Rapport hijackthis

edit

bonjour oui il y a des problemes (hihi :( )

Télécharge Navilog1 depuis-ce lien :

Navilog1

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Au menu principal, Fais le choix 1 >> Recherche
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... *** >>>>> Le fix peut durer une dizaine de minutes ;)
Appuie sur une touche le bloc note va s'ouvrir.
Copie-colle le rapport ici.

bjr gen-hackman
je vous laisse ;)

bonjour neo :)

Bonjour gen-hackman,
merci de ton aide voila le rappor de navilog:

Search Navipromo version 3.7.5 commencé le 05/03/2009 à 14:23:54,93

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2300 @ 1.66GHz )
BIOS : ZB1 v1.3219 3B19
USER : bibou ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090305-0] 4.8.1335 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)

C:\ (Local Disk) - FAT32 - Total:35 Go (Free:5 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:20 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\bibou\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\bibou\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\bibou\menud+~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\bibou\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\tmlpcert2007 trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cnapu"="\"c:\\documents and settings\\bibou\\local settings\\application data\\cnapu.exe\" cnapu"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wgckkyi"="\"c:\\documents and settings\\bibou\\local settings\\application data\\wgckkyi.exe\" wgckkyi"

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

qrskmnpg.dat trouvé !
qrskmnpg_nav.dat trouvé !
qrskmnpg_navps.dat trouvé !

* Dans "C:\Documents and Settings\bibou\locals~1\applic~1" :

wgckkyi.exe trouvé !
wgckkyi.dat trouvé !
wgckkyi_nav.dat trouvé !
wgckkyi_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

*** Analyse terminée le 05/03/2009 à 14:26:30,78 ***

Option 2 - Suppression :

* Double clique sur le raccourci de Navilog.
* Choisis l'option 2 puis valide. (Entrée)
* Laisse toi guider.
* Ton ordinateur va redémarrer, sinon fais le manuellement.
* Ton bureau va disparaître.
* Après un certain temps, le Bloc-notes va s'ouvrir.
* Sauvegarde le rapport.
* Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau

Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

VIP

Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.

Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
https://www.bleepingcomputer.com/submit-malware.php?channel=35
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau

Si c'est fait, supprime enfin le certificat présent sur ton bureau.

Les programmes suivants installent cette infection :

* Go-astro
* GoRecord
* HotTVPlayer
* Live Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)

* Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)

Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

VIP

Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.

Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
https://www.bleepingcomputer.com/submit-malware.php?channel=35
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau

Si c'est fait, supprime enfin le certificat présent sur ton bureau.

gen hackman
puis je te demander l'interet de cette procedure ;)
l'option 2 de navilog supprimera forcement les certificats qu'il a trouvé, non ?
je n'avais jamais vu cette manip avant toi :)
merci

voila le rapport après redemarrage :

Clean Navipromo version 3.7.5 commencé le 05/03/2009 à 15:11:56,37

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2300 @ 1.66GHz )
BIOS : ZB1 v1.3219 3B19
USER : bibou ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090305-0] 4.8.1335 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)

C:\ (Local Disk) - FAT32 - Total:35 Go (Free:5 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:20 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\bibou\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\bibou\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\bibou\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\bibou\menud+~1\progra~1" ***

*** Suppression fichiers ***

C:\WINDOWS\tmlpcert2007 supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\bibou\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

qrskmnpg.dat trouvé !
Copie qrskmnpg.dat réalisée avec succès !
qrskmnpg.dat supprimé !

qrskmnpg_nav.dat trouvé !
Copie qrskmnpg_nav.dat réalisée avec succès !
qrskmnpg_nav.dat supprimé !

qrskmnpg_navps.dat trouvé !
Copie qrskmnpg_navps.dat réalisée avec succès !
qrskmnpg_navps.dat supprimé !

* Dans "C:\Documents and Settings\bibou\locals~1\applic~1" *

wgckkyi.exe trouvé !
Copie wgckkyi.exe réalisée avec succès !
wgckkyi.exe supprimé !

wgckkyi.dat trouvé !
Copie wgckkyi.dat réalisée avec succès !
wgckkyi.dat supprimé !

wgckkyi_nav.dat trouvé !
Copie wgckkyi_nav.dat réalisée avec succès !
wgckkyi_nav.dat supprimé !

wgckkyi_navps.dat trouvé !
Copie wgckkyi_navps.dat réalisée avec succès !
wgckkyi_navps.dat supprimé !

