HELP: ordinateur infecté par virus !

Bonsoir,

j'ai bien suivi tes instructions , voici le contenu des 2 rapports ci dessous
Merci d'avance pour tes retours :-)



Ad report :
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 20:50:54, 15/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: ADMIN | Utilisateur actuel: Pascal
.
Administrateur: Administrateur
N'est pas administrateur: ASPNET
Administrateur: Ava
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité *Desactive*
N'est pas administrateur: IUSR_ADMIN
N'est pas administrateur: IWAM_ADMIN
Administrateur: Lydie
Administrateur: Pascal
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
Administrateur: Valentin
Administrateur: Ylan
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\ItsLabel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FD02C4FD-6B84-4268-8091-75092DB7251A}
HKCR\CLSID\{1621F7C0-60AC-11CF-9427-444553540000}
HKCR\CLSID\{B4E90802-B83C-11D0-8B40-00C0F00AE35A}
.
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\EoRezo\cmhost.cyp
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\EoRezo\ConfMedia.cyp
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\EoRezo\ConfMedia.cyp.old
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\EoRezo\db
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\EoRezo\eoDesktop
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\EoRezo\host.cyp
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\EoRezo\user.cyp
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\EoRezo\db\cat.cyp
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\EoRezo\eoDesktop\config.xml
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\EoRezo\eoDesktop\userConfig.xml
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\EoRezo
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\ItsLabel\ItsTV
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\ItsLabel\ItsTV\itsTV.xml
C:\DOCUME~1\PASCAL~1.000\APPLIC~1\ItsLabel
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\tmp
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.2899
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.3051
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.3326
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.6297
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.6377
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.7929
C:\Program Files\EoRezo
C:\WINDOWS\system32\inetsrv\ADROT.dll
C:\WINDOWS\system32\inetsrv\ContRot.dll
C:\Documents and Settings\Lydie.ADMIN\Application Data\ItsLabel\ItsTV
C:\Documents and Settings\Lydie.ADMIN\Application Data\ItsLabel\ItsTV\itsTV.xml
C:\Documents and Settings\Lydie.ADMIN\Application Data\ItsLabel
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\downloads
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\eula.rtf
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\Final.ini
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\Install.bmp
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\LicensePage.ini
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\PageBackground.bmp
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\PODemographicCollection.ini
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\POLicensePage.ini
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\po_header.bmp
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\Skin_gen.bmp
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\Skin_genex.bmp
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\System.dll
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\UserInfo.ini
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\UserInfoFinal.bmp
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\UserInfoFinal.ini
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp\downloads\list.txt
C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp\nst37.tmp
C:\Documents and Settings\Ava.ADMIN\Cookies\ava@eorezo[1].txt
C:\Documents and Settings\Valentin.ADMIN.000\Cookies\valentin@eorezo[2].txt
C:\Documents and Settings\Valentin.ADMIN.000\Cookies\valentin@rotator.adjuggler[2].txt
C:\Documents and Settings\Valentin.ADMIN.000\Cookies\valentin@rotator.its.adjuggler[2].txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
.

* Internet Explorer Version 7.0.5730.13 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
C:\Documents and Settings\Pascal.ADMIN.000\Bureau\BF2_Patch_1.41.exe
C:\Documents and Settings\Pascal.ADMIN.000\Mes documents\Azureus Downloads\Silent Hunter III\Silent.Hunter.Patch.exe
.
===================================
.
6062 Octet(s) - C:\Ad-Report-CLEAN.log
.
4270 Fichier(s) - C:\DOCUME~1\PASCAL~1.000\LOCALS~1\Temp
520 Fichier(s) - C:\WINDOWS\Temp
.
16 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
33 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 21:06:41 | 15/07/2009
.
============== E.O.F ==============
.


Smitfraud report :

SmitFraudFix v2.423

Rapport fait à 21:31:17,79, 15/07/2009
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\Tasks\At?.job supprimé
C:\WINDOWS\Tasks\At??.job supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS2\Services\Tcpip\..\{3D713002-8EE3-4090-AE22-96A45EE8CA7A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Bonjour

Merci pour ta réponse. J'ai donc suivi tes instructions hier soir, mais ce matin en repassant Avast pour faire le point , j'ai constaté qu'il y avait certes moins de fichiers vérolés mais surtout les mêmes virus restent présents et se sont déplacés dans le répertoire program file de Avast , de plus un nouveau virus est apparu spyware.
Que me conseilles tu ?

