WORM/Autolt.BEK

Amira -  
 Amira -
Bonjour,
Lorsque j'ai fait un scan avec l'antivirus il m'a affiché qu'un virus ou un programme indisirable a été touvé qui est le worm/autolt.BEk , je voudrai savoir comment l'eliminer?
Configuration: Windows XP Internet Explorer 6.0

2 réponses

  1. toto666 Messages postés 331 Statut Membre 14
     
    Effectivement tu as une infection qui se propage par clé usb...

    Télécharge et install UsbFix : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
    • Double clic sur le raccourci UsbFix présent sur ton bureau .
    • Choisis l' option 1 ( Recherche )
    • Laisse travailler l'outil.
    • Ensuite post le rapport UsbFix.txt qui apparaitra.
    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    1
    1. Amira
       
      salut désolée pour le retard , alors comme vous m'avez dit j'ai branché la clé usb et j'ai lancé le recherche voici le rapport:
      ############################## [ UsbFix V3.016 # Scan ]

      # User : Samir (Administrateurs) # P4-3GHZ
      # Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
      # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
      # Start at: 22:32:52 | 05/05/2009

      # Intel(R) Pentium(R) 4 CPU 3.00GHz
      # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
      # Internet Explorer 6.0.2900.2180
      # Windows Firewall Status : Enabled
      # AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]

      # A:\ # Lecteur de disquettes 3 ½ pouces
      # C:\ # Disque fixe local # 14,65 Go (2,34 Go free) # NTFS
      # D:\ # Disque CD-ROM
      # E:\ # Disque fixe local # 22,61 Go (11,51 Go free) # NTFS
      # F:\ # Disque amovible
      # G:\ # Disque CD-ROM # 5,58 Mo (0 Mo free) [U3 System] # CDFS
      # H:\ # Disque amovible # 973,17 Mo (302,02 Mo free) # FAT

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Google\Update\GoogleUpdate.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Live\Family Safety\fsssvc.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\XpertVision\TBPanel.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\ZSSnp211.exe
      C:\WINDOWS\Domino.exe
      C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
      C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Windows Live\Family Safety\fsui.exe
      C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\Ares\Ares.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Documents and Settings\Samir\Application Data\Techno Design IP\LiveSearch Notification.exe
      C:\Documents and Settings\Samir\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE
      C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
      C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
      C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\Explorer.exe
      C:\Documents and Settings\Samir\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\Samir\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\Samir\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ Registre # Startup ]

      HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
      HKCU_Main: "Start Page"="http://maghreb.msn.com"
      HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      HKLM_logon: "DefaultUserName"="Samir"
      HKLM_logon: "AltDefaultUserName"="Samir"
      HKLM_logon: "LegalNoticeCaption"=""
      HKLM_logon: "LegalNoticeText"=""
      HKLM_Run: High Definition Audio Property Page Shortcut=HDAShCut.exe
      HKLM_Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
      HKLM_Run: Gainward=C:\Program Files\XpertVision\TBPanel.exe /A
      HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      HKLM_Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      HKLM_Run: ZSSnp211=C:\WINDOWS\ZSSnp211.exe
      HKLM_Run: Domino=C:\WINDOWS\Domino.exe
      HKLM_Run: PCSuiteTrayApplication=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
      HKLM_Run: LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
      HKLM_Run: LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
      HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
      HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
      HKLM_Run: KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
      HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
      HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      HKCU_Run: SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
      HKCU_Run: PcSync=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      HKCU_Run: ccleaner="C:\Documents and Settings\Samir\Bureau\CCleaner\CCleaner.exe" /AUTO
      HKCU_Run: ares="C:\Program Files\Ares\Ares.exe" -h
      HKCU_Run: firewall 2008=C:\WINDOWS\system32\logoneui.exe
      HKCU_Run: LiveSearchNotification="C:\Documents and Settings\Samir\Application Data\Techno Design IP\LiveSearch Notification.exe"
      HKCU_Run: Google Update="C:\Documents and Settings\Samir\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      HKCU_Run: EPSON Stylus SX200 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6F.tmp" /EF "HKCU"

      ################## [ Informations ]


      ################## [ Fichiers # Dossiers infectieux ]

      Found ! C:\WINDOWS\system32\autorun.ini
      C:\autorun.inf # -> fichier appelé : "C:\logoneui.exe" ( absent ! )
      Found ! C:\info.bat
      Found ! C:\autorun.inf
      E:\autorun.inf # -> fichier appelé : "E:\logoneui.exe" ( absent ! )
      Found ! E:\autorun.inf
      Found ! G:\autorun.inf
      Found ! H:\ntde1ect.com
      Found ! H:\autorun.inf

      ################## [ Registre # Clés Run infectieuses ]

      Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
      Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableTaskMgr"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
      Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "firewall 2008"
      Found ! HKU\S-1-5-21-1801674531-1960408961-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "firewall 2008"

      ################## [ Registre # Mountpoints2 ]

      HKCU\Software\Microsoft\....\MountPoints2\{327e4455-c9e5-11dd-bf00-0073044668e7}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{327e4455-c9e5-11dd-bf00-0073044668e7}\Shell\explore\Command
      HKCU\Software\Microsoft\....\MountPoints2\{327e4455-c9e5-11dd-bf00-0073044668e7}\Shell\open\Command
      HKCU\Software\Microsoft\....\MountPoints2\{56dcfc38-4cf8-11dd-b4a7-0073044668e7}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{56dcfc38-4cf8-11dd-b4a7-0073044668e7}\Shell\open\Command
      HKCU\Software\Microsoft\....\MountPoints2\{597deccc-95b4-11dc-b57d-0073044668e7}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{6c85b503-6220-11dd-b4dd-0073044668e7}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{7c97934b-9b48-11dc-a29f-0073044668e7}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{8378ba3f-a4b3-11dc-a65d-0073044668e7}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{baf3ba50-8fcd-11dc-bf3b-001a928290e4}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{baf3ba50-8fcd-11dc-bf3b-001a928290e4}\Shell\explore\Command
      HKCU\Software\Microsoft\....\MountPoints2\{baf3ba50-8fcd-11dc-bf3b-001a928290e4}\Shell\open\Command
      HKCU\Software\Microsoft\....\MountPoints2\{d6405492-8fbb-11dc-b774-806d6172696f}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{d6405492-8fbb-11dc-b774-806d6172696f}\Shell\open\Command
      HKCU\Software\Microsoft\....\MountPoints2\{ddde7ae1-b628-11dc-a67d-0073044668e7}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{e0ee8c50-dcc9-11dd-bf3e-0073044668e7}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{e0ee8c50-dcc9-11dd-bf3e-0073044668e7}\Shell\open\Command

      ################## [ ! Fin du rapport # UsbFix V3.016 ! ]
      0
  2. toto666 Messages postés 331 Statut Membre 14
     
    Bonjour amira,

    on va voir ce qu'il se passe sur ton pc.

    I)Telecharger random's system information tool: (RSIT)

    http://images.malwareremoval.com/random/RSIT.exe

    1)Double clique sur l’icône RSIT.exe
    2)Clique sur continue.
    3)L’analyse terminée, deux fichiers s’ouvriront, poste moi les 2 rapports stp.
    Si les 2 fichiers ne s’ouvrent pas va dans C:\rsit , tu y trouvera les 2 fichiers info.txt et log.txt
    0
    1. Amira
       
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Samir at 2009-05-02 15:49:07
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 3 GB (17%) free of 15 GB
      Total RAM: 511 MB (25% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:50:00, on 02/05/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Google\Update\GoogleUpdate.exe
      C:\WINDOWS\Explorer.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Live\Family Safety\fsssvc.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\XpertVision\TBPanel.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\ZSSnp211.exe
      C:\WINDOWS\Domino.exe
      C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
      C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
      C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\Program Files\Windows Live\Family Safety\fsui.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\Ares\Ares.exe
      C:\Documents and Settings\Samir\Application Data\Techno Design IP\LiveSearch Notification.exe
      C:\Documents and Settings\Samir\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE
      C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
      C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
      C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
      C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Documents and Settings\Samir\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\Samir\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Windows Live\Toolbar\wltuser.exe
      C:\Documents and Settings\Samir\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
      C:\Documents and Settings\Samir\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\Samir\Mes documents\Downloads\RSIT.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\trend micro\Samir.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&mkt=maghreb&FORM=MIC2M5
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://maghreb.msn.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - Default URLSearchHook is missing
      F2 - REG:system.ini: Shell=Explorer.exe logoneui.exe
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
      O2 - BHO: (no name) - {BEF1CC49-9185-4FD9-A680-C80F78CBFB5F} - c:\windows\system32\qyslijf.dll (file missing)
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
      O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\Samir\Bureau\CCleaner\CCleaner.exe" /AUTO
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [firewall 2008] C:\WINDOWS\system32\logoneui.exe
      O4 - HKCU\..\Run: [LiveSearchNotification] "C:\Documents and Settings\Samir\Application Data\Techno Design IP\LiveSearch Notification.exe"
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Samir\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S6F.tmp" /EF "HKCU"
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: LaunchU3.exe.lnk = ?
      O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      O4 - Global Startup: DSLMON.lnk = ?
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O17 - HKLM\System\CCS\Services\Tcpip\..\{DC8CBCA5-93A4-448C-9CED-AE2A45609894}: NameServer = 41.221.20.4
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: mtqunkyb - qyslijf.dll (file missing)
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Service Google Update (gupdate1c9c90cd3482622) (gupdate1c9c90cd3482622) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      0