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***

*** Nettoyage terminé le 05/03/2009 à 15:16:27,75 ***

@ neo = l'interet est de mettre Navilog a jour du mieux que l on peut et il ne prend pas en charge ce certificat qui ,
il est possible, peut etre infecté

@nvopirhr=

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> RSIT

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

@ neo = l'interet est de mettre Navilog a jour du mieux que l on peut et il ne prend pas en charge ce certificat qui ,
il est possible, peut etre infecté
c'est noté merci
je m'eclipse ;)

voila le rapport "log.txt":

Logfile of random's system information tool 1.05 (written by random/random)
Run by bibou at 2009-03-05 20:00:05
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 5 GB (15%) free of 36 GB
Total RAM: 1022 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:16, on 05/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
d:\program files\catia v5r11\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\bibou\Mes documents\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bibou.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://dida.univ-tln.fr/qp2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - d:\program files\catia v5r11\intel_a\code\bin\CATSysDemon.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9856eb70b1b68) (gupdate1c9856eb70b1b68) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

et la rapport info.txt :
merci encore pour ton aide

info.txt logfile of random's system information tool 1.05 2009-03-05 20:00:22

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acer Arcade-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eDataSecurity Management 1.00.23-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x40c -removeonly
Acer eLock Management-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}
Acer Empowering Technology framework-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
Acer eNet Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x40c
Acer ePerformance Management-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041}
Acer ePower Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x40c
Acer ePresentation Management-->C:\WINDOWS\UnInst32.exe AcerePrj.UNI
Acer eSettings Management-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Ad-Aware 2007-->MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{642FCF93-54AE-4F75-A2E2-124DE3756C59}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Dassault Systemes Software B11-->"d:\program files\catia v5r11\intel_a\code\bin\Uninstall.exe" "d:\program files\catia v5r11" "CODE" "IS" "C:\WINDOWS\ISUN040C.EXE" "d:\program files\catia v5r11\intel_a\Uninst.isu" "B11" "0"
Dassault Systemes Software B16-->"C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\Uninstall.exe" "C:\Program Files\Dassault Systemes\B16" "CODE" "GUI" "B16" "0"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_AcrS1025\HXFSETUP.EXE -U -IAcrS1025.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Logiciel Acer OrbiCam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\setup.exe" -l0x40c
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
Ludi-->C:\Program Files\Ludi\uninstall.exe
MathType 5-->"C:\Program Files\MathType\Setup.exe" -R
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA040C-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSI MS-5511 MEGA STICK-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54C632BA-9697-4384-88E7-ADB2350287D6}\Setup.exe" -l0x40c
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Navilog1 3.7.5-->"C:\Program Files\Navilog1\unins000.exe"
NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5375.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PPMate Network TV 2.3.1.69-->D:\Program Files\PPMate\uninst.exe
Programme de gestion Acer OrbiCam-->"C:\Program Files\Fichiers communs\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l040c
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
SMSC CIR HID V5.3.2600.2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x40c UNINSTALL
SopCast 3.0.1-->D:\Program Files\SopCast\uninst.exe
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SPIF225 USB to SATA Bridge 98 Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trust WB-3400T Webcam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}\Setup.exe" -l0x9
TVUPlayer 2.4.0.1-->D:\Program Files\TVUPlayer\uninst.exe
VLC media player 0.9.8a-->D:\Program Files\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090305-0]
FW: ZoneAlarm Firewall

System event log

Computer Name: ACER-36ADEA1256
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service OSA NdisFilter Protocol.

Record Number: 8407
Source Name: Service Control Manager
Time Written: 20090221114959.000000+060
Event Type: Informations
User: ACER-36ADEA1256\bibou

Computer Name: ACER-36ADEA1256
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

Record Number: 8406
Source Name: Service Control Manager
Time Written: 20090221114900.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 7036
Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution.

Record Number: 8405
Source Name: Service Control Manager
Time Written: 20090221114854.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de découvertes SSDP.

Record Number: 8404
Source Name: Service Control Manager
Time Written: 20090221114853.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: ACER-36ADEA1256
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

Record Number: 8403
Source Name: Service Control Manager
Time Written: 20090221114853.000000+060
Event Type: Informations
User:

Application event log

Computer Name: ACER-36ADEA1256
Event Code: 102
Message: wlmail (2036) WindowsLiveMail0: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 4679
Source Name: ESENT
Time Written: 20081205201606.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 100
Message: wlmail (2036) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 4678
Source Name: ESENT
Time Written: 20081205201606.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 101
Message: wlmail (1996) Le moteur de base de données est arrêté.

