Virus, bagle probablement

bah j'ai redémarrer en sans échec, j'ai lancé la suppression, ça a redémarrer, je suis passer par le sans échec ça a rien fait, j'ai refait la manip en ne touchant à rien, il m'a fait le même message

ne trouve pas C:\Program

ça bug ça me met "Exception Processing Message c0000013 Paramaters 75afbf7c 75afbf7c 75afbf7c

après de multiples essais, j'ai obtenu un résultat finalement avec findykill...



----------------- FindyKill V4.710 ------------------

* User : Pavel - BENJAMIN
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 23:57:37 le 28/12/2008
* Windows XP - Internet Explorer 6.0.2900.5512

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:

Found ! [28/12/2008 23:26] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-1AEB34A1.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\Prefetch\SAFEBOOTKEYREPAIR.EXE-0475C234.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Pavel\Application Data

Found ! [28/12/2008 22:45] - "C:\Documents and Settings\Pavel\Application Data\drivers"
Found ! [28/12/2008 22:45] - "C:\Documents and Settings\Pavel\Application Data\drivers\downld"
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\136609.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25782906.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25783203.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25785812.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25795468.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25796359.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25796656.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25804531.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25805078.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25805328.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25835812.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25836734.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25836750.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25847890.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25848437.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25848453.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25866984.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25867984.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25868390.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25869000.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25869562.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25869953.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25886609.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25887140.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25890343.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25904312.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25908578.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25909625.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\25909953.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\60437.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\61156.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\652046.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\652375.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\661015.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\662109.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\662468.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\670328.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\670828.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\671093.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\69312.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\700078.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\701031.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\70296.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\714015.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\715031.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\736609.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\738296.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\738843.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\739765.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\740703.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\741296.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\771312.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\772593.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\773453.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\800437.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\807250.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\818109.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\818640.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\82125.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\83000.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\83375.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\84015.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\85156.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\85468.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\894890.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\91234.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\91656.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\91937.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\932453.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\93296.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\933171.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\933296.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\93859.exe
Found ! [28/12/2008 22:45] - C:\Documents and Settings\Pavel\Application Data\drivers\downld\94171.exe

»»»» Presence des fichiers dans C:\DOCUME~1\Pavel\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5