A +

Bonjour ,

Voici le contenu du raport apres avoir lancé smitfraud en étant en mode sans échec :

SmitFraudFix v2.423

Rapport fait à 10:55:22,67, 18/07/2009
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D713002-8EE3-4090-AE22-96A45EE8CA7A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3D713002-8EE3-4090-AE22-96A45EE8CA7A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3D713002-8EE3-4090-AE22-96A45EE8CA7A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Voici le nouveau rapport suite à l'execution de combofix:

ComboFix 09-07-14.08 - Pascal 18/07/2009 16:16.2.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1511 [GMT 2:00]
Running from: c:\documents and settings\Pascal.ADMIN.000\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Pascal.ADMIN.000\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090717-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\program files\winsudate\gibusr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\winsudate\gibusr.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-18 09:34 . 2009-07-18 09:34 -------- d-----w- c:\documents and settings\Pascal.ADMIN.000\Local Settings\Application Data\Temp
2009-07-15 18:50 . 2009-07-15 19:06 -------- d-----w- c:\program files\Ad-remover
2009-07-15 18:48 . 2009-07-18 09:01 -------- d-----w- C:\SmitfraudFix
2009-07-15 18:43 . 2009-07-15 18:35 1885088 ----a-w- C:\SmitfraudFix.exe
2009-07-15 16:53 . 2009-07-15 16:53 -------- d-----w- c:\documents and settings\Pascal.ADMIN.000\Application Data\Malwarebytes
2009-07-15 16:53 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 16:53 . 2009-07-15 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 16:53 . 2009-07-15 16:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-15 16:53 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 16:27 . 2009-07-15 16:27 -------- d-----w- c:\program files\trend micro
2009-07-15 16:27 . 2009-07-15 16:27 -------- d-----w- C:\rsit
2009-07-15 16:05 . 2009-07-15 16:05 -------- d-----w- c:\documents and settings\Pascal.ADMIN.000\Application Data\Yahoo!
2009-07-15 16:05 . 2009-07-15 16:05 -------- d-----w- c:\program files\CCleaner
2009-07-13 06:33 . 2009-07-13 06:33 -------- d-----w- c:\documents and settings\LocalService.AUTORITE NT.000\Application Data\Logitech
2009-07-10 14:04 . 2009-07-10 14:04 -------- d-----w- c:\program files\wletmin
2009-07-10 12:41 . 2009-07-10 12:32 344064 ----a-w- c:\documents and settings\Pascal.ADMIN.000\Application Data\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\_setup.dll
2009-07-10 12:33 . 2002-12-02 20:33 107512 ----a-w- c:\documents and settings\Pascal.ADMIN.000\Application Data\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe
2009-07-10 12:33 . 2009-07-10 12:33 -------- d-----w- c:\documents and settings\Pascal.ADMIN.000\Application Data\InstallShield Installation Information
2009-07-07 18:33 . 2009-07-07 18:34 -------- d-----r- c:\documents and settings\LocalService.AUTORITE NT.000\Mes documents
2009-07-07 18:33 . 2009-07-07 18:34 -------- d-----r- c:\documents and settings\LocalService.AUTORITE NT.000\Favoris
2009-07-07 18:33 . 2009-07-07 18:33 -------- d-----w- c:\documents and settings\LocalService.AUTORITE NT.000\Menu Démarrer
2009-07-07 18:33 . 2009-07-07 18:33 -------- d-----w- c:\documents and settings\LocalService.AUTORITE NT.000\Bureau
2009-07-07 18:32 . 2009-07-18 14:21 -------- d-----w- c:\program files\Winsudate
2009-07-07 18:32 . 2009-07-07 18:34 -------- d-----w- c:\program files\Letmin
2009-07-07 18:32 . 2009-07-07 18:32 -------- d-----w- c:\documents and settings\Pascal.ADMIN.000\Application Data\Icones
2009-06-29 16:36 . 2009-06-29 16:36 37345 ----a-r- c:\documents and settings\Pascal.ADMIN.000\Application Data\Microsoft\Installer\{49E597BA-63D3-4936-9E02-AEDB5D1FE002}\controlPanelIcon.exe
2009-06-29 16:36 . 2009-06-29 16:36 10134 ----a-r- c:\documents and settings\Pascal.ADMIN.000\Application Data\Microsoft\Installer\{49E597BA-63D3-4936-9E02-AEDB5D1FE002}\SystemFolder_msiexec.exe
2009-06-27 17:10 . 2008-11-17 09:40 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2009-06-27 15:50 . 2009-06-27 17:11 -------- d-----w- c:\documents and settings\Pascal.ADMIN.000\Application Data\AVS4YOU
2009-06-27 15:50 . 2009-06-27 15:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVS4YOU
2009-06-27 15:50 . 2009-06-27 15:50 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2009-06-27 15:50 . 2009-01-28 18:49 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-06-27 15:50 . 2009-06-27 17:11 -------- d-----w- c:\program files\AVS4YOU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 18:28 . 2008-03-28 20:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-07-16 19:49 . 2009-02-12 14:06 -------- d-----w- c:\documents and settings\Pascal.ADMIN.000\Application Data\ArcSoft
2009-07-15 20:00 . 2008-03-02 19:42 -------- d-----w- c:\program files\Yahoo!
2009-07-15 19:59 . 2007-12-27 18:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 07:28 . 2008-12-14 11:08 -------- d-----w- c:\program files\Ubisoft
2009-06-30 20:33 . 2009-03-08 15:35 -------- d-----w- c:\documents and settings\Pascal.ADMIN.000\Application Data\dvdcss
2009-06-27 15:29 . 2008-11-11 17:51 -------- d-----w- c:\documents and settings\Pascal.ADMIN.000\Application Data\LimeWire
2009-06-13 12:30 . 2008-10-22 15:12 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2009-06-13 07:06 . 2009-02-10 10:43 -------- d-----w- c:\documents and settings\Valentin.ADMIN.000\Application Data\LimeWire
2009-06-13 07:05 . 2008-11-11 17:47 -------- d-----w- c:\program files\LimeWire
2009-06-11 15:58 . 2008-03-12 16:28 -------- d-----w- c:\program files\Atari
2009-06-05 17:30 . 2009-06-05 17:30 -------- d-----w- c:\program files\Fichiers communs\xing shared
2009-06-05 17:30 . 2008-05-04 18:37 -------- d-----w- c:\program files\Fichiers communs\Real
2009-06-05 17:29 . 2008-02-05 21:02 -------- d-----w- c:\program files\Google
2009-05-08 22:18 . 2008-02-07 20:01 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-08 21:20 . 2008-02-07 20:01 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-07 23:58 . 2004-08-05 12:00 97490 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-07 23:58 . 2004-08-05 12:00 525228 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-04 20:02 . 2009-04-02 20:25 152576 ----a-w- c:\documents and settings\Pascal.ADMIN.000\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-30 22:44 . 2008-02-07 20:01 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-04-30 17:18 . 2008-03-25 22:36 43616 ----a-w- c:\documents and settings\Pascal.ADMIN.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 20:24 . 2009-02-14 22:06 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2004-07-22 09:51 . 2004-07-22 09:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-28 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-02-18 1265783]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-06-05 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\Pascal.ADMIN.000\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-4-20 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-14 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\MotoGP2\\motogp2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [08/05/2008 13:47 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/05/2008 13:47 20560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [11/01/2008 14:45 38656]
S2 gupdate1c9e6032e0728a2;Service Google Update (gupdate1c9e6032e0728a2);c:\program files\Google\Update\GoogleUpdate.exe [05/06/2009 19:29 133104]
S3 SQTECH9090;TOP Cam(PID_9090_00);c:\windows\system32\drivers\Capt9090.sys [12/02/2009 18:42 48384]
.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-28 16:58]