Record Number: 4677
Source Name: ESENT
Time Written: 20081205124115.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 103
Message: wlmail (1996) WindowsLiveMail0: Le moteur de base de données a arrêté une instance (0).

Record Number: 4676
Source Name: ESENT
Time Written: 20081205124115.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 213
Message: wlmail (1996) WindowsLiveMail0: La procédure de sauvegarde est terminée.

Record Number: 4675
Source Name: ESENT
Time Written: 20081205124055.000000+060
Event Type: Informations
User:

======Environment variables======

"adl_odt_in"=1
"cnextbackground"=no
"Cnextsplashscreen"=no
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Fichiers communs\Adobe\AGL;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625;C:\Program Files\Fichiers communs\Teleca Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0e08
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"tvdumpflags"=8

-----------------EOF-----------------

et la rapport info.txt :
merci encore pour ton aide

info.txt logfile of random's system information tool 1.05 2009-03-05 20:00:22

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acer Arcade-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eDataSecurity Management 1.00.23-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x40c -removeonly
Acer eLock Management-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}
Acer Empowering Technology framework-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
Acer eNet Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x40c
Acer ePerformance Management-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041}
Acer ePower Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x40c
Acer ePresentation Management-->C:\WINDOWS\UnInst32.exe AcerePrj.UNI
Acer eSettings Management-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Ad-Aware 2007-->MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{642FCF93-54AE-4F75-A2E2-124DE3756C59}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Dassault Systemes Software B11-->"d:\program files\catia v5r11\intel_a\code\bin\Uninstall.exe" "d:\program files\catia v5r11" "CODE" "IS" "C:\WINDOWS\ISUN040C.EXE" "d:\program files\catia v5r11\intel_a\Uninst.isu" "B11" "0"
Dassault Systemes Software B16-->"C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\Uninstall.exe" "C:\Program Files\Dassault Systemes\B16" "CODE" "GUI" "B16" "0"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_AcrS1025\HXFSETUP.EXE -U -IAcrS1025.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Logiciel Acer OrbiCam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\setup.exe" -l0x40c
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
Ludi-->C:\Program Files\Ludi\uninstall.exe
MathType 5-->"C:\Program Files\MathType\Setup.exe" -R
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA040C-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSI MS-5511 MEGA STICK-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54C632BA-9697-4384-88E7-ADB2350287D6}\Setup.exe" -l0x40c
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Navilog1 3.7.5-->"C:\Program Files\Navilog1\unins000.exe"
NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5375.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PPMate Network TV 2.3.1.69-->D:\Program Files\PPMate\uninst.exe
Programme de gestion Acer OrbiCam-->"C:\Program Files\Fichiers communs\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l040c
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
SMSC CIR HID V5.3.2600.2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x40c UNINSTALL
SopCast 3.0.1-->D:\Program Files\SopCast\uninst.exe
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SPIF225 USB to SATA Bridge 98 Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trust WB-3400T Webcam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}\Setup.exe" -l0x9
TVUPlayer 2.4.0.1-->D:\Program Files\TVUPlayer\uninst.exe
VLC media player 0.9.8a-->D:\Program Files\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090305-0]
FW: ZoneAlarm Firewall

System event log

Computer Name: ACER-36ADEA1256
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service OSA NdisFilter Protocol.

Record Number: 8407
Source Name: Service Control Manager
Time Written: 20090221114959.000000+060
Event Type: Informations
User: ACER-36ADEA1256\bibou

Computer Name: ACER-36ADEA1256
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

Record Number: 8406
Source Name: Service Control Manager
Time Written: 20090221114900.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 7036
Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution.

Record Number: 8405
Source Name: Service Control Manager
Time Written: 20090221114854.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de découvertes SSDP.

Record Number: 8404
Source Name: Service Control Manager
Time Written: 20090221114853.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: ACER-36ADEA1256
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

Record Number: 8403
Source Name: Service Control Manager
Time Written: 20090221114853.000000+060
Event Type: Informations
User:

Application event log

Computer Name: ACER-36ADEA1256
Event Code: 102
Message: wlmail (2036) WindowsLiveMail0: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 4679
Source Name: ESENT
Time Written: 20081205201606.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 100
Message: wlmail (2036) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 4678
Source Name: ESENT
Time Written: 20081205201606.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 101
Message: wlmail (1996) Le moteur de base de données est arrêté.

Record Number: 4677
Source Name: ESENT
Time Written: 20081205124115.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 103
Message: wlmail (1996) WindowsLiveMail0: Le moteur de base de données a arrêté une instance (0).

Record Number: 4676
Source Name: ESENT
Time Written: 20081205124115.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 213
Message: wlmail (1996) WindowsLiveMail0: La procédure de sauvegarde est terminée.

Record Number: 4675
Source Name: ESENT
Time Written: 20081205124055.000000+060
Event Type: Informations
User:

======Environment variables======

"adl_odt_in"=1
"cnextbackground"=no
"Cnextsplashscreen"=no
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Fichiers communs\Adobe\AGL;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625;C:\Program Files\Fichiers communs\Teleca Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0e08
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"tvdumpflags"=8

-----------------EOF-----------------

réouvre hijackthis
fais scan only
coches ces lignes :

O3 - Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

tu les coches et tu clic sur "fix checked"

et tu fermes le programme.

ensuite :

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

OtMoveIt 3

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :



:processes
explorer.exe

:files
C:\DOCUME~1\bibou\LOCALS~1\Temp\15exinjs.a3.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\83exinjs.a3.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\61exinjs.a3.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\87exinjs.a3.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\16exinjs.a3.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\30exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\41exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\62exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\50exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\25exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\3exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\90exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\0exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\59exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\9exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\19exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\28exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\69exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\93exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\65exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\32exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\8exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\64exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\1exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\53exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\91exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\82exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\38exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\70exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\87exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\97exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\75exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\47exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\77exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\96exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\51exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\33exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\48exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\74exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\40exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\94exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\15exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\45exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\52exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\55exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\83exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\23exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\76exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\14exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\37exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\36exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\68exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\85exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\95exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\11exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\2exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\39exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\44exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\57exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\4exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\16exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\12exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\60exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\5exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\17exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\79exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\61exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\92exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\88exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\54exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\6exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\67exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\73exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\34exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\58exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\35exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\7exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\13exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\84exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\56exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\98exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\24exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\22exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\99exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\46exinjs.ab.exe
C:\DOCUME~1\bibou\LOCALS~1\Temp\29exinjs.ab.exe

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\svchost.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\15exinjs.a3.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\83exinjs.a3.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\61exinjs.a3.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\87exinjs.a3.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\16exinjs.a3.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\30exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\41exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\62exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\50exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\25exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\3exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\90exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\0exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\59exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\9exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\19exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\28exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\69exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\93exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\65exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\32exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\8exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\64exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\1exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\53exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\91exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\82exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\38exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\70exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\87exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\97exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\75exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\47exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\77exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\96exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\51exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\33exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\48exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\74exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\40exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\94exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\15exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\45exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\52exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\55exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\83exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\23exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\76exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\14exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\37exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\36exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\68exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\85exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\95exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\11exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\2exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\39exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\44exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\57exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\4exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\16exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\12exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\60exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\5exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\17exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\79exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\61exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\92exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\88exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\54exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\6exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\67exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\73exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\34exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\58exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\35exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\7exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\13exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\84exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\56exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\98exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\24exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\22exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\99exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\46exinjs.ab.exe"=-
"C:\DOCUME~1\bibou\LOCALS~1\Temp\29exinjs.ab.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6d5bb4-d988-11dc-96b4-0016361d7da2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fbe5694-dde6-11da-9342-001302064179}]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]


---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

ensuite :

vire Ad-Aware il sert plus a rien tu trouveras 100 fois mieux en gratuit


ensuite :

Passer de Avast à AntiVir :

Désinstalle via Ajout/Suppression de Programmes (si présents) :

* Avast!

Télécharge et exécute le Désinstalleur d'Avast!. : Desinstaller
Ceci effacera la majorité des traces du produit Avast! d'Alwil Software.

Télécharge Ccleaner sur ton Bureau. : Ccleaner

* Clique sur "download the latest version"
* Installe-le en laissant seulement les options suivantes cochées :

- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner

* Lance le Nettoyage
* Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

plus de precision sur la configuration de ccleaner te seront donnees plus tard

Aide : Comment utiliser CCleaner.: tuto

ensuite :

Télécharge AntiVir sur ton Bureau.: Antivir en Francais

* Double clique sur l'exécutable téléchargé pour lancer l'installation.
* À la fin de l'installation, clique sur Finish.
* Ouvre Antivir, assure-toi qu’il soit bien à jour !
* Dans l'onglet Protection Locale, choisis Contrôler.
* Active la recherche de rootkits via le + de Recherche de Rootkits, puis dans Sélection manuelle, coche tout (tes partitions de disque dur).
* Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
* Poste moi le rapport généré : Pour cela, clique sur l'onglet Aperçu, puis choisis Rapports, tu trouveras son rapport..
* Sélectionne le rapport et clique sur l'icône "Afficher le fichier de rapport du rapport sélectionné.

Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

Pourquoi changer ? Avast vs Antivir.:Avast Vs Antivir

Aide : Comment installer et utiliser AntiVir.

Tuto Antivir

voila le rapport de OTMoveIt :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\15exinjs.a3.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\83exinjs.a3.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\61exinjs.a3.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\87exinjs.a3.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\16exinjs.a3.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\30exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\41exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\62exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\50exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\25exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\3exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\90exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\0exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\59exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\9exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\19exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\28exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\69exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\93exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\65exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\32exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\8exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\64exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\1exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\53exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\91exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\82exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\38exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\70exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\87exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\97exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\75exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\47exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\77exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\96exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\51exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\33exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\48exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\74exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\40exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\94exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\15exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\45exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\52exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\55exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\83exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\23exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\76exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\14exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\37exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\36exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\68exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\85exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\95exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\11exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\2exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\39exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\44exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\57exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\4exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\16exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\12exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\60exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\5exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\17exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\79exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\61exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\92exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\88exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\54exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\6exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\67exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\73exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\34exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\58exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\35exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\7exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\13exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\84exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\56exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\98exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\24exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\22exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\99exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\46exinjs.ab.exe not found.
File/Folder C:\DOCUME~1\bibou\LOCALS~1\Temp\29exinjs.ab.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\15exinjs.a3.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\83exinjs.a3.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\61exinjs.a3.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\87exinjs.a3.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\16exinjs.a3.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\30exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\41exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\62exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\50exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\25exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\3exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\90exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\0exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\59exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\9exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\19exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\28exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\69exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\93exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\65exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\32exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\8exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\64exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\1exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\53exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\91exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\82exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\38exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\70exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\87exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\97exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\75exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\47exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\77exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\96exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\51exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\33exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\48exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\74exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\40exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\94exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\15exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\45exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\52exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\55exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\83exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\23exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\76exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\14exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\37exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\36exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\68exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\85exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\95exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\11exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\2exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\39exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\44exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\57exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\4exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\16exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\12exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\60exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\5exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\17exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\79exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\61exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\92exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\88exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\54exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\6exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\67exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\73exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\34exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\58exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\35exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\7exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\13exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\84exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\56exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\98exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\24exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\22exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\99exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\46exinjs.ab.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\bibou\LOCALS~1\Temp\29exinjs.ab.exe deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6d5bb4-d988-11dc-96b4-0016361d7da2}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fbe5694-dde6-11da-9342-001302064179}\\ deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\Mіcrosoft.NET moved successfully.
File delete failed. C:\DOCUME~1\bibou\LOCALS~1\Temp\Perflib_Perfdata_848.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\bibou\LOCALS~1\Temp\Perflib_Perfdata_f3c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\bibou\LOCALS~1\Temp\Perflib_Perfdata_eb8.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ZLT024f2.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT024f5.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_374.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_400.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_H13bUV2TgDBRcvc scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03062009_120831

Files moved on Reboot...
File C:\DOCUME~1\bibou\LOCALS~1\Temp\Perflib_Perfdata_848.dat not found!
File C:\DOCUME~1\bibou\LOCALS~1\Temp\Perflib_Perfdata_f3c.dat not found!
File C:\DOCUME~1\bibou\LOCALS~1\Temp\Perflib_Perfdata_eb8.dat not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\ZLT024f2.TMP not found!
C:\WINDOWS\temp\CLML_AGENT_LOG1.txt moved successfully.
File C:\WINDOWS\temp\ZLT024f5.TMP not found!
C:\WINDOWS\temp\Perflib_Perfdata_374.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_400.dat not found!
File C:\WINDOWS\temp\sqlite_H13bUV2TgDBRcvc not found!

