Virus win32 : SkiMorph sur mon ordi

bonsoir merci pour votre aide,

ci joint le rapport coe demandé

Search Navipromo version 3.7.7 commencé le 12/05/2009 à 23:35:10,72

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : RAYENOO ( Administrator )
BOOT : Normal boot

Antivirus : Norton Internet Security 15.0.0.60 (Activated)
Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)

C:\ (Local Disk) - NTFS - Total:137 Go (Free:3 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:1 Go)
E:\ (CD or DVD)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\rayenoo\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\RAYENOO\AppData\Local\virtualstore\Program Files" ***



*** Recherche dossiers dans "C:\Users\RAYENOO\AppData\Local" ***



*** Recherche dossiers dans "C:\Users\haicama\AppData\Local" ***




*** Recherche dossiers dans "C:\Users\RAYENOO\AppData\Roaming" ***


*** Recherche dossiers dans "C:\Users\haicama\appdata\roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\RAYENOO\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\RAYENOO\AppData\Local" *

* Recherche dans "C:\Users\haicama\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\RAYENOO\AppData\Local\Microsoft" :


* Dans "C:\Users\RAYENOO\AppData\Local" :


* Dans "C:\Users\haicama\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 12/05/2009 à 23:58:53,22 ***


merci de nouveau

ceci est le rapport pour l'option 1:


############################## [ UsbFix V3.018 # Scan ]

# User : RAYENOO (Administrators) # RAYENOO-PC
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 13:17:39 | 13/05/2009

# Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
# Microsoft® Windows Vista™ Home Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1229 [VPS 081113-1] 4.8.1229 [ Enabled | Updated ]
# AV : Norton Internet Security 15.0.0.60 [ Enabled | (!) Outdated ]
# FW : Norton Internet Security[ Enabled ]15.0.0.60
# FW : ZoneAlarm Firewall[ Enabled ]7.1.254.000

# C:\ # Local Fixed Disk # 137,89 Go (2,57 Go free) # NTFS
# D:\ # Local Fixed Disk # 11,16 Go (1,88 Go free) [HP_RECOVERY] # NTFS
# E:\ # CD-ROM Disc
# F:\ # Removable Disk # 1,87 Go (1,87 Go free) # FAT32
# G:\ # CD-ROM Disc # 6,31 Mo (0 Mo free) [U3 System] # CDFS
# H:\ # Removable Disk # 3,77 Go (19,16 Mo free) [KINGSTON] # FAT32
# I:\ # Removable Disk # 7,47 Go (180,16 Mo free) # FAT32

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\Program Files\avast\aswUpdSv.exe
C:\Program Files\avast\ashServ.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\avast\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\avast\ashMaiSv.exe
C:\Program Files\avast\ashWebSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
HKCU_Main: "Start Page"="https://www.google.fr/?gws_rd=ssl"
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM_Run: WAWifiMessage=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
HKLM_Run: avast!=C:\PROGRA~1\avast\ashDisp.exe
HKLM_Run: ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: OnScreenDisplay=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
HKLM_Run: QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU_Run: WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

################## [ Informations ]


################## [ Fichiers # Dossiers infectieux ]

Found ! C:\Windows\system32\autorun.inf
F:\autorun.inf # -> fichier appelé : "F:\yjvswc.exe" ( absent ! )
Found ! F:\autorun.inf
Found ! G:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{00d4b5b0-28f6-11dd-abc1-001e37a1273d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ab695035-a69e-11dd-b18b-001e680ca23c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ab695035-a69e-11dd-b18b-001e680ca23c}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{ab695035-a69e-11dd-b18b-001e680ca23c}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{c0c399f0-3cde-11de-a76d-001e37a1273d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{c0c399f0-3cde-11de-a76d-001e37a1273d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{c0c399f0-3cde-11de-a76d-001e37a1273d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ebc25b5d-2507-11dd-9774-001e37a1273d}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.018 ! ]





j'execute maintenant l'option 2 puis je renvois le rapport
Merci

merci
je m'absente pour une heure puisje reviens merci beacoup

je l'execute effectivement en tant qu'administrateur

après avoir désactivé le tea timer,quest ce que je fais svp?
merci

est ce que j'exectute navilog en mode sans echec?

Bonjour,
je ne cesse d'essayer de faire le scan via Bitdefender mais ça bloque au stade de la mise à jour. Je précise que je l'ai fais via internet explorer, ça bloque à 19%, via Firefox ça ne marche pas du tout.
Merci de m'indiquer ce que je dois faire

re bonjour
ci joint log comme demandé:

Logfile of random's system information tool 1.06 (written by random/random)
Run by RAYENOO at 2009-05-13 12:40:10
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 3 GB (2%) free of 141 GB
Total RAM: 2046 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:15, on 13/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\avast\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\RAYENOO\Searches\Desktop\RSIT.exe
C:\Program Files\HiJackThis\RAYENOO.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

et maintenant info:


info.txt logfile of random's system information tool 1.06 2009-05-13 12:41:24

======Uninstall list======

-->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Alive Video Converter (version 3.2.0.8)-->"C:\Program Files\Alive video\Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\Windows\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Application Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8C3A9E8-07F4-4D44-BB9D-C4AE5D230468}\Setup.exe" -l0x40c
Archiveur WinRAR-->C:\Program Files\winrar\uninstall.exe
avast! Antivirus-->C:\Program Files\avast\aswRunDll.exe "C:\Program Files\avast\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ESU for Microsoft Vista-->MsiExec.exe /I{865DB1C9-D5E4-408B-B37D-9927E605BD2D}
Favorit-->c:\users\rayenoo\appdata\local\tdipwdky.bat
Favorit-->c:\users\rayenoo\appdata\local\yckwu.bat
ffdshow-->"C:\Program Files\ffdshow\uninstall.exe"
Free Mp3 Wma Converter V 1.7.2-->"C:\Program Files\Free Audio Pack\unins000.exe"
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Navilog1 3.7.7-->"C:\Program Files\Navilog1\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickPlay SlingPlayer 0.4.4-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Ressources Windows Mobile-->C:\Program Files\Ressources Windows Mobile\Windows Mobile Device Handbook\Bin\DHUninstall.exe
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims™ Life Stories-->MsiExec.exe /I{2284D904-C138-4B58-93EC-5C362AB5130A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html [2009-01-16]
O13 - Gopher Prefix: [2009-01-16]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html [2009-01-16]
O4 - HKCU\..\Run: [emqgk] "c:\users\rayenoo\appdata\local\emqgk.exe" emqgk [2009-02-13]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html [2009-02-13]
O4 - HKCU\..\Run: [coouckk] "c:\users\rayenoo\appdata\local\coouckk.exe" coouckk [2009-02-13]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html [2009-02-13]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081113-1]
AV: Norton Internet Security (outdated)
FW: Norton Internet Security
FW: ZoneAlarm Firewall
AS: Windows Defender
AS: Norton Internet Security (outdated)
AS: avast! antivirus 4.8.1229 [VPS 081113-1]

======System event log======

Computer Name: RAYENOO-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 97160
Source Name: Service Control Manager
Time Written: 20090113161038.000000-000
Event Type: Error
User:

Computer Name: RAYENOO-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 97245
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090113172305.653675-000
Event Type: Error
User:

Computer Name: RAYENOO-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 97292
Source Name: Service Control Manager
Time Written: 20090113172339.000000-000
Event Type: Error
User:

Computer Name: RAYENOO-PC
Event Code: 1073
Message: The attempt by user RAYENOO-PC\RAYENOO to restart/shutdown computer RAYENOO-PC failed
Record Number: 97355
Source Name: USER32
Time Written: 20090113174727.000000-000
Event Type: Warning
User: RAYENOO-PC\RAYENOO

Computer Name: RAYENOO-PC
Event Code: 6008
Message: The previous system shutdown at 18:49:36 on 13/01/2009 was unexpected.
Record Number: 97363
Source Name: EventLog
Time Written: 20090113205709.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: RAYENOO-PC
Event Code: 3036
Message: The content source <iehistory://{s-1-5-21-1902154937-497218164-1116554410-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The filtering was stopped because of a user action, such as stopping the crawl. (0x80040d54)

Record Number: 37722
Source Name: Microsoft-Windows-Search
Time Written: 20090512224854.000000-000
Event Type: Warning
User:

Computer Name: RAYENOO-PC
Event Code: 3023
Message: The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.

Context: Application, SystemIndex Catalog

Details:
Incorrect function.
(0x00000001)

Record Number: 37723
Source Name: Microsoft-Windows-Search
Time Written: 20090512224913.000000-000
Event Type: Warning
User:

Computer Name: RAYENOO-PC
Event Code: 1000
Message: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module ShellvRTF.dll, version 1.1.0.8, time stamp 0x46d83e7c, exception code 0xc0000005, fault offset 0x000057ab, process id 0x580, application start time 0x01c9d352081e0169.
Record Number: 37724
Source Name: Application Error
Time Written: 20090512233404.000000-000
Event Type: Error
User:

Computer Name: RAYENOO-PC
Event Code: 1002
Message: The program Explorer.EXE version 6.0.6001.18164 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 9e4 Start Time: 01c9d39b072d4e10 Termination Time: 101
Record Number: 37761
Source Name: Application Hang
Time Written: 20090513081422.000000-000
Event Type: Error
User:

Computer Name: RAYENOO-PC
Event Code: 1002
Message: The program iexplore.exe version 8.0.6001.18702 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: bb4 Start Time: 01c9d3ae210707e3 Termination Time: 0
Record Number: 37845
Source Name: Application Hang
Time Written: 20090513102728.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: RAYENOO-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 51864
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090512212722.481000-000
Event Type: Audit Success
User:

Computer Name: RAYENOO-PC
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 51865
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090512212731.175000-000
Event Type: Audit Success
User:

Computer Name: RAYENOO-PC
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x54c
Name: C:\Windows\System32\svchost.exe

Previous Time: 23:27:30 12/05/2009
New Time: 23:27:30 12/05/2009

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 51866
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090512212734.969000-000
Event Type: Audit Success
User:

Computer Name: RAYENOO-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2e96c

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 51867
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090512212740.399000-000
Event Type: Audit Success
User:

Computer Name: RAYENOO-PC
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 51868
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090512212900.957304-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\;C:\Windows\Microsoft.NET\Framework\v2.0.50727
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"USERPART"=E:
"tvdumpflags"=8
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------


merci

bonsoir

çi joint le rapport demandé

ComboFix 09-05-13.01 - RAYENOO 14/05/2009 0:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.33.1033.18.2046.1128 [GMT 2:00]
Lancé depuis: c:\users\RAYENOO\Searches\Desktop\moi.exe.exe
AV: avast! antivirus 4.8.1229 [VPS 081113-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: avast! antivirus 4.8.1229 [VPS 081113-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-13 au 2009-05-13 ))))))))))))))))))))))))))))))))))))
.

2009-05-13 20:58 . 2009-05-13 20:58 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-13 20:27 . 2009-05-13 20:29 -------- d-----w c:\program files\Common Files\Remote Control Software Common
2009-05-13 20:27 . 2009-05-13 20:27 -------- d-----w c:\program files\Logitech
2009-05-13 20:26 . 2009-05-13 20:26 -------- d-----w c:\windows\LastGood
2009-05-13 20:25 . 2009-05-13 20:25 -------- d-----w c:\program files\Common Files\Remote Control USB Driver
2009-05-13 20:24 . 2009-05-13 20:24 -------- d-----w c:\users\RAYENOO\AppData\Roaming\InstallShield
2009-05-13 11:15 . 2009-05-13 11:31 -------- d-----w C:\UsbFix
2009-05-13 10:25 . 2009-05-13 10:41 -------- d-----w C:\rsit
2009-05-13 07:24 . 2009-05-13 09:02 -------- d-----w c:\windows\BDOSCAN8
2009-05-12 21:33 . 2009-05-12 23:33 -------- d-----w c:\program files\Navilog1
2009-05-12 11:58 . 2009-05-12 11:58 -------- d-----w c:\users\RAYENOO\AppData\Roaming\Malwarebytes
2009-05-12 11:57 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-12 11:57 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 11:57 . 2009-05-12 11:57 -------- d-----w c:\programdata\Malwarebytes
2009-05-12 11:57 . 2009-05-12 11:57 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-12 11:57 . 2009-05-12 11:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-12 11:56 . 2009-05-12 11:56 -------- d-----w c:\program files\antimaware
2009-05-08 15:53 . 2009-05-08 15:53 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-08 15:28 . 2009-05-08 15:28 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-27 10:17 . 2009-04-27 10:17 -------- d-----w c:\programdata\Xerox
2009-04-27 10:17 . 2009-04-27 10:17 -------- d-----w c:\users\All Users\Xerox
2009-04-16 22:03 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 22:03 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 22:03 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 20:27 . 2007-11-27 23:05 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 20:26 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-13 20:26 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-13 20:26 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-13 19:54 . 2008-08-21 22:33 352615 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-05-13 19:54 . 2009-01-12 18:17 55487 ----a-w c:\users\All Users\nvModes.dat
2009-05-13 19:54 . 2009-01-12 18:17 55487 ----a-w c:\programdata\nvModes.dat
2009-05-13 12:15 . 2008-01-28 11:15 3308 ----a-w c:\windows\bthservsdp.dat
2009-05-12 07:29 . 2009-05-12 07:29 3175547 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-05-08 15:57 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-08 15:41 . 2008-05-18 16:47 103552 ----a-w c:\users\RAYENOO\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-16 19:00 . 2009-04-16 19:01 2895360 ----a-w c:\windows\Internet Logs\xDB8FB1.tmp
2009-04-05 18:34 . 2008-07-28 07:46 -------- d-----w c:\program files\avast
2009-03-24 08:35 . 2009-03-24 08:35 -------- d-----w c:\program files\MarkAny
2009-03-24 08:34 . 2009-03-24 08:34 -------- d-----w c:\program files\Samsung
2009-03-22 19:22 . 2008-12-12 11:32 680 ----a-w c:\users\RAYENOO\AppData\Local\d3d9caps.dat
2009-03-17 03:38 . 2009-04-16 22:01 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 22:01 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-05-08 14:15 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-08 14:15 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-08 14:15 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-08 14:15 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-08 14:15 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-08 14:15 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-08 14:15 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-08 14:15 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-08 14:15 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-08 14:15 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-08 14:15 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-08 14:15 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-08 14:15 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-08 14:15 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-08 14:15 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-08 14:15 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-08 14:15 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-08 14:15 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-16 22:01 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 22:01 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 22:01 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 22:01 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 22:01 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 22:01 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 22:01 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-16 22:01 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-16 22:01 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 22:01 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-15 19:55 . 2009-02-15 19:56 1665024 ----a-w c:\windows\Internet Logs\xDB7BC3.tmp
2009-02-13 21:05 . 2009-02-11 19:14 90 ----a-w c:\users\RAYENOO\AppData\Local\emqgk.bat
2009-02-13 20:32 . 2009-02-11 22:46 92 ----a-w c:\users\RAYENOO\AppData\Local\coouckk.bat
2009-02-13 08:49 . 2009-04-16 22:01 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 22:01 1255936 ----a-w c:\windows\system32\lsasrv.dll
2008-07-30 00:56 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"avast!"="c:\progra~1\avast\ashDisp.exe" [2008-11-12 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1902154937-497218164-1116554410-1001]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4A0B64D1-A303-40E5-B2B6-BA0B178FDF26}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7053F7B5-ED5B-4EC1-AFF6-2DAE22E0AF84}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{367FCF65-8190-4E91-9E4A-BA0937F03FC1}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A469523A-06D1-493F-8F2C-BFEBECB971B3}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{B69081D0-60C9-4F6E-AF02-284FE0904D80}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4D2FF70D-BBE2-4744-9797-88503119358E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E2B5860D-B06D-4D58-8868-726D2309E52D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5F985D5F-7908-4892-BCC1-E1A49557C4E3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0D43B688-C96B-4B91-BDFC-A6EB88A70348}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{7C505DF2-5D3F-4A52-8A7C-BF2B0C7103B4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5181C2F0-4AA7-4FE5-AC65-03EF8BA1AA76}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{18F9F9E2-0CE0-443A-8B60-1B2F8188797E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9BB60713-C889-41CF-BC1E-77496DABEB53}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{559550FA-28C7-45F2-9F73-A1B4E9C5EB92}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{95D7648D-3370-4329-9329-5BDC1DA7875D}"= c:\program files\skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [28/07/2008 09:49 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [28/07/2008 09:49 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [28/07/2008 09:48 51792]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 16:40 3668480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-05-13 c:\windows\Tasks\User_Feed_Synchronization-{A0584FB5-7AF6-487B-A8E0-3320A0FC6CEF}.job
- c:\windows\system32\msfeedssync.exe [2009-05-08 11:31]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\RAYENOO\AppData\Roaming\Mozilla\Firefox\Profiles\36d8nyao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2215634&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2215634&SearchSource=2&q=
FF - component: c:\users\RAYENOO\AppData\Roaming\Mozilla\Firefox\Profiles\36d8nyao.default\extensions\{e47d6d44-6479-461d-bfa3-dbd0dc5a9011}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 00:08
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\TEMP\TMP0000008EC8C0D91770B9ECD8 524288 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{28334827-7b80-4bb6-8eaf-ed54843cddaf}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e0016d3
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{300c72a7-1fd9-4d4c-9b83-383b377e5914}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:16001e37
"Dhcpv6State"=dword:00000000
"NameServer"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3318c7e3-00b7-4a19-8665-e25a965866fe}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1c020054
"Dhcpv6State"=dword:00000000
"NameServer"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{4a312c72-ae0b-4ba8-b179-d68472234843}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001b24
"Dhcpv6State"=dword:00000000
"NameServer"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{73176315-e130-434f-a91e-4152e452c295}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12001cbf
"Dhcpv6State"=dword:00000000
"NameServer"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{73daeffe-34f0-4072-a728-f63425b39318}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c000000
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{78ab23bb-76de-46d7-95d8-5deb8945d67a}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:15000000
"Dhcpv6State"=dword:00000000
"NameServer"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b219767c-631a-4663-9529-67b000cffc8d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:19000000
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{e09d57bc-d1bd-4391-8a2e-a4808752c20c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12000000
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f90c97a7-a20f-4b7c-9052-1b283257715e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:16000000
"Dhcpv6State"=dword:00000000
.
Heure de fin: 2009-05-13 0:12
ComboFix-quarantined-files.txt 2009-05-13 22:12

Avant-CF: 2 875 875 328 bytes free
Après-CF: 2 577 268 736 bytes free

294 --- E O F --- 2009-05-13 08:38


merci