2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 17:29]

2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 17:29]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WinUsr - c:\program files\Winsudate\gibusr.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 16:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-651377827-2146000999-1003\Software\SecuROM\License information*]
"datasecu"=hex:df,95,61,0f,9f,3d,94,c3,89,60,ea,8b,b9,9a,7b,29,b3,fa,52,8a,02,
1b,40,36,56,48,1b,12,fb,d9,a8,44,92,ce,82,c1,40,37,f8,6a,95,ed,87,bd,c6,e8,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-07-18 16:23
ComboFix-quarantined-files.txt 2009-07-18 14:23
ComboFix2.txt 2009-07-18 12:05

Pre-Run: 57 366 732 800 octets libres
Post-Run: 57 361 272 832 octets libres

190

désolée je ne comprends pas "RSIT" ?

Hello ,

RSIT à 2h du matin, je n'ai pas percuté !
Sinon, l'ordi a planté 2 fois pendant l'execution de Kaspersky . Je recommencerai demain , je posterai les rapports demain soir (en espérant que tout se passe bien -> vive l'informatique !!)
@+

dis moi , faut il vraiment désactiver l'anti virus installé sur l'ordi avant de lancer Kaspersky ? si oui, pendant qu il fait son analyse (qui dure des heures d'ailleurs) , est ce que la machine reste protégée ?

c alzeimer qui me guette ...j'ai confondu RSIT avec Kaspersky ...!
dans tous les cas, merci pour ta patience !