Found ! [08/07/2008 21:19] - C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\1C8B6485BB1B8BFBCDA9000B5CD85AFA_Skins%5cAvatars%5c98000000.jpg
Found ! [24/06/2008 21:13] - C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\FE61E6486338E8155C9A2A84DCD79584_Skins%5cAny%5cAdvertisement%5cTMXDown.jpg
Found ! [24/06/2008 21:13] - C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\FE61E6486338E8155C9A2A84DCD79584_Skins%5cAny%5cAdvertisement%5cTMXDown.jpg.loc
Found ! [21/11/2008 21:52] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\2N4FM1O7\04ab645882dcedc9a740698e9f82de75fc6a1760[1].jpg
Found ! [24/11/2008 18:51] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\2N4FM1O7\0d9bdb64220ec16797ca3a6f54aa863b61dd75fa_medium[1].jpg
Found ! [21/11/2008 21:44] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\2N4FM1O7\b1652a4b6451e4c914ad51011f2b98dd023863b8[1].jpg
Found ! [18/12/2008 18:18] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\2N4FM1O7\b64_1[1].jpg
Found ! [09/11/2008 15:03] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\2N4FM1O7\d285bb644859be4c1cd0921f6a9836352120deb4[1].jpg
Found ! [03/12/2008 19:08] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\2N4FM1O7\ea63e918b71918b6462f8837118b81b9ab26f0df_medium[1].jpg
Found ! [09/11/2008 15:03] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\416P6JKX\d285bb644859be4c1cd0921f6a9836352120deb4_medium[1].jpg
Found ! [18/12/2008 11:17] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\4HAJ012F\b64_3[1].jpg
Found ! [01/12/2008 18:14] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\4PA3YR2T\535d0faf721d43265b64cd4081860be38e8c7444_medium[1].jpg
Found ! [01/12/2008 18:14] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\4PA3YR2T\6ea73b6471f90affd4e8836dfac8cc889e9850b4_medium[1].jpg
Found ! [26/10/2008 10:48] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\4PA3YR2T\81d78be6dd3f86163b3cc2710502beb641b033eb_medium[1].jpg
Found ! [26/11/2008 15:37] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\4PA3YR2T\b056e6a9c0e2ab64379b6f95ba3dfba3eed0a3c5_medium[1].jpg
Found ! [18/12/2008 18:30] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\4PA3YR2T\b64_3[1].jpg
Found ! [13/12/2008 17:03] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\4PA3YR2T\cbc09d8ad671a3174ce7b646aa7aa7c6581234ad[1].jpg
Found ! [30/10/2008 13:24] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\4PA3YR2T\fa313593904117ef086a571b50b64a21debc22f0_medium[1].jpg
Found ! [18/12/2008 11:18] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\BM5H2U4S\b64[1].jpg
Found ! [18/12/2008 11:21] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\C9AN4HEV\b64_2[1].jpg
Found ! [18/12/2008 18:27] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\C9AN4HEV\b64_3[1].jpg
Found ! [21/11/2008 21:52] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\EDMZ8L2B\04ab645882dcedc9a740698e9f82de75fc6a1760_medium[1].jpg
Found ! [01/12/2008 18:14] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\EDMZ8L2B\535d0faf721d43265b64cd4081860be38e8c7444[1].jpg
Found ! [01/12/2008 18:14] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\EDMZ8L2B\6ea73b6471f90affd4e8836dfac8cc889e9850b4[1].jpg
Found ! [26/10/2008 10:48] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\EDMZ8L2B\81d78be6dd3f86163b3cc2710502beb641b033eb[1].jpg
Found ! [26/11/2008 15:37] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\EDMZ8L2B\b056e6a9c0e2ab64379b6f95ba3dfba3eed0a3c5[1].jpg
Found ! [21/11/2008 21:44] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\EDMZ8L2B\b1652a4b6451e4c914ad51011f2b98dd023863b8_medium[1].jpg
Found ! [18/12/2008 18:31] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\EDMZ8L2B\b64[1].jpg
Found ! [30/10/2008 13:24] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\EDMZ8L2B\fa313593904117ef086a571b50b64a21debc22f0[1].jpg
Found ! [18/12/2008 18:17] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\I0CVA5AL\mxd[1].jpg
Found ! [18/12/2008 18:17] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\JJ7KJBNE\b64[1].jpg
Found ! [18/12/2008 18:16] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\JJ7KJBNE\b64_3[1].jpg
Found ! [18/12/2008 11:20] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\ST07E9MH\b64_1[1].jpg
Found ! [24/11/2008 18:51] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\YN0F4HE5\0d9bdb64220ec16797ca3a6f54aa863b61dd75fa[1].jpg
Found ! [13/12/2008 18:56] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\YN0F4HE5\2abef5720b639a9f1b4f689109ab64ffa0ebe18f_medium[1].jpg
Found ! [13/12/2008 17:03] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\YN0F4HE5\cbc09d8ad671a3174ce7b646aa7aa7c6581234ad_medium[1].jpg
Found ! [03/12/2008 19:08] - C:\Documents and Settings\Pavel\Local Settings\Temporary Internet Files\Content.IE5\YN0F4HE5\ea63e918b71918b6462f8837118b81b9ab26f0df[1].jpg
Found ! [09/09/2008 13:59] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\animal\normal__19b4750767c10286da230ea3bb6452e0_16.jpg
Found ! [16/03/2008 16:49] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\animal\Nueva carpeta (2)\normal__30f8a15d819e1207b646ad98e4146a76_pag.jpg
Found ! [12/08/2008 14:53] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\animal\Nueva carpeta (2)\normal__8775cfb649922fcf11764963b3501235_pag.jpg
Found ! [02/10/2007 14:02] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\bd\incest\mom\normal__31a70358accd9a8a7683810420b64d58_pag.jpg
Found ! [20/12/2007 15:55] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\bd\incest\mom\normal__a23b661bb4e83058b6bcab64098f14a3_06.jpg
Found ! [11/11/2007 01:29] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\bd\incest\sis\normal__4655d2bbb6d0f1960b64cdd6468dbae5_.jpg
Found ! [30/10/2007 02:22] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\bd\incest\sis\normal__539d29398b43b64300534c27edf5d252_c-174.jpg
Found ! [21/10/2008 13:48] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\bd\incest\sis\normal__a00062b64ac4fd3e53fa43caad929ed2_rin_0806_0.jpg
Found ! [06/11/2007 14:07] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\bd\incest\sis\normal__b643cd778b4e0df7693981992feb261d_dainiji_08.jpg
Found ! [05/08/2008 00:27] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\bd\incest\sis\normal__b64e4a16a575fc18daf44ccb589ad968_little-pie.jpg
Found ! [03/11/2008 00:29] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\bd\incest\sis\normal__c7b644761bc57e02876200d58458c416_sweet-sist.jpg
Found ! [16/05/2008 12:10] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\cartoon\hp\normal__31ace397b64b3478dedbaaa6a2d0579c_fiercely_h.jpg
Found ! [20/08/2008 02:27] - C:\Documents and Settings\Pavel\WINDOWS\system\jeux\hentai\cartoon\pkmn\normal__ab14cd9e70b64057bae81d407a0a218d_15.jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SoundMan=SOUNDMAN.EXE
\\PAPA\EPSON Stylus Photo RX420 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P38 "\\PAPA\EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
Reminder=%WINDIR%\Creator\Remind_XP.exe
MSKDetectorExe=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
PowerStrip=c:\program files\powerstrip\pstrip.exe
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\PAPA=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_generator]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\MMDiag]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\VeohClient]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-2797797460-190285534-1131222945-1006\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_USERS\S-1-5-21-2797797460-190285534-1131222945-1006\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2797797460-190285534-1131222945-1006\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-2797797460-190285534-1131222945-1006\Software\MuleAppData
Found ! - HKEY_USERS\S-1-5-21-2797797460-190285534-1131222945-1006\Software\Ubisoft
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

/!\ wscsvc - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM


+- Contenu de l'autorun : D:\autorun.inf

[AUTORUN]
SHELLEXECUTE=Info.exe folder.htt 480 480


+- Contenu de l'autorun : E:\autorun.inf

[autorun]
OPEN=LGInstaller.exe
ICON=LG.ico


+- presence des fichiers :

Found ! [13/09/2004 12:15][---hs----] - D:\autorun.inf
Found ! [10/09/2002 15:54][---hs----] - D:\info.exe
Found ! [21/05/2008 12:45][-r-------] - E:\autorun.inf


--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------

mon disque amovible est un téléphone portable sur lequel j'ai essayé de mettre un jeu mais qui a besoin d'un programme en marche pour être reconnu... je le met quand même?

je remets le rapport au bon endroit :

j'avais prévu le coup pour celui là, j'en ai fait avant. voila :


Thu Dec 18 21:05:19 2008
EliBagle v12.06 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 15 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Dec 18 21:06:03 2008
EliBagle v12.06 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 15 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 10490
Nº Total de Ficheros: 146429
Nº de Ficheros Analizados: 13166
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Dec 18 22:27:14 2008
EliBagle v12.06 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 15 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Reinicie para Completar la Limpieza.

Fri Dec 19 23:29:38 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\PAVEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\PAVEL\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Reinicie para Completar la Limpieza.

Fri Dec 19 23:29:53 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 10495
Nº Total de Ficheros: 141013
Nº de Ficheros Analizados: 13179
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Dec 28 20:50:06 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\PAVEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Dec 28 20:50:46 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 315
Nº Total de Ficheros: 1338
Nº de Ficheros Analizados: 174
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Sun Dec 28 20:51:09 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3088
Nº Total de Ficheros: 24575
Nº de Ficheros Analizados: 315
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Sun Dec 28 22:20:08 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\PAVEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\PAVEL\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Reinicie para Completar la Limpieza.

Sun Dec 28 22:20:34 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\PAVEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Dec 28 22:20:41 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\PAVEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Dec 28 22:20:43 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 315
Nº Total de Ficheros: 861
Nº de Ficheros Analizados: 85
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Sun Dec 28 22:41:43 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\PAVEL\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Sun Dec 28 22:45:16 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\PAVEL\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle.dldr

Sun Dec 28 22:45:22 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\Documents and Settings\Pavel\Application Data\drivers\SROSA.SYS --> Eliminado Bagle(rootkit)
C:\Documents and Settings\Pavel\Application Data\drivers\downld\115781.EXE --> Eliminado Bagle.dldr
C:\Documents and Settings\Pavel\Application Data\drivers\downld\25787093.EXE --> Eliminado Bagle
C:\Documents and Settings\Pavel\Application Data\drivers\downld\25818718.EXE --> Eliminado Bagle.dldr
C:\Documents and Settings\Pavel\Application Data\drivers\downld\655234.EXE --> Eliminado Bagle
C:\Documents and Settings\Pavel\Application Data\drivers\downld\685437.EXE --> Eliminado Bagle.dldr
C:\Documents and Settings\Pavel\Application Data\drivers\downld\74562.EXE --> Eliminado Bagle
C:\Documents and Settings\Pavel\Application Data\drivers\downld\76156.EXE --> Eliminado Bagle