ok j attends le rapport de Antivir

voila le rapport de antivir :
desolé j'ai été un peu long

Avira AntiVir Personal
Date de création du fichier de rapport : samedi 7 mars 2009 14:41

La recherche porte sur 1288155 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows XP
Version de Windows :(Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : bibou
Nom de l'ordinateur :ACER-36ADEA1256

Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:02
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:28
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:18
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:28
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:38
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 12:39:56
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 03/03/2009 12:39:58
ANTIVIR3.VDF : 7.1.2.135 157696 Bytes 07/03/2009 12:39:58
Version du moteur: 8.2.0.105
AEVDF.DLL : 8.1.1.0 106868 Bytes 07/03/2009 12:40:04
AESCRIPT.DLL : 8.1.1.57 356729 Bytes 07/03/2009 12:40:04
AESCN.DLL : 8.1.1.8 127346 Bytes 07/03/2009 12:40:04
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:40
AEPACK.DLL : 8.1.3.10 397686 Bytes 07/03/2009 12:40:02
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 07/03/2009 12:40:02
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 07/03/2009 12:40:02
AEHELP.DLL : 8.1.2.2 119158 Bytes 07/03/2009 12:40:00
AEGEN.DLL : 8.1.1.25 336243 Bytes 07/03/2009 12:40:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:58
AECORE.DLL : 8.1.6.6 176501 Bytes 07/03/2009 12:39:58
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:58
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:04
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:00
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:16
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:38
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:20
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:48
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:38
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:08
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:18
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:44

Configuration pour la recherche actuelle :
Nom de la tâche..................: Sélection manuelle
Fichier de configuration.........: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, D:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: arrêt
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : samedi 7 mars 2009 14:41

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLI.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'CLI.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'hpqgpc01.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpqbam08.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpqste08.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpqtra08.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'zlclient.exe' - '0' module(s) sont contrôlés
Processus de recherche 'vsnpstd2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'admtray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lvcomsx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ElkCtrl.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Monitor.exe' - '1' module(s) sont contrôlés
Processus de recherche 'QtZgAcer.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'ePower_DMC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'eDSloader.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLI.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'PCMService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPLpr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wscntfy.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLSched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'RichVideo.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RegSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'MDM.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'JQS.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'CLMLService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLMLServer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLCapSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CATSysDemon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'admServ.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AVGUARD.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleUpdate.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LVPrcSrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SPOOLSV.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'EXPLORER.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'VSMON.EXE' - '0' module(s) sont contrôlés
Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'ATI2EVXX.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'S24EvMon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'EvtEng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'ATI2EVXX.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'LSASS.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'SERVICES.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'WINLOGON.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'CSRSS.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'SMSS.EXE' - '1' module(s) sont contrôlés
'64' processus ont été contrôlés avec '64' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '70' fichiers).

La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <ACER>
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\WINDOWS\system32\drivers\sptd.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\WINDOWS\system32\drivers\dtscsi.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP860\A0270519.exe
[RESULTAT] Contient le cheval de Troie TR/Proxy.Horst.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49e48e6d.qua' !
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP860\A0270520.exe
[RESULTAT] Contient le cheval de Troie TR/Proxy.Horst.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49e48e71.qua' !
Recherche débutant dans 'D:\' <ACERDATA>

Fin de la recherche : samedi 7 mars 2009 16:23
Temps nécessaire: 1:42:41 Heure(s)

La recherche a été effectuée intégralement

11829 Les répertoires ont été contrôlés
653765 Des fichiers ont été contrôlés
2 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
2 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
4 Impossible de contrôler des fichiers
653759 Fichiers non infectés
8507 Les archives ont été contrôlées
4 Avertissements
2 Consignes

par contre j'ai eu un bug pendant le scan et j'ai donc redemarré le scan le precedent scan avait placé deja 3 fichiers en quarantaine mais il a pas fini parce que l'ordi a planté et donc j'ai pas le rapport de ces 3 fichiers.

Bonjour :

ok relances le log.txt stp de rsit

je refais un scan avec rsit ou je te donne l'ancien?

si tu veux l'ancien le voilà :

Logfile of random's system information tool 1.05 (written by random/random)
Run by bibou at 2009-03-05 20:00:05
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 5 GB (15%) free of 36 GB
Total RAM: 1022 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:16, on 05/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
d:\program files\catia v5r11\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\bibou\Mes documents\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bibou.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://dida.univ-tln.fr/qp2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - d:\program files\catia v5r11\intel_a\code\bin\CATSysDemon.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9856eb70b1b68) (gupdate1c9856eb70b1b68) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe