20A3C101A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.skip-search.com/?cfg=2-82-0-nZJx
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\proprietaire\Application Data\Mozilla\Firefox\Profiles\1fu0jcpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.fr/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 16:01
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(4496)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\mHotkey.exe
c:\windows\CNYHKey.exe
c:\program files\Packard Bell\Software Suite\pbDevDetect.exe
.
**************************************************************************
.
Heure de fin: 2010-09-03 16:05:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-03 14:05
ComboFix2.txt 2010-09-01 15:47

Avant-CF: 52 046 995 456 octets libres
Après-CF: 52 039 913 472 octets libres

- - End Of File - - FDE48974E03D424EFEB51AB12C14D7B5

Merci !