Nº Total de Directorios: 10480
Nº Total de Ficheros: 141234
Nº de Ficheros Analizados: 13111
Nº de Ficheros Infectados: 8
Nº de Ficheros Limpiados: 8

Sun Dec 28 23:10:34 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%AppData%\M"

Sun Dec 28 23:10:36 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 25
Nº Total de Ficheros: 225
Nº de Ficheros Analizados: 6
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Sun Dec 28 23:10:42 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "D:\"

Nº Total de Directorios: 215
Nº Total de Ficheros: 1796
Nº de Ficheros Analizados: 649
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Dec 28 23:11:16 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Dec 28 23:11:18 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 10479
Nº Total de Ficheros: 141229
Nº de Ficheros Analizados: 13103
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Dec 28 23:26:06 2008
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 18 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

je l'avais déjà supprimé avant de passer findykill, j'avais gardé que le rapport

en sans échec? (au fait, merci d'essayer de m'aider ^^)

1er rapport :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Pavel at 2008-12-29 00:49:56
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 39 GB (16%) free of 235 GB
Total RAM: 1022 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:50:05, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pavel\Bureau\RSIT.exe
C:\Program Files\trend micro\Pavel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=FRN_FR&Sys=DTP&M=GT5026f
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=FRN_FR&Sys=DTP&M=GT5026f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.243.193.106 L2authd.lineage2.com
O1 - Hosts: 82.243.193.106 L2testauthd.lineage2.com
O1 - Hosts: 82.243.193.106 nProtect.lineage2.com
O1 - Hosts: 82.243.193.106 update.nProtect.com
O1 - Hosts: 82.243.193.106 update.nProtect.net
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [\\PAPA\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P38 "\\PAPA\EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - Startup: ddnupdate.lnk = ?
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB769FE0-3205-4301-841C-56143C976194}: NameServer = 192.168.2.1
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

2è rapport :

info.txt logfile of random's system information tool 1.05 2008-12-29 00:50:09

======Uninstall list======

-->MsiExec /X{27DC856A-0916-4988-8198-8714DDD3183D}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Age of Wonders II-->C:\Program Files\Jeux\Age of Wonders II\aow2Uninstall.exe
AGEIA PhysX v7.05.17-->MsiExec.exe /X{27DC856A-0916-4988-8198-8714DDD3183D}
Albatross18 (OGPlanet)-->C:\Program Files\OGPlanet\Albatross18\uninstall.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE
BitTornado 0.3.17-->C:\Documents and Settings\Pavel\Mes documents\BitTornado\uninst.exe
Caesar IV-->C:\Program Files\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Capturino 1.4-->C:\Program Files\Capturino 1.4\Uninstal.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Counter-Strike: Source-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/240
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Day of Defeat: Source-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/300
Delete Virtual-Mate Launcher-->"C:\Program Files\VMLaunch\unins000.exe"
Désinstaller DDN S1-->"C:\Program Files\Jeux\Donjon de Naheulbeuk\unins001.exe"
Digital Media Reader-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Donjon de Naheulbeuk - v2.6-->"C:\Program Files\Jeux\Donjon de Naheulbeuk\unins000.exe"
EA SPORTS·Rugby 08-->MsiExec.exe /X{18D00C9F-B259-4838-871A-C61FCFF34C59}
Easy Video Joiner 5.21-->"C:\Program Files\Easy Video Joiner\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Exterminate It!-->C:\Program Files\Exterminate It!\ExterminateIt_Uninst.exe
Fallout 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
FindyKill-->C:\Documents and Settings\Pavel\Bureau\FK\Uninstal.exe
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
GameCenter-->C:\Program Files\Cyanide\GameCenter\uninstall.exe
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameWiz32-->C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\GameWiz32\Uninstall4689.DAT
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTR 2 1.0.0.0-->"C:\GTR2\Support\unins000.exe"
gtw_logo-->C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
Half-Life 2: Deathmatch-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Lost Coast-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/340
Harry Potter et l'Ordre du Phénix™-->C:\Program Files\Jeux\Harry Potter_L'ordre du phénix\EAUninstall.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Pavel\Bureau\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Indian-->C:\WINDOWS\ST5UNST.EXE -n "c:\indian\ST5UNST.LOG"
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Ivalice Launcher Version 11-->"C:\Program Files\Jeux\World of Warcraft\unins000.exe"
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kicks_Online-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F25FB5F-65B9-4CD8-9BCF-9C03EF866566}\Setup.exe"
La Bataille pour la Terre du Milieu™ II-->C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\EAUninstall.exe
Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
L'Avènement du Roi-sorcier™-->C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\EAUninstall.exe
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LFP Manager 07-->C:\Program Files\Jeux\LFP Manager 07\EAUninstall.exe
LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
Making History 2.0-->MsiExec.exe /I{07B93C0D-7EC9-471A-BE93-05FEF9C6181D}
Medieval II Total War : Kingdoms : Americas-->C:\Program Files\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x040c -removeonly
Medieval II Total War : Kingdoms : Britannia-->C:\Program Files\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x040c -removeonly
Medieval II Total War : Kingdoms : Crusades-->C:\Program Files\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x040c -removeonly
Medieval II Total War : Kingdoms : Teutonic-->C:\Program Files\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x040c -removeonly
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x040c -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Multi Virus Cleaner 2008-->"C:\Program Files\AxBx\Multi Virus Cleaner 2008\unins000.exe"
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x40c
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetworkAddonMod Beta Version 2006.12.24 française-->C:\Documents and Settings\Pavel\Mes documents\NetworkAddonMod\uninst.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 2.4-->MsiExec.exe /I{1E0FF527-971B-4BBF-83D1-987E8DEE437D}
Outpost 2-->C:\WINDOWS\IsUn040c.exe -f"c:\program files\jeux\Outpost 2\Uninst.isu"
Power2Go 4.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerStrip 3 (remove only)-->C:\Program Files\PowerStrip\uninstal.exe
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Real Alternative 1.51-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
Some PDF Image Extractr 1.0-->"C:\Program Files\SomePDF\Some PDF Image Extractr\unins000.exe"
Star Wars JK II Jedi Outcast-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe"
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SWF Opener-->"C:\Program Files\UnH Solutions\SWF Opener\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Tortun 0.8-->"C:\Program Files\Tortun\unins000.exe"
Trojan Killer 1.4-->"C:\Program Files\Trojan Killer\unins000.exe"
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
Unreal Tournament 2003-->C:\UT2003\System\Setup.exe uninstall "UT2003"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Utilitaire de sauvegarde Windows-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtua Tennis 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B63540D-D942-4C38-B42E-A48AE0145970}\setup.exe" -l0x40c -removeonly
VirtuaGirl HD-->C:\Documents and Settings\Pavel\Menu Démarrer\Programmes\VirtuaGirl HD\uninstall.lnk
VirtualDrive Network Server-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{85A7C659-0658-4BA0-B485-04A80634FB7B} /l1036
WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
Win AVI HelixSDK-->"C:\Program Files\WinAVI Video Converter\HelixSDK\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Winfog 1.0-->"C:\Program Files\Winfog\uninstall.exe"
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
Woonoz SKY 3.12-->C:\Program Files\Woonoz\uninstall.exe
World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Wow Cartographe 1.08b-->C:\Program Files\WowCartographe\uninst.exe
Yu-Gi-Oh! Power of Chaos - KAIBA THE REVENGE-->"C:\Program Files\Jeux\Yu-Gi-Oh - KAIBA the revenge\Désinstallation\YGO\Désinstaller.exe" "/U:C:\Program Files\Jeux\Yu-Gi-Oh - KAIBA the revenge\Désinstallation\Désinstaller.xml"
Yu-Gi-Oh! Power of Chaos - YUGI THE DESTINY-->"C:\Program Files\Jeux\Yu-Gi-Oh - YUGI the destiny\Désinstallation\YGO\Désinstaller.exe" "/U:C:\Program Files\Jeux\Yu-Gi-Oh - YUGI the destiny\Désinstallation\Désinstaller.xml"