Voici les rapports RSIT :


info.txt logfile of random's system information tool 1.06 2009-07-22 19:47:41

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Ad-remover-->C:\Program Files\Ad-remover\Uninstall ADR.exe
Alone in the Dark - The New Nightmare-->C:\WINDOWS\IsUn040c.exe -f"f:\Infogrames\Alone in the Dark\Uninst.isu"
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Funhouse 1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FC4811E-29F4-4035-9274-43A16816152D}\Setup.exe" -l0x40c
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x40c
ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}\setup.exe" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS Video to GO-->"C:\Program Files\AVS4YOU\AVSVideotoGO\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x40c -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42EDF895-158C-484E-A7F2-42B90759F281}\SETUP.EXE" -l0x40c UNINST
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Colin McRae Rally 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D26D1A53-D8A2-4004-BC98-0642B4EEAAB2}\setup.exe" -l0x40c
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46CBBDF8-55B5-40DB-B459-7B848394309C}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\epupdate.exe /r
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus SX200 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEFE.EXE /R /APD /P:"EPSON Stylus SX200 Series"
EPSON Stylus SX200_SX400_TX200_TX400 Manuel-->C:\Program Files\EPSON\TPMANUAL\ES_SX_TX\FRA\USE_G\DOCUNINS.EXE
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.37\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Guitar Pro 4.0.7-->C:\PROGRA~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\GUITAR~1\INSTALL.LOG
Guitar Pro 5.0-->"f:\Program Files\Guitar Pro 5\unins000.exe"
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
InCD EasyWrite Reader-->C:\WINDOWS\unmrw.exe /UNINSTALL
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Mega Codec Pack 3.8.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LEGO Racers-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\LEGO Media\Games\LEGO Racers\Uninst.isu"
LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
Logiciel Kodak EasyShare-->C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\$SETUP_140002_103bfba\Setup.exe /APR-REMOVE
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x40c UNINSTALL
Logitech Gaming Software 5.02-->MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MP Manager-->MsiExec.exe /X{49E597BA-63D3-4936-9E02-AEDB5D1FE002}
MP Manager-->MsiExec.exe /X{7DE4B31F-651E-4773-8DD4-399E7E58477E}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
My DSC-->C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
MyDSC2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia PC Suite-->C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_fre.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Package de pilotes Windows - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Package de pilotes Windows - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Package de pilotes Windows - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PhoTags Express 3-->C:\PROGRA~1\PHOTAG~1\Setup.exe /remove /q0
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Prince of Persia T2T-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}\setup.exe" -l0x40c -removeonly
Prince of Persia-->"C:\Program Files\InstallShield Installation Information\{7C11154F-3539-4CB5-979D-EF7913473E53}\setup.exe" -runfromtemp -l0x040c -removeonly
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
TOP Cam-->C:\Program Files\InstallShield Installation Information\{B571E4C7-EF38-4672-A862-D825519DED97}\setup.exe -runfromtemp -l0x040c -removeonly
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090722-0]

======System event log======

Computer Name: ADMIN
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 7415
Source Name: Service Control Manager
Time Written: 20090625225026.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: ADMIN
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 7414
Source Name: Service Control Manager
Time Written: 20090625225026.000000+120
Event Type: Informations
User:

Computer Name: ADMIN
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Web Scanner.

Record Number: 7413
Source Name: Service Control Manager
Time Written: 20090625225026.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: ADMIN
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.

Record Number: 7412
Source Name: Service Control Manager
Time Written: 20090625225026.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: ADMIN
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 7411
Source Name: EventLog
Time Written: 20090625225009.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: ADMIN
Event Code: 105
Message: The service was started.

Record Number: 3311
Source Name: ATI Smart
Time Written: 20090122210615.000000+060
Event Type: Informations
User:

Computer Name: ADMIN
Event Code: 1002
Message: Application bloquée iexplore.exe, version 7.0.6000.16608, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Record Number: 3310
Source Name: Application Hang
Time Written: 20090122210224.000000+060
Event Type: erreur
User:

Computer Name: ADMIN
Event Code: 1002
Message: Application bloquée iexplore.exe, version 7.0.6000.16608, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Record Number: 3309
Source Name: Application Hang
Time Written: 20090122210213.000000+060
Event Type: erreur
User:

Computer Name: ADMIN
Event Code: 1002
Message: Application bloquée iexplore.exe, version 7.0.6000.16608, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Record Number: 3308
Source Name: Application Hang
Time Written: 20090122210205.000000+060
Event Type: erreur
User:

Computer Name: ADMIN
Event Code: 1002
Message: Application bloquée iexplore.exe, version 7.0.6000.16608, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Record Number: 3307
Source Name: Application Hang
Time Written: 20090122210203.000000+060
Event Type: erreur
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pascal at 2009-07-22 19:47:39
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 54 GB (42%) free of 131 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:40, on 22/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
F:\DRIVERS\RSIT.exe
C:\Program Files\trend micro\Pascal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1c9e6032e0728a2) (gupdate1c9e6032e0728a2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe