Rapport Hijackthis

voila le rapport sans echecs

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_E | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 06.12.2009 à 17:18
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:45:23, 10/12/2009 | Mode sans echec | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: MAISON | Utilisateur actuel: Boix
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.


(!) -- Fichiers temporaires supprimés.

.
HKCU\software\Ask.com
HKCU\software\AskToolbar
HKCU\software\CToolbar
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\software\classes\appid\GenericAskToolbar.DLL
HKLM\software\CToolbar
HKLM\Software\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKLM\Software\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKLM\software\Trymedia Systems
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Use Search Asst: no
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\Boix\Favoris\CrackSerialCodes.com - Search Engine.url
.
===================================
.
2417 Octet(s) - C:\Ad-Report-CLEAN[1].log
13758 Octet(s) - C:\Ad-Report-SCAN[1].log
.
0 Fichier(s) - C:\DOCUME~1\Boix\LOCALS~1\Temp
0 Fichier(s) - C:\WINDOWS\Temp
.
17 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 11:52:21 | 10/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.

voila

Logfile of random's system information tool 1.06 (written by random/random)
Run by Boix at 2009-12-10 12:36:38
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 38 GB (63%) free of 60 GB
Total RAM: 1983 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:10, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Documents and Settings\Boix\Bureau\ESSAI PC\RSIT.exe
C:\Program Files\trend micro\Boix.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} (CUpdateAdvisorCtrl Object) - http://www.cyberlink.com/prog/aacs/UpdateAdvisor.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVService - Sophos Plc - (no file)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

rapport info

info.txt logfile of random's system information tool 1.06 2009-12-09 22:24:33

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
10 Jours Sous Les Mers-->"E:\Jeux\Big Fish\10 Jours Sous Les Mers\Uninstall.exe"
4 Elements-->"E:\Jeux\Big Fish\4 Elements\Uninstall.exe"
7 Wonders II-->"E:\Jeux\Big Fish\7 Wonders II\Uninstall.exe"
7 Wonders: Treasures of Seven-->"E:\Jeux\Big Fish\7 Wonders - Treasures of Seven\Uninstall.exe"
Abra Academy: Returning Cast ™-->"E:\Jeux\Big Fish\Abra Academy - Returning Cast\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Adventure Chronicles: A la Recherche des Trésors Perdus-->"E:\Jeux\Big Fish\Adventure Chronicles - A la Recherche des Tresors Perdus\Uninstall.exe"
Affair Bureau-->"E:\Jeux\Big Fish\Affair Bureau\Uninstall.exe"
Agatha Christie - Death on the Nile-->"E:\Jeux\Big Fish\Agatha Christie - Death on the Nile\Uninstall.exe"
Agatha Christie: La Maison du Péril-->"E:\Jeux\Big Fish\Agatha Christie - La Maison du Peril\Uninstall.exe"
Age of Emerald-->"E:\Jeux\Big Fish\Age of Emerald\Uninstall.exe"
Agence de Détective-->"E:\Jeux\Big Fish\Agence de Detective\Uninstall.exe"
Alabama Smith: Escape from Pompeii-->"E:\Jeux\Big Fish\Alabama Smith - Escape from Pompeii\Uninstall.exe"
Alabama Smith: Les Cristaux de la Destinée-->"E:\Jeux\Big Fish\Alabama Smith - Les Cristaux de la Destinee\Uninstall.exe"
Alchemist's Apprentice-->"E:\Jeux\Big Fish\Alchemist's Apprentice\Uninstall.exe"
Alexandra Fortune et le Mystère de l'Archipel Oublié-->"E:\Jeux\Big Fish\Alexandra Fortune et le Mystere de l'Archipel Oublie\Uninstall.exe"
Alice's Magical Mahjong-->"E:\Jeux\Big Fish\Alice's Magical Mahjong\Uninstall.exe"
ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
Amazing Adventures: Around the World-->"E:\Jeux\Big Fish\Amazing Adventures - Around the World\Uninstall.exe"
Amazing Adventures: The Lost Tomb-->"E:\Jeux\Big Fish\Amazing Adventures - The Lost Tomb\Uninstall.exe"
Ancient Quest of Saqqarah-->"E:\Jeux\Big Fish\Ancient Quest of Saqqarah\Uninstall.exe"
Animal Agents-->"E:\Jeux\Big Fish\Animal Agents\Uninstall.exe"
Annabel-->"E:\Jeux\Big Fish\Annabel\Uninstall.exe"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Around the World in 80 Days-->"E:\Jeux\Big Fish\Around the World in 80 Days\Uninstall.exe"
Art of Murder 2: La Traque du Marionnettiste-->"E:\Jeux\Big Fish\Art of Murder 2 - La Traque du Marionnettiste\Uninstall.exe"
Art of Murder: FBI Confidential-->"E:\Jeux\Big Fish\Art of Murder - FBI Confidential\Uninstall.exe"
Atlantis - Sky Patrol ™-->"E:\Jeux\Big Fish\Atlantis - Sky Patrol\Uninstall.exe"
Atlantis Quest-->"E:\Jeux\Big Fish\Atlantis Quest\Uninstall.exe"
Au Coeur de Lascaux-->"E:\Jeux\Big Fish\Au Coeur de Lascaux\Uninstall.exe"
Aura: La Légende des Mondes Parallèles-->"E:\Jeux\Big Fish\Aura - La Legende des Mondes Paralleles\Uninstall.exe"
Autumn's Treasures: La Pièce de Jade-->"E:\Jeux\Big Fish\Autumn's Treasures - La Piece de Jade\Uninstall.exe"
AVS Video Converter 6-->"D:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Azada : Ancient Magic-->"E:\Jeux\Big Fish\Azada - Ancient Magic\Uninstall.exe"
Azada -->"E:\Jeux\Big Fish\Azada\Uninstall.exe"
Azkend-->"E:\Jeux\Big Fish\Azkend\Uninstall.exe"
Becky Brogan: Le Mystère du Manoir Meane-->"E:\Jeux\Big Fish\Becky Brogan - Le Mystere du Manoir Meane\Uninstall.exe"
Big City Adventure - San Francisco-->"E:\Jeux\Big Fish\Big City Adventure - San Francisco\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
BlazeDVD 5.1 Professional-->"C:\Program Files\BlazeVideo\BlazeDVD 5 Professional\unins001.exe"
Blood Ties-->"E:\Jeux\Big Fish\Blood Ties\Uninstall.exe"
Book of Legends-->"E:\Jeux\Big Fish\Book of Legends\Uninstall.exe"
Bookworm Deluxe-->"E:\Jeux\Big Fish\Bookworm Deluxe\Uninstall.exe"
Brick Quest 2-->"E:\Jeux\Big Fish\Brick Quest 2\Uninstall.exe"
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Call of Atlantis-->"E:\Jeux\Big Fish\Call of Atlantis\Uninstall.exe"
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Carol Reed - East Side Story-->"E:\Jeux\Big Fish\Carol Reed - East Side Story\Uninstall.exe"
Cate West: Les Clés de Velours-->"E:\Jeux\Big Fish\Cate West - Les Cles de Velours\Uninstall.exe"
CloneCD-->"D:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="D:\Program Files\SlySoft\CloneCD"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Cradle of Persia-->"E:\Jeux\Big Fish\Cradle of Persia\Uninstall.exe"
Cradle of Rome-->"E:\Jeux\Big Fish\Cradle of Rome\Uninstall.exe"
Defraggler-->"D:\Program Files\Defraggler\uninst.exe"
Département 42: Le Mystère des Neuf-->"E:\Jeux\Big Fish\Departement 42 - Le Mystere des Neuf\Uninstall.exe"
Detective Stories: Hollywood-->"E:\Jeux\Big Fish\Detective Stories - Hollywood\Uninstall.exe"
DragonStone-->"E:\Jeux\Big Fish\DragonStone\Uninstall.exe"
Dream Chronicles 2: The Eternal Maze-->"E:\Jeux\Big Fish\Dream Chronicles 2 - The Eternal Maze\Uninstall.exe"
Dream Chronicles: The Chosen Child-->"E:\Jeux\Big Fish\Dream Chronicles - The Chosen Child\Uninstall.exe"
Dream Chronicles-->"E:\Jeux\Big Fish\Dream Chronicles\Uninstall.exe"
Eden-->"E:\Jeux\Big Fish\Eden\Uninstall.exe"
Entre les Mondes-->"E:\Jeux\Big Fish\Entre les Mondes\Uninstall.exe"
G.H.O.S.T. Chronicles: Le Fantôme de la Foire de la Renaissance-->"E:\Jeux\Big Fish\G.H.O.S.T. Chronicles - Le Fantome de la Foire de la Renaissance\Uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Hercules WiFi Station for Livebox-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe -runfromtemp -l0x040c -removeonly
Hide and Secret 3: La Quête du Pharaon-->"E:\Jeux\Big Fish\Hide and Secret 3 - La Quete du Pharaon\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Jewel Match-->"E:\Jeux\Big Fish\Jewel Match\Uninstall.exe"
Jewel of Atlantis-->"E:\Jeux\Big Fish\Jewel of Atlantis\Uninstall.exe"
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
La Malédiction du Pharaon: Les Larmes de Sekhmet-->"E:\Jeux\Big Fish\La Malediction du Pharaon - Les Larmes de Sekhmet\Uninstall.exe"
La Ville Mystérieuse: Vegas-->"E:\Jeux\Big Fish\La Ville Mysterieuse - Vegas\Uninstall.exe"
La Voleuse de l'Ombre-->"E:\Jeux\Big Fish\La Voleuse de l'Ombre\Uninstall.exe"
Le Retour de Monte Cristo-->"E:\Jeux\Big Fish\Le Retour de Monte Cristo\Uninstall.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Les Aventures de Mary Ann: Les Pirates de la Chance-->"E:\Jeux\Big Fish\Les Aventures de Mary Ann - Les Pirates de la Chance\Uninstall.exe"
LightScribe System Software 1.14.25.1-->MsiExec.exe /X{DA9DAC64-C947-47BA-B411-8A1959B177CF}
LightScribe Template Designs - 9 to 5 Pack 1-->MsiExec.exe /X{1A8C5BB4-91EB-4AB4-B667-74EC501341B9}
LightScribe Template Designs - Animal Pack 1-->MsiExec.exe /X{F8C7F1F2-EF8A-4019-89A8-77C5667F75C7}
LightScribe Template Designs - Architecture Pack 1-->MsiExec.exe /X{81A28748-46BA-4010-A877-E9808993C214}
LightScribe Template Designs - Art Pack 1-->MsiExec.exe /X{2CDB2DCD-1153-4ED4-9D0A-606231CEFE9A}
LightScribe Template Designs - Athletic Pack 1-->MsiExec.exe /X{1102D7B1-098C-4F48-92F4-DC403E45A527}
LightScribe Template Designs - Bonus Pack 1-->MsiExec.exe /X{D1C70CF7-F2F3-4A15-ADE5-5DF1BA0739E1}
LightScribe Template Designs - Bridal Pack 1-->MsiExec.exe /X{E17F3BA3-4322-4ADF-AA0A-4F9D9B2149A4}
LightScribe Template Designs - Business Pack 1-->MsiExec.exe /X{0345CF70-FA00-4F4E-A218-0FA494F465A4}
LightScribe Template Designs - Celebration Pack 1-->MsiExec.exe /X{66F2E34E-A7D4-49AF-8D4A-2F6D8760EFAD}
LightScribe Template Designs - Fantasy Pack 1-->MsiExec.exe /X{DE72186D-A4A5-4504-839C-B14FC3432DA1}
LightScribe Template Designs - Floral Pack 1-->MsiExec.exe /X{605C0E57-BBB8-458F-9020-B17DCF0D5DEA}
LightScribe Template Designs - Food-n-Family Pack 1-->MsiExec.exe /X{B06EFB5F-FDDC-4DA3-BE5C-3E2A72D5BEAE}
LightScribe Template Designs - Grab Bag Pack 1-->MsiExec.exe /X{B5ECA6E5-C943-4A40-936B-8E16D5B233ED}
LightScribe Template Designs - Hobby Pack 1-->MsiExec.exe /X{79D16FEF-F66A-4DF3-AE01-DF0AE3E3BA45}
LightScribe Template Designs - Holiday Pack 1-->MsiExec.exe /X{CEF736FF-8133-42F3-8E18-BDFE293B87FF}
LightScribe Template Designs - Kickin It Pack 1-->MsiExec.exe /X{14A023A2-3B5C-467A-A6C4-8583AE0BDF0E}
LightScribe Template Designs - Kids Korner Pack 1-->MsiExec.exe /X{742F1560-893C-457B-A47A-DBC62A1302FB}
LightScribe Template Designs - Life Events Pack 1-->MsiExec.exe /X{5B295E70-5256-46DD-ADA8-81E9EF7F4939}
LightScribe Template Designs - Music Pack 1-->MsiExec.exe /X{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}
LightScribe Template Designs - Mythology Pack 1-->MsiExec.exe /X{18143CE1-430E-4FF3-A44F-811FD2910929}
LightScribe Template Designs - Nature Pack 1-->MsiExec.exe /X{F3A482EC-55E0-48FA-A408-F40FDF265181}
LightScribe Template Designs - Quick and Simple Pack 1-->MsiExec.exe /X{D761BBA0-FBDD-4E81-96E1-43B957D91BD8}
LightScribe Template Designs - Seasonal Pack 1-->MsiExec.exe /X{84B01A13-F78F-4281-9224-C96FB3530A2C}
LightScribe Template Designs - Special Occasion Pack 1-->MsiExec.exe /X{B6C766E9-B26D-4D54-A22B-A52B069C6C14}
LightScribe Template Designs - Sports Pack 1-->MsiExec.exe /X{725F0ABA-808A-4256-885C-1E60245521D0}
LightScribe Template Designs - Street Style Pack 1-->MsiExec.exe /X{F82E9B29-EE4B-418F-9CA4-A70DA610553D}
LightScribe Template Designs - Tattoo Pack 1-->MsiExec.exe /X{E35A1183-F6D8-4DCA-A111-296AFFA00A5C}
LightScribe Template Designs - Travel Pack 1-->MsiExec.exe /X{63D3D558-EAF4-419B-880C-208DAC13F794}
LightScribe Template Designs - Tribal Pack 1-->MsiExec.exe /X{272F534A-29A8-40D4-8E0C-2A9A596F808D}
LightScribe Template Designs - Urban Pack 1-->MsiExec.exe /X{85548764-32DC-43ED-BAA5-5386FDB2500A}
LightScribe Template Designs - Wedding Pack 1-->MsiExec.exe /X{15B6EAD9-E83D-458F-AF6F-B8F865FA4F28}
Lphant v3.51-->"C:\Program Files\Lphant\unins000.exe"
Magentic-->C:\PROGRA~1\Magentic\bin\mgsetup.exe /remove /addon:Magentic
Magic Encyclopedia: Clair de Lune-->"E:\Jeux\Big Fish\Magic Encyclopedia - Clair de Lune\Uninstall.exe"
Mahjong Match-->"E:\Jeux\Big Fish\Mahjong Match\Uninstall.exe"
Mahjong Towers Eternity ™-->"E:\Jeux\Big Fish\Mahjong Towers Eternity\Uninstall.exe"
Mahjong World-->"E:\Jeux\Big Fish\Mahjong World\Uninstall.exe"
Mahjongg Artifacts-->"E:\Jeux\Big Fish\Mahjongg Artifacts\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marco Polo: Un Voyage Fantastique-->"E:\Jeux\Big Fish\Marco Polo - Un Voyage Fantastique\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Mystères de Minuit: La Conspiration d'Edgar Allan Poe-->"E:\Jeux\Big Fish\Mysteres de Minuit - La Conspiration d'Edgar Allan Poe\Uninstall.exe"
Mystery Age: Le Bâton Impérial-->"E:\Jeux\Big Fish\Mystery Age - Le Baton Imperial\Uninstall.exe"
Mystery Case Files: Retour à Ravenhearst ™-->"E:\Jeux\Big Fish\Mystery Case Files - Retour a Ravenhearst\Uninstall.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
ObjectDock-->D:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE D:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Pahelika: Légendes Secrètes-->"E:\Jeux\Big Fish\Pahelika - Legendes Secretes\Uninstall.exe"
PC Speed Maximizer v2.1-->"D:\Program Files\PC Speed Maximizer\unins000.exe"
PhotoMail Maker-->MsiExec.exe /X{15382D89-6EF6-4D21-9484-B500F2B10E46}
Pocahontas: Princesse du Powhatan-->"E:\Jeux\Big Fish\Pocahontas - Princesse du Powhatan\Uninstall.exe"
Princesse Isabella: Le Château Ensorcelé-->"E:\Jeux\Big Fish\Princesse Isabella - Le Chateau Ensorcele\Uninstall.exe"
PuppetShow: Le Mystère de Joyville ™-->"E:\Jeux\Big Fish\PuppetShow - Le Mystere de Joyville\Uninstall.exe"
Rainbow Web II-->"E:\Jeux\Big Fish\Rainbow Web II\Uninstall.exe"
RamBoost XP 4.0.6-->"D:\Program Files\RamBoost XP\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Season of Mystery: The Cherry Blossom Murders-->"E:\Jeux\Big Fish\Season of Mystery - The Cherry Blossom Murders\Uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Sherlock Holmes: Le Mystère du Tapis Persan-->"E:\Jeux\Big Fish\Sherlock Holmes - Le Mystere du Tapis Persan\Uninstall.exe"
Skin Creator-->C:\PROGRA~1\INCRED~1\UNWISE.EXE C:\PROGRA~1\INCRED~1\SkinCreator.LOG
Snow Queen Mahjong-->"E:\Jeux\Big Fish\Snow Queen Mahjong\Uninstall.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Sprill et Ritchie: Voyage à Travers le Temps-->"E:\Jeux\Big Fish\Sprill et Ritchie - Voyage a Travers le Temps\Uninstall.exe"
Steve the Sheriff 2: Le Dossier du Bidule Disparu-->"E:\Jeux\Big Fish\Steve the Sheriff 2 - Le Dossier du Bidule Disparu\Uninstall.exe"
Strange Cases: Le Mystère des Cartes de Tarot-->"E:\Jeux\Big Fish\Strange Cases - Le Mystere des Cartes de Tarot\Uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Clockwork Man-->"E:\Jeux\Big Fish\The Clockwork Man\Uninstall.exe"
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
The Mystery of the Crystal Portal-->"E:\Jeux\Big Fish\The Mystery of the Crystal Portal\Uninstall.exe"
The Mystery of the Mary Celeste-->"E:\Jeux\Big Fish\The Mystery of the Mary Celeste\Uninstall.exe"
Tk Screen Saver-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\system32\DeIsL1.isu -cC:\WINDOWS\system32\_ISREG32.DLL
Treasure Island 2-->"E:\Jeux\Big Fish\Treasure Island 2\Uninstall.exe"
Treasure Island-->"E:\Jeux\Big Fish\Treasure Island\Uninstall.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Vampire Saga: La Boîte de Pandore-->"E:\Jeux\Big Fish\Vampire Saga - La Boite de Pandore\Uninstall.exe"
Venice Mystery-->"E:\Jeux\Big Fish\Venice Mystery\Uninstall.exe"
VLC media player 1.0.1-->D:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
Wizard's Hat-->"E:\Jeux\Big Fish\Wizard's Hat\Uninstall.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\DOWNLO~1\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Sophos Anti-Virus (disabled)
AV: Kaspersky Internet Security (disabled)
FW: Kaspersky Internet Security (disabled)

======System event log======

Computer Name: MAISON
Event Code: 4201
Message: Le système a détecté que la carte réseau Hercules... - Miniport d'ordonnancement de paquets était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 10067
Source Name: Tcpip
Time Written: 20091125195733.000000+060
Event Type: Informations
User:

Computer Name: MAISON
Event Code: 4201
Message: Le système a détecté que la carte réseau Hercules... - Miniport d'ordonnancement de paquets était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 10066
Source Name: Tcpip
Time Written: 20091125195723.000000+060
Event Type: Informations
User:

Computer Name: MAISON
Event Code: 4201
Message: Le système a détecté que la carte réseau Hercules... - Miniport d'ordonnancement de paquets était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 10065
Source Name: Tcpip
Time Written: 20091125195713.000000+060
Event Type: Informations
User:

Computer Name: MAISON
Event Code: 4201
Message: Le système a détecté que la carte réseau Hercules... - Miniport d'ordonnancement de paquets était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 10064
Source Name: Tcpip
Time Written: 20091125195658.000000+060
Event Type: Informations
User:

Computer Name: MAISON
Event Code: 4201
Message: Le système a détecté que la carte réseau Hercules... - Miniport d'ordonnancement de paquets était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 10063
Source Name: Tcpip
Time Written: 20091125195648.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: MAISON-64A4C66C
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 2834
Source Name: SecurityCenter
Time Written: 20091120143349.000000+060
Event Type: Informations
User:

Computer Name: MAISON-64A4C66C
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 2833
Source Name: LightScribeService
Time Written: 20091120143343.000000+060
Event Type: Informations
User:

Computer Name: MAISON-64A4C66C
Event Code: 1001
Message: Détecteur d'erreurs 1243430005.

Record Number: 2832
Source Name: Application Hang
Time Written: 20091120142622.000000+060
Event Type: erreur
User:

Computer Name: MAISON-64A4C66C
Event Code: 1002
Message: Application bloquée Defenders of Law.exe, version 0.11.1.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Record Number: 2831
Source Name: Application Hang
Time Written: 20091120142615.000000+060
Event Type: erreur
User:

Computer Name: MAISON-64A4C66C
Event Code: 1001
Message: Détecteur d'erreurs 1243430005.

Record Number: 2830
Source Name: Application Hang
Time Written: 20091120142456.000000+060
Event Type: erreur
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ESTsoft\ALZip
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

rapport log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Boix at 2009-12-10 12:36:38
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 38 GB (63%) free of 60 GB
Total RAM: 1983 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:10, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Documents and Settings\Boix\Bureau\ESSAI PC\RSIT.exe
C:\Program Files\trend micro\Boix.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} (CUpdateAdvisorCtrl Object) - http://www.cyberlink.com/prog/aacs/UpdateAdvisor.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVService - Sophos Plc - (no file)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

excuse moi
annule mes deux derniers envois

voila le bon rapport log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Boix at 2009-12-10 13:03:47
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 38 GB (63%) free of 60 GB
Total RAM: 1983 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:23, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Documents and Settings\Boix\Bureau\ESSAI PC\RSIT.exe
C:\Program Files\trend micro\Boix.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} (CUpdateAdvisorCtrl Object) - http://www.cyberlink.com/prog/aacs/UpdateAdvisor.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVService - Sophos Plc - (no file)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

VOILA LE RAPPORT MALW

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3337
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/12/2009 14:26:16
mbam-log-2009-12-10 (14-26-16).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|O:\|)
Eléments examinés: 362913
Temps écoulé: 1 hour(s), 14 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{E307FF1A-27B1-401F-A820-A246A51730D1}\RP14\A0002722.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E307FF1A-27B1-401F-A820-A246A51730D1}\RP14\A0002777.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E307FF1A-27B1-401F-A820-A246A51730D1}\RP14\A0002812.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E307FF1A-27B1-401F-A820-A246A51730D1}\RP14\A0002937.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
O:\Logiciels\Adobe Dreamweaver CS3\Crack\Keygen Dreamweaver CS3.exe (Trojan.Horst) -> Quarantined and deleted successfully.
O:\Logiciels\Fineprint 5.60\Fineprint5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
O:\Logiciels\VSO PhotoDVD-v2.9.6.1\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
O:\Logiciels\VSO Software Photo DVD v2.5.2.0\Keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
O:\Logiciels\DbPowerAMP music converter ( dMC powerpack power pack) release 11.0 v11.0\dMC 11 dbpoweramp 11 crack patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

salut
impossible telcharge

slt

rapport tb


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.80GHz )
BIOS : Default System BIOS
USER : Boix ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 9.0.0.736 (Not Activated)
Firewall : Kaspersky Internet Security 9.0.0.736 (Not Activated)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:36 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:28 Go)
E:\ (Local Disk) - NTFS - Total:522 Go (Free:246 Go)
F:\ (Local Disk) - NTFS - Total:58 Go (Free:52 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (CD or DVD)
O:\ (Local Disk) - NTFS - Total:465 Go (Free:10 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 10/12/2009|18:25 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Search bar"="http://www.bing.com/spresults.aspx"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Boix\Favoris\CrackSerialCodes.com - Search Engine.url
C:\DOCUME~1\Boix\Recent\AVS Video Tools 5.1Full + crack 100%.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 09/12/2009|14:31 - Option : [1]
2 - "C:\ToolBar SD\TB_3.txt" - 10/12/2009|18:28 - Option : [1]

slt
je sais que je ne suis pas tout seul, mais je suis surpris
de non réponse, ou alors bon appetit

ok merci pour tout ce que tu fais

salut grand
j ai supprimer manuellement 1) D:\Program Files\Mozilla Firefox\uninstall\helper.exe 2)D:\Program Files\Mozilla Thunderbird\uninstall\helper.exe ainsi que 3)E:\Papa\A garder\Georges\Sécurité\remover.exe GData remover.exe 1.0.0.9\remover.exe
car je n ai pas trouver 1 et 2 dans ajout/suppression ni dans desinstal de tuneUp
j ai supprime directement les répertoire
pour ce qui est de MalwareByte's Anti-Malware, je ne sais plus
je suis allé sur ton URL mais le site est en anglais, je ne comprend trop cette langue je ne suis pas
passé par la même porte
sur quoi dois-je cliquer?
merci

voici le rapport

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3344
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/12/2009 12:48:14
mbam-log-2009-12-11 (12-48-14).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|O:\|)
Eléments examinés: 352559
Temps écoulé: 1 hour(s), 16 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

reponse de ton lien

Oups ! On dirait que cette page est manquante.
HTTP 404 - Fichier non trouvé.•Aller sur la page d'accueil du site: sd-1.archive-host.com
•Essayez de lancer une recherche sur ce site ou sur le Web pour :

rapport list'em

List'em by g3n-h@ckm@n 1.1.5.0

Thx to Chiquitine29.....& CCM team

User : Boix () # MAISON
Update on 11/12/2009 by g3n-h@ckm@n ::::: 12:00
Start at: 13:39:35 | 11/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Celeron(R) CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Sophos Anti-Virus [ (!) Disabled | Updated ]
AV : Kaspersky Internet Security 9.0.0.736 [ (!) Disabled | Updated ]
FW : Kaspersky Internet Security[ (!) Disabled ]9.0.0.736

C:\ -> Disque fixe local | 58,59 Go (10,5 Go free) | NTFS
D:\ -> Disque fixe local | 58,59 Go (55,18 Go free) [josianne] | NTFS
E:\ -> Disque fixe local | 522,85 Go (251,99 Go free) [Loisirs] | NTFS
F:\ -> Disque fixe local | 58,59 Go (52,75 Go free) [Essai] | NTFS
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
L:\ -> Disque CD-ROM
O:\ -> Disque fixe local | 465,76 Go (10,78 Go free) [Georges] | NTFS

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 608
C:\WINDOWS\system32\csrss.exe 812
C:\WINDOWS\system32\winlogon.exe 836
C:\WINDOWS\system32\services.exe 884
C:\WINDOWS\system32\lsass.exe 896
C:\WINDOWS\system32\svchost.exe 1056
C:\WINDOWS\system32\svchost.exe 1104
C:\WINDOWS\System32\svchost.exe 1160
C:\WINDOWS\system32\svchost.exe 1292
C:\WINDOWS\system32\svchost.exe 1364
C:\WINDOWS\system32\spoolsv.exe 1452
C:\WINDOWS\Explorer.EXE 1612
C:\WINDOWS\system32\svchost.exe 1648
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 1728
C:\WINDOWS\system32\dllhost.exe 1860
C:\WINDOWS\System32\svchost.exe 1920
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe 2012
C:\WINDOWS\system32\nvsvc32.exe 180
C:\WINDOWS\system32\svchost.exe 304
C:\WINDOWS\RTHDCPL.EXE 636
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 692
C:\WINDOWS\system32\ctfmon.exe 708
C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe 736
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe 1604
C:\WINDOWS\System32\alg.exe 3440
C:\Program Files\IncrediMail\bin\IncMail.exe 3772
C:\Program Files\IncrediMail\bin\IMApp.exe 3168
C:\Documents and Settings\Boix\Bureau\ESSAI PC\List_Killem\List_Kill'em.scr 860
C:\WINDOWS\system32\cmd.exe 1144
C:\WINDOWS\system32\wbem\wmiprvse.exe 4000
C:\Documents and Settings\Boix\Local Settings\temp\5E.tmp\pv.exe 1232

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
RTHDCPL REG_SZ RTHDCPL.EXE
AVP REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Malwarebytes' Anti-Malware REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
verbosestatus REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoInstrumentation REG_DWORD 0 (0x0)
NoSetTaskbar REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 145 (0x91)
NoControlPanel REG_DWORD 0 (0x0)
HonorAutoRunSetting REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoCDBurning REG_DWORD 0 (0x0)
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoDriveAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\IncrediMail\bin\IMApp.exe REG_SZ C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\IncrediMail\bin\ImSc.exe REG_SZ C:\Program Files\IncrediMail\bin\ImSc.exe:*:Enabled:IncrediMail
C:\Program Files\Magentic\bin\MgImp.exe REG_SZ C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic
C:\Program Files\Magentic\bin\Magentic.exe REG_SZ C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic
C:\Program Files\Magentic\bin\MgApp.exe REG_SZ C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic
C:\Program Files\Lphant\eLePhantClient.exe REG_SZ C:\Program Files\Lphant\eLePhantClient.exe:*:Enabled:Lphant

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x2
SharedAccess : 0x2
wuauserv : 0x2

=========

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
58,59 Go total, 10,51 Go libre (17%), 6% fragment‚ (fragmentation du fichier 13%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.

==========
Programs
==========

Ad-Remover
Adobe
AVS4YOU
BFG
bfgclient
BlazeVideo
BurnTool
CA Yahoo! Anti-Spy
Canon
Cyberlink
Elaborate Bytes
ESTsoft
ExtracteurIcones31
Fichiers communs
Google
Hercules
IncrediMail
InstallShield Installation Information
Internet Explorer
Kaspersky Lab
Lphant
Magentic
Malwarebytes' Anti-Malware
Messenger
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
Movie Maker
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
NetMeeting
NOS
Oberon Media
Online Services
OpenAL
Outlook Express
PhotoMail Maker
Realtek
Reference Assemblies
Services en ligne
Spybot - Search & Destroy
SystemRequirementsLab
The KMPlayer
Trend Micro
Uninstall Information
Unlocker
Windows Desktop Search
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WinZip
xerox
Yahoo!

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\.zreglib
C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
C:\WINDOWS\mbr.exe
C:\WINDOWS\System32\tk.scr
C:\WINDOWS\System32\_ISREG32.DLL

¤¤¤¤¤¤¤¤¤¤ Keys :

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCR\.xnpd
HKLM\SOFTWARE\Classes\.xnpd

=========
Rootkits
=========

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 13:51:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"u0"=hex:38,0f,98,02,03,00,00,00,89,00,00,00,37,35,38,34,39,35,35,37,34,..
"h0"=dword:00000000
"hdf12"=hex:29,76,8c,c4,cd,45,a4,0a,17,30,4f,c5,fa,02,fb,50,1f,a2,c3,26,36,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"u0"=hex:38,0f,98,02,03,00,00,00,89,00,00,00,37,35,38,34,39,35,35,37,34,..
"h0"=dword:00000000
"hdf12"=hex:29,76,8c,c4,cd,45,a4,0a,17,30,4f,c5,fa,02,fb,50,1f,a2,c3,26,36,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

rapport kill'em mode sans echec

Kill'em by g3n-h@ckm@n 1.1.5.0

User : Boix () # MAISON
Update on 11/12/2009 by g3n-h@ckm@n ::::: 12:00
Start at: 14:29:54 | 11/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Celeron(R) CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Sophos Anti-Virus [ (!) Disabled | Updated ]
AV : Kaspersky Internet Security 9.0.0.736 [ Enabled | Updated ]
FW : Kaspersky Internet Security[ Enabled ]9.0.0.736

C:\ -> Disque fixe local | 58,59 Go (10,58 Go free) | NTFS
D:\ -> Disque fixe local | 58,59 Go (55,18 Go free) [josianne] | NTFS
E:\ -> Disque fixe local | 522,85 Go (251,99 Go free) [Loisirs] | NTFS
F:\ -> Disque fixe local | 58,59 Go (52,75 Go free) [Essai] | NTFS
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
L:\ -> Disque CD-ROM
O:\ -> Disque fixe local | 465,76 Go (10,78 Go free) [Georges] | NTFS


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 156
C:\WINDOWS\system32\csrss.exe 196
C:\WINDOWS\system32\winlogon.exe 220
C:\WINDOWS\system32\services.exe 268
C:\WINDOWS\system32\lsass.exe 280
C:\WINDOWS\system32\svchost.exe 444
C:\WINDOWS\system32\svchost.exe 492
C:\WINDOWS\system32\svchost.exe 580
C:\WINDOWS\Explorer.EXE 844
C:\WINDOWS\system32\wbem\wmiprvse.exe 916
C:\Documents and Settings\Boix\Bureau\ESSAI PC\List_Killem\List_Kill'em.scr 1088
C:\WINDOWS\system32\cmd.exe 1104
C:\Documents and Settings\Boix\Local Settings\temp\1.tmp\pv.exe 1248

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

"C:\Documents and Settings\All Users\Application Data\.zreglib"
"C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe"
"C:\WINDOWS\mbr.exe"
C:\WINDOWS\System32\tk.scr
C:\WINDOWS\System32\_ISREG32.DLL


¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

Quarantine :

.zreglib.Kill'em
MBR.exe.Kill'em
mtbjfghn.xbe.Kill'em
tk.scr.Kill'em
_ISREG32.DLL.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKCR\.xnpd

============
Disk Cleaned
============

================
Prefetch cleaned :
================

Layout.ini
LUXOR-QUEST-FOR-THE-AFTERLIFE-0E1546C8.pf
LUXOR-QUEST-FOR-THE-AFTERLIFE-2E7EC4C6.pf
SETUP_GF2748T1L4_D718158393_L-136933F2.pf



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

salut
je tiens a m'excusé, j ai du partir d'urgence
voici le rapport OTM

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
No active process named web mess.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Boix
->Temp folder emptied: 9793774 bytes
->Temporary Internet Files folder emptied: 15227811 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 72 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 25497287 bytes

Total Files Cleaned = 48,31 mb


OTM by OldTimer - Version 3.1.2.2 log created on 12112009_201101

Files moved on Reboot...
File move failed. C:\WINDOWS\S9E03AB88.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

salut
voila le rapport, j'espere que c'est bon, mais j'aurai quelques questions a te poser apres, merci


Logfile of random's system information tool 1.06 (written by random/random)
Run by Boix at 2009-12-12 09:28:46
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 10 GB (17%) free of 60 GB
Total RAM: 1983 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:29:18, on 12/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Documents and Settings\Boix\Bureau\ESSAI PC\RSIT.exe
C:\Program Files\trend micro\Boix.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} (CUpdateAdvisorCtrl Object) - http://www.cyberlink.com/prog/aacs/UpdateAdvisor.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVService - Sophos Plc - (no file)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

excuse moi,
je dois les faire un par un?
et pour send file, je ne le trouve pas
merci

OK IL VA BIEN MIEUX
pour les questions les voici
lorsque je suis suis internet, dans le gestionnaire de tache je trouve :
2 processus Iexplore.exe : un de 32/40 Mo et l'autre 19/20 util. mémoire

2 processus Avp.exe(je suppose Kaspersky) : un 10/12 Mo et l'autre 3/4 Mo util.mémoire

certains programes ne peuvent être installés, on me signale que je ne suis pas administrateur, alors que oui.
si je suspends la protection en temps réel de mon AV, là je peux.
qu'en penses-tu???

je ne pourrai lire tes réponses, que plus tard je dois ammener le petit au foofball.
merci pour ta patience
et encore bravo

salut de retour
j ai fait boix.exe
j ai purger restauration systeme XP
j ai telecharger Toolscleaner2 puis lancer, mais dans gestionnaire des taches onglet application non reponse

affirmatif
j arrive a l executer, clic sur recherche
et apres dans gestionnaire de tache onglet application "non réponse"