======Hosts File======

82.243.193.106 L2authd.lineage2.com
82.243.193.106 L2testauthd.lineage2.com
82.243.193.106 nProtect.lineage2.com
82.243.193.106 update.nProtect.com
82.243.193.106 update.nProtect.net

======Security center information======

AV: Avira AntiVir PersonalEdition Classic (disabled) (outdated)

System event log

Computer Name: BENJAMIN
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 61803
Source Name: Service Control Manager
Time Written: 20081123112129.000000+060
Event Type: Informations
User:

Computer Name: BENJAMIN
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 61802
Source Name: Service Control Manager
Time Written: 20081123112129.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: BENJAMIN
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

Record Number: 61801
Source Name: Service Control Manager
Time Written: 20081123112129.000000+060
Event Type: Informations
User:

Computer Name: BENJAMIN
Event Code: 17
Message: AVGNTFLT successfully loaded

Record Number: 61800
Source Name: avgntflt
Time Written: 20081123112124.000000+060
Event Type: Informations
User:

Computer Name: BENJAMIN
Event Code: 4201
Message: Le système a détecté que la carte réseau NVIDIA nForce Networking Controller était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 61799
Source Name: Tcpip
Time Written: 20081123112124.000000+060
Event Type: Informations
User:

Application event log

Computer Name: BENJAMIN
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 5
Source Name: SecurityCenter
Time Written: 20081005173900.000000+120
Event Type: Informations
User:

Computer Name: BENJAMIN
Event Code: 4096
Message: Le service AntiVir a bien démarré!

Record Number: 4
Source Name: Avira AntiVir
Time Written: 20081005173840.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: BENJAMIN
Event Code: 0
Message:
Record Number: 3
Source Name: iPod Service
Time Written: 20081005152735.000000+120
Event Type: Informations
User:

Computer Name: BENJAMIN
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 2
Source Name: SecurityCenter
Time Written: 20081005152718.000000+120
Event Type: Informations
User:

Computer Name: BENJAMIN
Event Code: 4096
Message: Le service AntiVir a bien démarré!

Record Number: 1
Source Name: Avira AntiVir
Time Written: 20081005152703.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

-----------------EOF-----------------

le voici :

ComboFix 08-12-28.01 - Pavel 2008-12-29 1:00:16.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1022.602 [GMT 1:00]
Lancé depuis: c:\documents and settings\Pavel\Bureau\C-Fix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pavel\Application Data\drivers\downld
c:\documents and settings\Pavel\Application Data\drivers\downld\136609.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25782906.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25783203.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25785812.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25795468.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25796359.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25796656.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25804531.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25805078.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25805328.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25835812.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25836734.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25836750.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25847890.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25848437.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25848453.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25866984.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25867984.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25868390.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25869000.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25869562.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25869953.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25886609.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25887140.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25890343.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25904312.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25908578.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25909625.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\25909953.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\60437.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\61156.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\652046.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\652375.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\661015.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\662109.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\662468.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\670328.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\670828.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\671093.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\69312.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\700078.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\701031.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\70296.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\714015.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\715031.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\736609.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\738296.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\738843.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\739765.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\740703.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\741296.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\771312.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\772593.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\773453.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\800437.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\807250.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\818109.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\818640.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\82125.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\83000.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\83375.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\84015.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\85156.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\85468.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\894890.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\91234.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\91656.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\91937.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\932453.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\93296.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\933171.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\933296.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\93859.exe
c:\documents and settings\Pavel\Application Data\drivers\downld\94171.exe
c:\documents and settings\Pavel\Favoris\Online Security Test.url
C:\InfoSat.txt
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\jestertb.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_SROSA
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.

2063-09-19 06:50 . 2063-09-19 06:50 5,501 --a--c--- c:\windows\system32\rtclmg32.dll
2008-12-29 00:49 . 2008-12-29 00:50 <REP> d-------- C:\rsit
2008-12-29 00:49 . 2008-12-29 00:50 <REP> d-------- c:\program files\trend micro
2008-12-19 23:19 . 2008-12-19 23:19 <REP> d-------- c:\program files\Avira
2008-12-19 23:19 . 2008-12-19 23:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-19 19:58 . 2008-12-19 19:58 <REP> d-------- c:\program files\Trojan Killer
2008-12-18 22:27 . 2008-12-18 22:28 <REP> d-------- C:\Combo-Fix
2008-12-18 18:56 . 2008-12-18 18:56 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-12-18 18:44 . 2008-12-18 18:58 <REP> d-------- c:\program files\Exterminate It!
2008-12-18 09:43 . 2008-12-29 01:00 <REP> d--h----- c:\documents and settings\Pavel\Application Data\drivers
2008-12-18 09:08 . 2008-12-18 09:08 <REP> d-------- C:\Sounds
2008-12-18 08:53 . 2008-12-18 08:53 <REP> d-------- c:\program files\LG Electronics
2008-12-18 08:53 . 2008-09-04 06:27 24,832 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2008-12-18 08:53 . 2008-09-04 06:28 19,968 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2008-12-18 08:53 . 2008-09-04 06:27 13,056 --a------ c:\windows\system32\drivers\lgusbbus.sys
2008-12-18 08:52 . 2008-12-18 13:09 <REP> d-------- c:\program files\LG PC Suite II
2008-12-18 08:52 . 2008-12-18 08:52 <REP> d-------- c:\documents and settings\Pavel\Application Data\LG Electronics
2008-12-18 08:52 . 2007-11-08 16:26 1,164,728 --a------ c:\windows\system32\NMSDVDXU.dll
2008-12-18 08:52 . 2005-03-18 16:55 630,784 --a------ c:\windows\system32\vsflex8u.ocx
2008-12-18 08:52 . 2005-09-26 22:55 419,240 --a------ c:\windows\system32\Vsflex7L.ocx
2008-11-29 17:44 . 2008-11-29 17:44 <REP> d-------- c:\documents and settings\All Users\Application Data\KONAMI
2008-11-29 17:30 . 2008-11-29 17:30 <REP> d-------- c:\program files\KONAMI
2008-11-29 11:46 . 2008-12-16 14:22 <REP> d-------- c:\documents and settings\Cédric\Application Data\OpenOffice.org2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 00:03 --------- d-----w c:\documents and settings\Pavel\Application Data\OpenOffice.org2
2008-12-28 23:39 718 ----a-w c:\documents and settings\Pavel\Application Data\wklnhst.dat
2008-12-19 19:51 --------- d-----w c:\program files\AxBx
2008-12-18 08:44 --------- d-----w c:\program files\eMule
2008-12-18 07:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 13:14 --------- d-----w c:\program files\Steam
2008-11-29 12:49 --------- d-----w c:\program files\Jeux
2008-11-26 14:29 --------- d-----w c:\program files\SomePDF
2008-11-26 14:28 --------- d-----w c:\program files\Foxit Software
2008-11-26 14:11 --------- d-----w c:\program files\Filehunter
2008-11-22 19:55 --------- d-----w c:\documents and settings\Pavel\Application Data\Zylom
2008-11-22 19:55 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2008-11-17 15:18 --------- d-----w c:\program files\WowCartographe
2008-11-16 10:52 --------- d-----w c:\program files\vghd
2008-11-15 10:10 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-14 23:32 --------- d-----w c:\program files\Utherverse Digital Inc
2008-11-12 14:18 --------- d-----w c:\program files\Easy Video Joiner
2008-11-11 08:24 --------- d-----w c:\documents and settings\Cédric\Application Data\InfraRecorder
2008-11-10 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2008-11-05 15:05 --------- d-----w c:\program files\InfraRecorder
2008-11-05 15:05 --------- d-----w c:\documents and settings\Pavel\Application Data\InfraRecorder
2008-11-05 12:42 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-05 12:40 --------- d-----w c:\program files\MSBuild
2008-11-05 12:38 --------- d-----w c:\program files\Reference Assemblies
2008-11-03 15:55 --------- d-----w c:\documents and settings\Pavel\Application Data\GetRightToGo
2008-11-03 14:58 --------- d-----w c:\program files\GameSpy Arcade
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\PAPA\EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-09-17 737408]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-12-28 266497]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 c:\windows\soundman.exe]

c:\documents and settings\C‚dric\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\Pavel\Menu D‚marrer\Programmes\D‚marrage\
ddnupdate.lnk - c:\program files\Jeux\Donjon de Naheulbeuk\Mise … jour\dist\majdemarrage.exe [2007-03-31 18944]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 15:16 171464 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a------ 2004-08-05 20:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 20:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 20:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 12:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 12:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 20:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 20:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
--a--c--- 2005-12-09 17:44 139264 c:\program files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 21:42 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2005-01-12 02:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-26 10:44 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-11-09 15:07 49263 c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-12-28 21:36 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2004-12-08 16:57 550912 c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 12:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
"Boonty Games"=3 (0x3)
"usnjsvc"=3 (0x3)
"usprserv"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"Spooler"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"PrismXL"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Pavel\\Mes documents\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\L'Avènement du Roi-sorcier\\game.dat"=
"c:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
"c:\\GTR2\\GTR2.exe"=
"c:\\UT2003\\System\\UT2003.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\drivers\\Winfog\\system.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Jeux\\Star Wars Jedi Knight II\\GameData\\jk2mp.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\neo94700\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\neo94700\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Documents and Settings\\Pavel\\Application Data\\GarageGames\\IAPlayer\\products\\7000\\install\\Zap.exe"=
"c:\\Program Files\\Jeux\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\VMLaunch\BuddyVM.sys [2004-12-03 15872]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S0 fvdscsi;fvdscsi;c:\windows\system32\DRIVERS\fvdscsi.sys []
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69c4e502-7242-11dc-9805-0015583e0f82}]
\Shell\AutoRun\command - J:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr
MSConfigStartUp-AdVantage - c:\program files\AdVantage\AdVantage.exe
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-Drv proc hole view - c:\documents and settings\All Users\Application Data\namecashdrvproc\pop sect.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EA Link\Core.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
MSConfigStartUp-MMTray - c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-thunk fork - c:\docume~1\Pavel\APPLIC~1\SLOWWI~1\ERROR ADMIN.exe
MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
MSConfigStartUp-WeatherDPA - c:\program files\Zango\bin\10.3.74.0\Weather.exe
MSConfigStartUp-WhenUSearch - c:\program files\DAEMON Tools SearchBar\Search.exe
MSConfigStartUp-ZangoSA - c:\program files\Zango\bin\10.3.74.0\ZangoSA.exe


.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=FRN_FR&Sys=DTP&M=GT5026f
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: {FB769FE0-3205-4301-841C-56143C976194} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Pavel\Application Data\Mozilla\Firefox\Profiles\lzusvtu8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jeuxvideo.com/etajvbis.htm
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Pavel\Application Data\Mozilla\Firefox\Profiles\lzusvtu8.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 01:03:33
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2008-12-29 1:09:39 - La machine a redémarré [Pavel]
ComboFix-quarantined-files.txt 2008-12-29 00:09:37

Avant-CF: 40 282 988 544 octets libres
Après-CF: 41,687,310,336 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

346 --- E O F --- 2008-12-18 10:00:52

en sans échec ou pas?

j'ai eu qu'un rapport, je suppose que c'est normal...

Logfile of random's system information tool 1.05 (written by random/random)
Run by Pavel at 2008-12-29 01:18:08
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 40 GB (17%) free of 235 GB
Total RAM: 1022 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:18:18, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Jeux\Donjon de Naheulbeuk\Mise à jour\dist\majdemarrage.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pavel\Bureau\RSIT.exe
C:\Program Files\trend micro\Pavel.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=FRN_FR&Sys=DTP&M=GT5026f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [\\PAPA\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P38 "\\PAPA\EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - Startup: ddnupdate.lnk = ?
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB769FE0-3205-4301-841C-56143C976194}: NameServer = 192.168.2.1
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

désolé pour la réponse tardive, je suis allé faire dodo entre temps.

voici le rapport malware :

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1550
Windows 5.1.2600 Service Pack 3

29/12/2008 12:06:45
mbam-log-2008-12-29 (12-06-45).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 197036
Temps écoulé: 1 hour(s), 29 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Jeux\Caesar IV\rld-c4kg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\LG Electronics\LG USB Modem Driver\InstallUSB64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{349CF386-0C18-4E06-8A29-C4D39263AFC7}\RP230\A0044530.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{349CF386-0C18-4E06-8A29-C4D39263AFC7}\RP230\A0044531.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{349CF386-0C18-4E06-8A29-C4D39263AFC7}\RP270\A0053843.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{349CF386-0C18-4E06-8A29-C4D39263AFC7}\RP270\A0053865.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{349CF386-0C18-4E06-8A29-C4D39263AFC7}\RP270\A0053897.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{349CF386-0C18-4E06-8A29-C4D39263AFC7}\RP270\A0053902.exe (Rogue.AstrumAntivirus) -> Quarantined and deleted successfully.