PC infecté par Vundo.dll

Merci Plopus pour votre soutien.

Après exécution de SuperAntiSpyware puis de ComboFix voila ci-dessous le log de combofix.

ComboFix 09-01-21.04 - saliou 2009-01-28 10:23:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.510.254 [GMT 0:00]
Lancé depuis: c:\documents and settings\saliou\Bureau\TOOLS\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\Starware370
c:\documents and settings\All Users\Application Data\Starware370\buttons\563_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\563_button_1b_over.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\572_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\572_button_1b_over.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\573_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\573_button_1b_over.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware370\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware370\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware370\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware370\contexts\related.xml
c:\documents and settings\All Users\Application Data\Starware370\contexts\travel.xml
c:\documents and settings\saliou\Application Data\[u]0/u2000000e45bba05509C.manifest
c:\documents and settings\saliou\Application Data\[u]0/u2000000e45bba05509O.manifest
c:\documents and settings\saliou\Application Data\[u]0/u2000000e45bba05509P.manifest
c:\documents and settings\saliou\Application Data\[u]0/u2000000e45bba05509S.manifest
c:\documents and settings\saliou\Local Settings\Tempsetup.exe
c:\program files\INSTALL.LOG
c:\program files\Starware370
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\Downloaded Program Files\nethv32.inf
c:\windows\GnuHashes.ini
c:\windows\IE4 Error Log.txt
c:\windows\system32\6.tmp
c:\windows\system32\agotimuf.ini
c:\windows\system32\amatonoj.ini
c:\windows\system32\asizevom.ini
c:\windows\system32\basukavu.dll.tmp
c:\windows\system32\bekehutu.dll.tmp
c:\windows\system32\bulilufu.dll
c:\windows\system32\Cache
c:\windows\system32\comrepl.exe
c:\windows\system32\emelabuh.ini
c:\windows\system32\etidogiv.ini
c:\windows\system32\evehabow.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\3.video.zip.kwd
c:\windows\system32\GroupPolicyManifest\4.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\5.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\6.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\7.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\hekonala.dll.tmp
c:\windows\system32\hufovora.dll.tmp
c:\windows\system32\idibijiv.ini
c:\windows\system32\igohezan.ini
c:\windows\system32\imitoheg.ini
c:\windows\system32\iruzegew.ini
c:\windows\system32\jiwofehu.dll
c:\windows\system32\mdm.exe
c:\windows\system32\mohasobi.dll.tmp
c:\windows\system32\mulipiza.dll.tmp
c:\windows\system32\naluwota.dll.tmp
c:\windows\system32\ohobedom.ini
c:\windows\system32\ohuladoh.ini
c:\windows\system32\ojipowav.ini
c:\windows\system32\open.ico
c:\windows\system32\ovatijeh.ini
c:\windows\system32\owahisap.ini
c:\windows\system32\ozinunen.ini
c:\windows\system32\sikizela.dll
c:\windows\system32\sirifiwi.dll.tmp
c:\windows\system32\tehayela.dll.tmp
c:\windows\system32\terobila.dll.tmp
c:\windows\system32\ufulilub.ini
c:\windows\system32\uhakulej.ini
c:\windows\system32\vinomisu.dll
c:\windows\system32\zehigipu.dll.tmp
c:\windows\system32\zetoyago.dll.tmp

----- BITS: Il y a peut-être des sites infectés -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_WINDOWS_LOG


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-28 ))))))))))))))))))))))))))))))))))))
.

2009-01-27 16:12 . 2009-01-27 16:12 33,832 --a------ c:\windows\SYSTEM32\otarchia.exe
2009-01-27 12:42 . 2009-01-27 12:42 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-27 12:41 . 2009-01-27 12:41 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-01-27 12:41 . 2009-01-27 12:41 <REP> d-------- c:\documents and settings\saliou\Application Data\SUPERAntiSpyware.com
2009-01-27 11:49 . 2009-01-27 12:46 <REP> d-------- C:\HiJackThis
2009-01-27 11:47 . 2009-01-27 11:47 318,369 --a------ C:\HiJackThis.zip
2009-01-27 10:39 . 2009-01-27 10:39 33,832 --a------ c:\windows\SYSTEM32\odftwfhy.exe
2009-01-16 14:40 . 2009-01-16 14:40 <REP> d-------- c:\documents and settings\saliou\Application Data\PC Tools
2009-01-16 14:40 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\DRIVERS\iksyssec.sys
2009-01-16 14:40 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\DRIVERS\iksysflt.sys
2009-01-16 14:40 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\DRIVERS\ikfilesec.sys
2009-01-16 14:40 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\DRIVERS\kcom.sys
2009-01-16 10:16 . 2009-01-16 10:16 33,832 --a------ c:\windows\SYSTEM32\hlddegku.exe
2009-01-16 10:11 . 2009-01-16 10:11 33,832 --a------ c:\windows\SYSTEM32\cdsufvzh.exe
2009-01-15 11:39 . 2009-01-15 11:51 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-15 11:39 . 2009-01-15 15:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-12 17:23 . 2009-01-12 17:22 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2009-01-07 13:13 . 2009-01-23 15:03 <REP> d-------- c:\program files\Fichiers communs\Symantec Shared
2009-01-07 12:04 . 2009-01-23 15:00 <REP> d-------- c:\program files\Norton Security Scan
2009-01-07 10:49 . 2009-01-07 10:49 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 10:49 . 2009-01-07 10:49 <REP> d-------- c:\documents and settings\saliou\Application Data\Malwarebytes
2009-01-07 10:49 . 2009-01-07 10:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 10:49 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-07 10:49 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-07 09:58 . 2009-01-23 10:01 <REP> d-------- c:\program files\Spyware Doctor

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 12:39 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-27 10:20 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-23 13:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-22 12:02 --------- d-----w c:\program files\Google
2009-01-22 09:16 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-20 10:25 --------- d-----w c:\documents and settings\saliou\Application Data\Skype
2009-01-14 17:22 --------- d-----w c:\documents and settings\saliou\Application Data\CoreFTP
2009-01-12 17:22 --------- d-----w c:\program files\Java
2008-12-24 15:27 --------- d-----w c:\program files\DAP
2008-12-10 09:19 --------- d-----w c:\program files\Netcraft Toolbar
2008-12-05 10:37 --------- d-----w c:\program files\Windows Desktop Search
2008-12-05 10:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 18:09 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-01 12:21 --------- d-----w c:\documents and settings\saliou\Application Data\LimeWire
2007-08-02 11:51 24,192 ----a-w c:\documents and settings\technique\usbsermptxp.sys
2007-08-02 11:51 22,768 ----a-w c:\documents and settings\technique\usbsermpt.sys
2007-02-27 17:48 57,192 ----a-w c:\documents and settings\technique\Application Data\GDIPFONTCACHEV1.DAT
2006-12-22 16:28 57,192 ----a-w c:\documents and settings\saliou\Application Data\GDIPFONTCACHEV1.DAT
2006-12-06 17:32 87,248 ----a-w c:\documents and settings\Invité\Application Data\GDIPFONTCACHEV1.DAT
2004-10-14 10:45 371 ----a-w c:\program files\install.ini
2004-09-21 15:28 6,386 ----a-w c:\program files\uninstal.log
2002-06-19 10:01 138,316 ----a-r c:\program files\readme.rtf
2002-06-07 10:04 90,188 ----a-r c:\program files\fsld32.dll
2002-06-07 10:04 86,016 ----a-r c:\program files\fsuninst.FRA
2002-06-07 10:04 81,920 ----a-r c:\program files\fsuninst.eng
2002-06-07 10:04 229,376 ----a-r c:\program files\fsuninst.exe
2002-06-07 10:04 197,632 ----a-r c:\program files\fsisu.dll
2002-06-07 10:04 118,272 ----a-r c:\program files\fsisuNT.dll
2001-01-10 11:23 162,304 ----a-w c:\program files\UNWISE.EXE
2007-08-28 18:31 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-08-14 19:29 12,511,776 --sha-w c:\windows\SYSTEM32\DRIVERS\fidbox.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2005-02-01 53248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"RoxWatchTray"="c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 221184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 c:\windows\SYSTEM32\P0620Pin.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.NSGSM"= NSGSM32.ACM
"MSACM.NSTSP"= NSTSP32.ACM
"MSACM.sx5363s"= sx5363s.acm
"SENTINEL"= snti386.dll
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe -CheckReg
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe"
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"metatoweyo"=Rundll32.exe "c:\windows\system32\feretizi.dll",s
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"e887bd01"=rundll32.exe "c:\windows\system32\diwunawo.dll",b
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"CPMebb48e9d"=Rundll32.exe "c:\windows\system32\jofamoja.dll",a

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Dell\\SolutionCenter\\DellSC.exe"=
"c:\\Program Files\\MSN Gaming Zone\\Windows\\Rvsezm.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\WINDOWS\\SYSTEM32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\CPC10D.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
R4 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 114688]
R4 AsfAlrt;AsfAlrt;c:\windows\SYSTEM32\DRIVERS\Asfalrt.sys [2002-12-18 36064]
R4 Canon NetSpot Suite Service;Canon NetSpot Suite Service;c:\program files\Canon\Vdc\AuVdc.exe [2006-05-17 57344]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 scsiscan;Pilote de scanneur SCSI;c:\windows\SYSTEM32\DRIVERS\scsiscan.sys [2006-06-23 11520]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-16 356920]
S4 BT848;Conexant BT878 Video Capture;c:\windows\SYSTEM32\DRIVERS\cxvcap.sys [2005-08-31 63232]
S4 BTXBAR;Conexant BT878 Crossbar;c:\windows\SYSTEM32\DRIVERS\cxxbar.sys [2005-08-31 9472]
S4 CXTUNER;Conexant BT878 Tuner;c:\windows\SYSTEM32\DRIVERS\cxtuner.sys [2005-08-31 30080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Raf#TOMWIN]
\Shell\AutoRun\command - I:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{092897d6-b230-11dd-8ff0-000d56cfd1cd}]
\Shell\AutoRun\command - 2u.com
\Shell\explore\Command - 2u.com
\Shell\open\Command - 2u.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{092897d7-b230-11dd-8ff0-000d56cfd1cd}]
\Shell\AutoRun\command - E:\xih9.cmd
\Shell\explore\Command - E:\xih9.cmd
\Shell\open\Command - E:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d7cde24-0b1e-11da-b165-000d56cfd1cd}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
\Shell\Ouvrir\command - E:\log.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dd2cee6-3eb8-11dc-b1ee-000d56cfd1cd}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c3877f8-ca81-11dc-8bef-000d56cfd1cd}]
\Shell\Auto\command - wscript "Sex City.jpg.wsf"
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d79267a-1bcf-11db-b198-000d56cfd1cd}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a8e2310-4a2e-11db-91f4-000d56cfd1cd}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fd4302f-2d84-11dd-88db-000d56cfd1cd}]
\Shell\AutoRun\command - E:\2u.com
\Shell\explore\Command - E:\2u.com
\Shell\open\Command - E:\2u.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a1b03aa-6219-11dd-a67c-000d56cfd1cd}]
\Shell\Auto\command - wscript "Sex City.jpg.wsf"
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64178ae0-30d6-11da-b1b4-000d56cfd1cd}]
\Shell\AutoRun\command - E:\loaderw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70008a56-39ca-11dc-b1e2-000d56cfd1cd}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70008c28-39ca-11dc-b1e2-000d56cfd1cd}]
\Shell\AutoRun\command - F:\fooool.exe
\Shell\explore\Command - F:\fooool.exe
\Shell\open\Command - F:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75bfdda8-9601-11dd-8fd5-000d56cfd1cd}]
\Shell\AutoRun\command - b0j6j16.bat
\Shell\explore\Command - b0j6j16.bat
\Shell\open\Command - b0j6j16.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aae838b-3900-11dc-b1e1-000d56cfd1cd}]
\Shell\AutoRun\command - E:\fooool.exe
\Shell\explore\Command - E:\fooool.exe
\Shell\open\Command - E:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aae873a-3900-11dc-b1e1-000d56cfd1cd}]
\Shell\AutoRun\command - E:\fooool.exe
\Shell\explore\Command - E:\fooool.exe
\Shell\open\Command - E:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aae8b4f-3900-11dc-b1e1-000d56cfd1cd}]
\Shell\AutoRun\command - E:\fooool.exe
\Shell\explore\Command - E:\fooool.exe
\Shell\open\Command - E:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aae9218-3900-11dc-b1e1-000d56cfd1cd}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fb66d85-7df2-11db-b0cd-000d56cfd1cd}]
\Shell\AutoRun\command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f3ce7a8-20cc-11dd-9472-00195bcf312f}]
\Shell\Auto\command - wscript "Sex City.jpg.wsf"
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a952820-f712-11db-b168-000d56cfd1cd}]
\Shell\Auto\command - Death.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Death.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6cd927e-e193-11da-8ae6-000d56cfd1cd}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bec9b7f8-daf9-11dc-b768-000d56cfd1cd}]
\Shell\Auto\command - wscript "Sex City.jpg.wsf"
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca26a91b-36a1-11dc-b1e0-000d56cfd1cd}]
\Shell\AutoRun\command - E:\fooool.exe
\Shell\explore\Command - E:\fooool.exe
\Shell\open\Command - E:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e388a2b9-64d9-11db-b0ac-000d56cfd1cd}]
\Shell\AutoRun\command - E:\systm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea681ae8-32ec-11dd-9c5b-000d56cfd1cd}]
\Shell\AutoRun\command - E:\t.com
\Shell\explore\Command - E:\t.com
\Shell\open\Command - E:\t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2a8d9f4-916b-11da-b236-000d56cfd1cd}]
\Shell\AutoRun\command - E:\cb.bat
\Shell\explore\Command - E:\cb.bat
\Shell\open\Command - E:\cb.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86093b2-62d0-11dd-af99-000d56cfd1cd}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a79c0c-344f-11dc-b1da-000d56cfd1cd}]
\Shell\AutoRun\command - E:\fooool.exe
\Shell\explore\Command - E:\fooool.exe
\Shell\open\Command - E:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0894d8-b91c-11dc-8bdc-000d56cfd1cd}]
\Shell\AutoRun\command - E:\iqosrtk.bat
\Shell\explore\Command - E:\iqosrtk.bat
\Shell\open\Command - E:\iqosrtk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbfe0284-350e-11dc-b1db-000d56cfd1cd}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-07 12:01]

2009-01-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-23 c:\windows\Tasks\Norton Security Scan.job
- ?:\ []

2009-01-23 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]

2009-01-28 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
BHO-{2990cfd6-a579-418a-afca-68c7d92e537d} - (no file)
BHO-{9d509736-2e31-44e1-8d35-f554aca8a5a0} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
Notify-e887bdae509 - c:\windows\System32\cryptdll32.dll


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search - ?p=ZRxdm429YYUS
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {8B65B4ED-D61C-41A1-BAF1-A2B94600B279} = 67.148.54.100,208.67.222.222
DPF: {4B6E3013-6E45-11D0-9309-0020AFE05CC8} - hxxp://www.allomaison.fr/medias/contact/cab/blaxxunCC3D.cab
DPF: {4DA561B6-E53C-4B83-964D-A46FAB09C937} - hxxp://199.125.175.115/npViaVideoFX.cab
DPF: {5CE7A7AF-8C5E-48CF-AE30-8FC6F01C27E3} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3fr.cab
DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} - hxxp://www.pakdata.com/download/PDMSInstaller.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 10:36:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1308089132-2294350198-3783410935-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%ˆ%;*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1308089132-2294350198-3783410935-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%ˆ%;*\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1308089132-2294350198-3783410935-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* %Q%×*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1308089132-2294350198-3783410935-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* %Q%×*\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,e8,dc,41,67,12,
4c,02,29,e2,63,26,f1,3f,c8,ff,68,2f,cd,2d,72,b4,0c,68,44,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,25,b5,fc,d4,b1,
9d,0b,90,6a,9c,d6,61,af,45,84,18,57,86,36,5d,56,86,1d,31,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,4b,47,31,7c,48,
d9,24,47,ff,7c,85,e0,43,d4,0e,fe,cc,a4,38,57,53,3f,1c,2c,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,d9,b4,74,e3,e9,
4e,ce,8b,86,8c,21,01,be,91,eb,e7,36,20,ec,24,2b,64,2c,0c,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,51,89,b4,a4,c0,
2f,d7,5c,f5,1d,4d,73,a8,13,5c,05,6f,67,f8,8c,08,6c,04,ff,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,ba,d3,38,8c,b1,
74,d4,70,df,20,58,62,78,6b,cf,c8,06,9a,f9,fa,3b,e1,56,b6,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,10,e8,30,1b,33,
1b,a5,a0,fb,a7,78,e6,12,2f,9a,ea,78,07,b1,fa,3f,5f,88,0a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,86,e8,ee,be,70,
5b,7d,d8,01,3a,48,fc,e8,04,4a,f1,e5,e6,07,54,ce,0d,f9,b1,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,22,00,10,37,16,
b5,68,08,f6,0f,4e,58,98,5b,89,c9,8e,3d,8a,08,9d,1e,10,64,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,63,26,a2,b0,8e,
44,f6,53,3d,ce,ea,26,2d,45,aa,78,99,66,94,70,4d,5a,9a,68,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\SYSTEM32\\VUTOFUDI.DLL"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,4c,13,1f,df,bc,
82,a3,a1,2a,b7,cc,b5,b9,7f,41,e7,7c,7c,e6,52,d0,57,0f,be,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,49,49,a7,08,76,
7d,c9,d4,6c,43,2d,1e,aa,22,2f,9c,a3,32,19,24,27,67,b1,fa,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\windows\SYSTEM32\INETSRV\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-28 10:44:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-28 10:44:05

Avant-CF: 6 438 232 064 octets libres
Après-CF: 6,460,350,464 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

525 --- E O F --- 2008-11-25 09:31:46


merci d'avance du support. Je reste à l'écoute pour de nouveaux conseils.

Salut Plopus,

voila le log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:16, on 29/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
aO8 - Extra context menu item: &Search - ?p=ZRxdm429YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4B6E3013-6E45-11D0-9309-0020AFE05CC8} (blaxxun CC3D) - http://www.allomaison.fr/medias/contact/cab/blaxxunCC3D.cab
O16 - DPF: {4DA561B6-E53C-4B83-964D-A46FAB09C937} (Polycom Control) - http://199.125.175.115/npViaVideoFX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.easports.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {5CE7A7AF-8C5E-48CF-AE30-8FC6F01C27E3} (Yahoo! Photos - Outil de publication Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) - https://www.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://www.pakdata.com/download/PDMSInstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://partnerships4cd.webex.com/client/T26L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B65B4ED-D61C-41A1-BAF1-A2B94600B279}: NameServer = 67.148.54.100,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dl.wb.sn
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dl.wb.sn
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = dl.wb.sn
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dl.wb.sn
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

le voila le log :

Rapport GenProc 2.351 [1] - 29/01/2009 - Windows XP

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo)
Ce logiciel va permettre de supprimer tous les fichiers temporaires.
Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** saliou ***


# Etape 2/

Lance Toolbar-S&D situé sur le Bureau.
Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport C:\TB.txt ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

____________________________________________________________________________________________________________

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

voila le rapport


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : saliou ( Administrator )
BOOT : Fail-safe boot
Antivirus : ZoneAlarm Security Suite Antivirus 7.0.462.000 (Activated)
Firewall : ZoneAlarm Security Suite Firewall 7.0.462.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:8 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 30/01/2009|16:41 )
C:\WINDOWS\iun6002.exe

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskPBar\bar
Supprime! - C:\Program Files\AskPBar\SrchAstt
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\Program Files\AskPBar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(technique) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\saliou\Mes documents\Incomplete\GJCHAMXNOW2E25PDPA2MP5XEVABWIRGT\.datFIFA 2006 CRACK NOCD+SERIAL+KEYGEN.rar
C:\DOCUME~1\saliou\Mes documents\Incomplete\GJCHAMXNOW2E25PDPA2MP5XEVABWIRGT\FIFA 2006 CRACK NOCD+SERIAL+KEYGEN.rar
C:\DOCUME~1\saliou\Mes documents\My Completed Downloads\AutoCAD Architecture 2008 Crack.zip
C:\DOCUME~1\saliou\Shared\kav 7.0 crack Share Accelerator.zip
C:\DOCUME~1\saliou\Shared\Winzip v8.1 with serial code\KEYGEN.EXE
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\keygen.exe
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneAlarm.Pro.7.0.keygen-SND
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneAlarm.Pro.7.0.keygen-SND\KTV2.3.0.1.zip
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneAlarm.Pro.7.0.keygen-SND\zaasSetup_70_462_000_fr.exe
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneAlarm.Pro.7.0.keygen-SND\ZoneLabs.ZoneAlarm.Security.Suite.v6.5.714.Incl.Keymaker-ZWT
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneAlarm.Pro.7.0.keygen-SND\ZoneLabs.ZoneAlarm.Security.Suite.v6.5.714.Incl.Keymaker-ZWT\file_id.diz
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneAlarm.Pro.7.0.keygen-SND\ZoneLabs.ZoneAlarm.Security.Suite.v6.5.714.Incl.Keymaker-ZWT\keygen.exe
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneAlarm.Pro.7.0.keygen-SND\ZoneLabs.ZoneAlarm.Security.Suite.v6.5.714.Incl.Keymaker-ZWT\zasuiteSetup_fr.exe
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneAlarm.Pro.7.0.keygen-SND\ZoneLabs.ZoneAlarm.Security.Suite.v6.5.714.Incl.Keymaker-ZWT\zwt.nfo
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\keygen.exe
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneAlarm.Pro.7.0.keygen-SND
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneAlarm.Pro.7.0.keygen-SND\KTV2.3.0.1.zip
C:\DOCUME~1\ALLUSE~1\Documents\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneLabs.ZoneAlarm.Internet.Security.Suite.v7.0.302.Incl.Keymaker-ZWT\ZoneAlarm.Pro.7.0.keygen-SND\zaasSetup_70_462_000_fr.exe



1 - "C:\ToolBar SD\TB_1.txt" - 30/01/2009|16:44 - Option : [2]

-----------\\ Fin du rapport a 16:44:26,81

Re

info.txt logfile of random's system information tool 1.05 2009-01-30 17:48:43

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\VDCUninst.isu" -a -y -c"C:\Program Files\Canon\VDCUninst.dll"
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADC07715-D995-45EE-8810-0F1A733D580D}\SETUP.EXE" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x40c
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Anacom-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FD8C7F7-1603-4E05-9D52-31DDAFFA99B6}\Setup.exe"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}
Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cisco SDM-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{068B65E6-8960-4FAD-B143-126D86F228EE}\setup.exe" -l0x9 -removeonly
Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative Photo Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c /remove
Creative WebCam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x40c /remove
Creative WebCam Instant Driver (1.03.02.0425)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres CtCamPin.crl
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
EasyDVDToDivX-->C:\PROGRA~1\EASYDV~1\UNWISE.EXE C:\PROGRA~1\EASYDV~1\INSTALL.LOG
Enregistrement du produit WebCam Instant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADC07715-D995-45EE-8810-0F1A733D580D}\SETUP.EXE" -l0x40c /remove
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Earth-->MsiExec.exe /I{374F03BB-9C09-4DB3-9C9B-C71E63292950}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2-->"C:\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
Installer Yahoo! Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x40c /remove
Intel (R) Pro Alerting Agent-->MsiExec.exe /I{3C50A915-DD33-4802-B83B-9EA997D3337B}
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
MSN Toolbar-->MsiExec.exe /I{10C69612-017B-45F5-B986-7D113D5A2EA3}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton Security Scan-->MsiExec.exe /I{230C4A45-2586-4161-84EF-5C0D75D5B270}
Office Animation Runtime-->MsiExec.exe /X{AEEB3643-71DE-414d-9E3F-1159177FE211}
OMCI-->MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}
OpenMG Limited Patch 4.4-06-13-19-01-->C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de publication 1v3-->C:\WINDOWS\System32\regsvr32 /u /s "C:\WINDOWS\Downloaded Program Files\YDropperFR.dll"
Pdf995-->c:\pdf995\setup.exe uninstall
PDFCreator 0.8.0-->C:\Program Files\PDFCreator\unins000.exe
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Prayer Times version 3.0-->C:\PROGRA~1\PRAYER~1.0\Uninstal.EXE C:\PROGRA~1\PRAYER~1.0\INSTALL.LOG "Prayer Times 3.0 Uninstall"
QuickTime-->MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Easy Media Creator 9 Suite-->MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}
SecurDisc Viewer-->MsiExec.exe /X{ABD1DC2F-0D20-4C44-BEB9-3EEFA0EA1036}
Sentinel System Driver-->MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
SightSpeed (remove only)-->"C:\Program Files\SightSpeed\uninst.exe"
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
V-Stream TV878 WDM Drivers-->C:\WINDOWS\c7xunist.exe
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: ZoneAlarm Security Suite Antivirus
FW: ZoneAlarm Security Suite Firewall

System event log

Computer Name: SALIOU
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
https://www.microsoft.com/fr-fr/security?rtc=1

Scan ID: {C52D25BB-7F54-4A1C-877E-0BF7CE0CF6A5}

User: SALIOU\saliou

Name: Unknown

ID:

Severity: Non encore classifié

Category: Non encore classifié

Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPMebb48e9d;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPMebb48e9d;file:c:\windows\system32\nerinofi.dll

Alert Type: Logiciel non classifié

Detection Type:

Record Number: 29460
Source Name: WinDefend
Time Written: 20090122091128.000000+000
Event Type: Avertissement
User:

Computer Name: SALIOU
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
https://www.microsoft.com/fr-fr/security?rtc=1

Scan ID: {D18ED4E3-7477-4131-A3B1-48D206F3284A}

User: SALIOU\saliou

Name: Unknown

ID:

Severity: Non encore classifié

Category: Non encore classifié

Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPMebb48e9d;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPMebb48e9d;file:c:\windows\system32\nerinofi.dll

Alert Type: Logiciel non classifié

Detection Type:

Record Number: 29459
Source Name: WinDefend
Time Written: 20090122091127.000000+000
Event Type: Avertissement
User:

Computer Name: SALIOU
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
https://www.microsoft.com/fr-fr/security?rtc=1

Scan ID: {D58C0C72-536E-47B7-82C6-0E616529A17E}

User: SALIOU\saliou

Name: Unknown

ID:

Severity: Non encore classifié

Category: Non encore classifié

Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPMebb48e9d;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPMebb48e9d;file:c:\windows\system32\nerinofi.dll

Alert Type: Logiciel non classifié

Detection Type:

Record Number: 29458
Source Name: WinDefend
Time Written: 20090122091122.000000+000
Event Type: Avertissement
User:

Computer Name: SALIOU
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
https://www.microsoft.com/fr-fr/security?rtc=1

Scan ID: {BA1EDEF0-851F-4B00-8C0A-DAB0BC8F50A4}

User: SALIOU\saliou

Name: Unknown

ID:

Severity: Non encore classifié

Category: Non encore classifié

Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPMebb48e9d;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPMebb48e9d;file:c:\windows\system32\nerinofi.dll

Alert Type: Logiciel non classifié

Detection Type:

Record Number: 29457
Source Name: WinDefend
Time Written: 20090122091122.000000+000
Event Type: Avertissement
User:

Computer Name: SALIOU
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
https://www.microsoft.com/fr-fr/security?rtc=1

Scan ID: {712C6515-2D28-49F5-8EFA-02034B11E23E}

User: SALIOU\saliou

Name: Unknown

ID:

Severity: Non encore classifié

Category: Non encore classifié

Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPMebb48e9d;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPMebb48e9d;file:c:\windows\system32\nerinofi.dll

Alert Type: Logiciel non classifié

Detection Type:

Record Number: 29456
Source Name: WinDefend
Time Written: 20090122091117.000000+000
Event Type: Avertissement
User:

Application event log

Computer Name: SALIOU
Event Code: 0
Message:
Record Number: 53489
Source Name: gusvc
Time Written: 20090112121653.000000+000
Event Type: Informations
User:

Computer Name: SALIOU
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur SALIOU\saliou alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 53488
Source Name: Userenv
Time Written: 20090107163523.000000+000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: SALIOU
Event Code: 1524
Message: Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.



Record Number: 53487
Source Name: Userenv
Time Written: 20090107163516.000000+000
Event Type: Avertissement
User: SALIOU\saliou

Computer Name: SALIOU
Event Code: 1
Message: Intrusion dans le châssis détéctée. Ceci n'indique généralement PAS une panne matérielle.
1. Contactez votre assistance utilisateur si vous n'avez pas ouvert personnellement votre châssis.
2. Entrez dans Configuration du système et définissez Intrusion dans le châssis sur 'Effacer'.

Record Number: 53486
Source Name: OMCI
Time Written: 20090107162223.000000+000
Event Type: Informations
User:

Computer Name: SALIOU
Event Code: 302
Message: msnmsgr (3228) \\.\C:\Documents and Settings\saliou\Local Settings\Application Data\Microsoft\Messenger\saliou_ndiaye@hotmail.com\SharingMetadata\Working\database_58E8_87E3_E887_BDAE\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès.

Record Number: 53485
Source Name: ESENT
Time Written: 20090107155748.000000+000
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared;C:\Program Files\Fichiers communs\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VERSION"=2.1.5
"SESSIONID"=1223206688314g1u0355c.austin.hp.com31bc1190:11cccc33fa5:29d1
"COLLECTIONID"=COL7300
"ITEMID"=oj-21919-1
"UPDATEDIR"=C:\DOCUME~1\saliou\LOCALS~1\Temp\radD9A39.tmp
"TOOLPATH"=/C:/Program%20Files/HP/HP%20Software%20Update/install.htm
"HMSERVER"=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.22.20030804
"OSVER"=winXPP
"LANG"=1036
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"RoxioCentral"=C:\Program Files\Fichiers communs\Roxio Shared\9.0\Roxio Central33\
"tvdumpflags"=8

-----------------EOF-----------------


Logfile of random's system information tool 1.05 (written by random/random)
Run by saliou at 2009-01-30 17:47:55
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 9 GB (22%) free of 38 GB
Total RAM: 510 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:37, on 30/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\saliou\Bureau\TOOLS\RSIT.exe
C:\HiJackThis\saliou.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4B6E3013-6E45-11D0-9309-0020AFE05CC8} (blaxxun CC3D) - http://www.allomaison.fr/medias/contact/cab/blaxxunCC3D.cab
O16 - DPF: {4DA561B6-E53C-4B83-964D-A46FAB09C937} (Polycom Control) - http://199.125.175.115/npViaVideoFX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.easports.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {5CE7A7AF-8C5E-48CF-AE30-8FC6F01C27E3} (Yahoo! Photos - Outil de publication Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) - https://www.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - https://pakdata.com/download/PDMSInstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://partnerships4cd.webex.com/client/T26L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B65B4ED-D61C-41A1-BAF1-A2B94600B279}: NameServer = 67.148.54.100,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dl.wb.sn
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dl.wb.sn
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dl.wb.sn
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe