Virus sur google

Résolu
BRUNET -  
 BRUNET -
virus sur google help
Configuration: Windows XP
Internet Explorer 6.0

12 réponses

  1. Utilisateur anonyme
     
    Oui et t'as chopé le virus qui te bouffe la politesse ?
    0
    1. BRUNET
       
      Bonsoir et toutes mes excuses ce virus m'a fait oubliés des choses essentielles je le reconnais
      0
  2. Utilisateur anonyme
     
    :-)

    Télécharge HijackThis :
    ---> fichiers/hijackthis.zip

    Installe le dans son propre dossier :
    - clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
    Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
    Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
    Puis copie et colle ici le rapport qu'il va te générer.

    Démo pour HijackThis si besoin :
    http://pageperso.aol.fr/balltrap34/demohijack.htm
    0
    1. BRUNET
       
      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 20:59:39, on 17/04/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\pctspk.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
      C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
      C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Documents and Settings\thierry\Bureau\HiJackThis_v2.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Ille Point Net
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: IE SecPlugin - {F5BDC469-1EC5-4193-824B-2E209993D183} - C:\WINDOWS\SYSTEM32\bhoSearchSpy.dll
      O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
      O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXELogfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 20:59:39, on 17/04/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\pctspk.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
      C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
      C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Documents and Settings\thierry\Bureau\HiJackThis_v2.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Ille Point Net
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: IE SecPlugin - {F5BDC469-1EC5-4193-824B-2E209993D183} - C:\WINDOWS\SYSTEM32\bhoSearchSpy.dll
      O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
      O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
      O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
      O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
      O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{56684DC9-7958-4701-B1D3-B95055CD529D}: NameServer = 80.10.246.1 80.10.246.132
      O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
      O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
      O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
      O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
      O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
      O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
      O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
      O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
      O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
      0
    2. BRUNET
       
      Je vous remercie pour cette premiere intervention ,nous avons un décalage horaire puisque je suis en france sud de la franceet il est 23H15 demain je travaille et je dois aller dormir.je suppose que j'aurais un message dans ma boite a lettre.A demain .merci
      0
  3. Utilisateur anonyme
     
    Oula, y'en a beaucoup :-D

    Télécharge SmitfraudFix et enregistre le sur le bureau. Si ton anti-virus t'alerte d'un virus, désactive-le.
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)

    - Ouvre le dossier "SmitfraudFix" et double clique sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.

    Enregistre le rapport puis Copie/colle le rapport sur le forum stp.

    ¤ Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe celui ci pour plus de sécurité

    Kerio (pare-feu) : reste gratuit après la période d'essai en français
    ----> http://www.infos-du-net.com/telecharger/Firewall-Kerio-Personal,0301-390.html

    Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
    --> http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-4-version-gratuite-t201.htm

    Plus d'info :
    ->https://kerio.probb.fr/

    ¤ Télécharge et installe AVG anti-spyware : mets le à jour
    Tu fais un scan complet de ton système, dès qu'il a fini.
    Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp

    AVG anti-spyware : reste gratuit après la période d'essai en français
    ---->http://www.infos-du-net.com/telecharger/Anti-Spyware-AVG,0301-7063.html

    Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
    --> http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    A++
    0
  4. BRUNET
     
    bojour
    je me perd un peu dans l'utlisation deu forum mais bon en fait c'est plus simple que je l'imaginais.Bref j'ai suivis toutes vos instructions.voici les SmitFraudFix v2.170

    Rapport fait à 19:22:09,51, 18/04/2007
    Executé à partir de C:\Documents and Settings\thierry\Bureau\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est FAT32
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\bhoSearchSpy.dll supprimé
    C:\DOCUME~1\thierry\Bureau\Registry Cleaner.lnk supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    rapports
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. BRUNET
     
    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 22:23:03 18/04/2007

    + Résultat de l'analyse:

    C:\Program Files\DashBar -> Adware.Claria : Ignoré.
    C:\Program Files\Save -> Adware.SaveNow : Ignoré.
    C:\Program Files\Save\ReadMe.txt -> Adware.SaveNow : Ignoré.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Ignoré.
    HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Ignoré.
    C:\Program Files\MP3-NAPSTER\MP3-NAPSTER.exe -> Dialer.Generic : Ignoré.
    C:\WINDOWS\SYSTEM32\HotTVPlayer.dll -> Not-A-Virus.PornDownloader.Win32.HotTV.a : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@2o7[2].txt -> TrackingCookie.2o7 : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@estat[1].txt -> TrackingCookie.Estat : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@overture[1].txt -> TrackingCookie.Overture : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@spylog[2].txt -> TrackingCookie.Spylog : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@toplist[1].txt -> TrackingCookie.Toplist : Ignoré.
    C:\Documents and Settings\thierry\Cookies\thierry@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.

    Fin du rapport
    0
  7. BRUNET
     
    bonsoir
    j'ai supprimé tous les problemes du scan AVG .Je ne peux toujours pas me connectr sur mon racourci Google j'arrive parfois à me connecter avec Copernic.Sunbelt kerio affiche systematiquement tentative d'intrusion C:/windows/System32/xcgylg.exe(new line).adresse de l'injection Ox00180000.souvernt j'ai une page blanche qui s'affiche avec Ad blocked here by KPF
    je n'arrive pas a consulter le tutorial de Sunbelt/Kerio
    Bref je patauge......
    que pensez vous de tout ça ?
    merci de votre réponse.
    0
  8. Utilisateur anonyme
     
    Clic sur démarrer, rechercher, cherche et supprime :

    - xcgylg.exe

    **Si un fichier/dossier persiste lors de la suppression fait ceci:
    - Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
    Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.

    ¤ Télécharge ComboScan sur ton Bureau.
    ---> http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

    Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
    Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
    Soit patient ..
    Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
    0
  9. BRUNET
     
    la recherche de xcgylg ne donne aucun résultat
    0
  10. BRUNET
     
    merci pour ce soir il est tard je reprendrai une autre fois .a+
    0
  11. BRUNET
     
    bonsoir
    j'ai retrouvé Google l'adresse avait été modifiée sur le raccourci internet explorer,j'ai reussi a éjécter xcgylg grace au mode sans echec.ouf ! dois-je télécharger ComboScan comme vous me l'avez indiqué ?beaucoup de choses ont été résolues grace à vos conseils. Encore merci.
    0
  12. BRUNET
     
    bonComboScan v20070306.20 run by thierry on 2007-04-21 at 13:02:07
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created ComboScan Restore Point.

    -- Last 2 Restore Point(s) --
    2: 2007-04-21 11:02:27 UTC - RP2 - ComboScan Restore Point
    1: 2007-04-20 10:55:19 UTC - RP1 - Point de vérification système

    Performed disk cleanup.

    -- HijackThis (run as thierry.exe) ---------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 13:04:45, on 21/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Copernic Desktop Search 2\DesktopSearch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\thierry\Bureau\comboscan.exe
    C:\PROGRA~1\HIJACK~2\thierry.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Ille Point Net
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [xcgylg] c:\windows\system32\xcgylg.exe xcgylg
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
    O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{56684DC9-7958-4701-B1D3-B95055CD529D}: NameServer = 80.10.246.130 80.10.246.3
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    -- File Associations -----------------------------------------------------------

    .bat - batfile - "%1" %*
    .chm - chm.file - "C:\WINDOWS\hh.exe" %1
    .cmd - cmdfile - "%1" %*
    .com - comfile - "%1" %*
    .exe - exefile - "%1" %*
    .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
    .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
    .lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
    .pif - piffile - "%1" %*
    .reg - regfile - regedit.exe "%1"
    .scr - scrfile - "%1" /S
    .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
    .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
    2S ADILOADER (General Purpose USB Driver (adildr.sys)) - C:\WINDOWS\SYSTEM32\DRIVERS\adildr.sys
    3R adiusbaw (USB ADSL WAN Adapter) - C:\WINDOWS\SYSTEM32\DRIVERS\adiusbaw.sys
    1R AmdK7 (Pilote de processeur AMD K7) - C:\WINDOWS\SYSTEM32\DRIVERS\amdk7.sys
    3R AN983 (Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X) - C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys
    2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
    3R aswRdr - C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
    1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
    3R ati2mtag - C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
    1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
    3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\SYSTEM32\DRIVERS\ccdecode.sys
    1R fwdrv (Firewall Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\fwdrv.sys
    3R GEARAspiWDM - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
    3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\SYSTEM32\DRIVERS\hpzid412.sys
    3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
    3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys
    1R khips (Kerio HIPS Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\khips.sys
    3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\SYSTEM32\DRIVERS\mstee.sys
    3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\SYSTEM32\DRIVERS\nabtsfec.sys
    3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\SYSTEM32\DRIVERS\ndisip.sys
    3R P0630VID (Creative WebCam Live!) - C:\WINDOWS\SYSTEM32\DRIVERS\P0630Vid.sys
    3S Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\Drivers\Pcouffin.sys (not found)
    3R pfc (Padus ASPI Shell) - C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys
    3R Ptserlp (PCTEL Serial Device Driver for PCI) - C:\WINDOWS\SYSTEM32\DRIVERS\ptserlp.sys
    0R PxHelp20 - C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys
    3S QCDonner (Labtec WebCam(PID_0840)) - C:\WINDOWS\SYSTEM32\DRIVERS\lvcd.sys
    3S SE2Ebus (Sony Ericsson Device 046 Driver driver (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Ebus.sys
    3S SE2Emdfl (Sony Ericsson Device 046 USB WMC Modem Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emdfl.sys
    3S SE2Emdm (Sony Ericsson Device 046 USB WMC Modem Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emdm.sys
    3S SE2Emgmt (Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emgmt.sys
    3S se2End5 (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS)) - C:\WINDOWS\SYSTEM32\DRIVERS\se2End5.sys
    3S SE2Eobex (Sony Ericsson Device 046 USB WMC OBEX Interface) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Eobex.sys
    3S se2Eunic (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\se2Eunic.sys
    3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\SYSTEM32\DRIVERS\slip.sys
    3S streamip (BDA IPSink) - C:\WINDOWS\SYSTEM32\DRIVERS\streamip.sys
    1R UdfReadr - C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr.sys
    3S usbccgp (Pilote parent générique USB Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
    3R usbehci (Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
    3S usbprint (Classe d'imprimantes USB Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
    3S usbscan (Pilote de scanneur USB) - C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
    3S USBSTOR (Pilote de stockage de masse USB) - C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys
    0R viaagp (Filtre de bus AGP VIA) - C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys
    0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\VIAAGP1.SYS
    3R VIAudio (Contrôleur audio VIA AC'97 (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\ac97via.sys
    0R Vmodem (XP Vmodem) - C:\WINDOWS\SYSTEM32\DRIVERS\vmodem.sys
    0R Vpctcom (XP Vpctcom) - C:\WINDOWS\SYSTEM32\DRIVERS\vpctcom.sys
    3R vulfnths (VIA USB Host Controller Lower Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\vulfnth.sys
    3R vulfntrs (VIA USB Roothub Lower Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\vulfntr.sys
    0R Vvoice (XP Vvoice) - C:\WINDOWS\SYSTEM32\DRIVERS\vvoice.sys
    3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\SYSTEM32\DRIVERS\wstcodec.sys

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    3S aspnet_state (Service d'état ASP.NET) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
    2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
    3R avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
    3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
    2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
    3S iPodService - C:\Program Files\iPod\bin\iPodService.exe
    2R KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
    2R Pctspk (PCTEL Speaker Phone) - C:\WINDOWS\system32\pctspk.exe
    3S Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
    2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe

    -- Scheduled Tasks -------------------------------------------------------------

    2007-04-20 22:24:02 394 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1075325006.job<FRUTAS~1.JOB>
    2007-04-20 17:15:04 412 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job<MAINTE~1.JOB>

    -- Files created between 2007-03-21 and 2007-04-21 -----------------------------

    2007-04-18 20:58:11 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-04-18 20:58:06 0 d-------- C:\Program Files\Grisoft
    2007-04-18 20:13:48 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
    2007-04-18 19:21:26 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2007-04-18 19:21:26 40960 --a------ C:\WINDOWS\system32\swsc.exe
    2007-04-18 19:21:26 135168 --a------ C:\WINDOWS\system32\swreg.exe
    2007-04-18 19:21:26 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-04-18 19:21:26 53248 --a------ C:\WINDOWS\system32\Process.exe
    2007-04-18 19:21:26 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-04-12 13:16:48 0 d-------- C:\Program Files\Copernic Desktop Search 2<COPERN~2>
    2007-04-11 21:19:40 673610 --a------ C:\WINDOWS\unins000.exe
    2007-04-11 21:19:40 1345 --a------ C:\WINDOWS\unins000.dat
    2007-04-04 13:36:44 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
    2007-04-04 13:36:38 0 d-------- C:\1b64e43b3df43e2893d7af08<1B64E4~1>
    2007-04-04 13:19:18 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard<WISEIN~1>
    2007-04-03 22:50:57 18704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys
    2007-04-03 22:50:43 90800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys
    2007-04-03 22:50:43 4128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys
    2007-04-03 22:50:42 88688 -ra------ C:\WINDOWS\system32\drivers\SE2Emgmt.sys
    2007-04-03 22:50:38 86560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys
    2007-04-03 22:50:27 97184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys
    2007-04-03 22:50:27 9360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys
    2007-04-03 22:50:27 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecmnt.sys
    2007-04-03 22:50:27 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecm.sys
    2007-04-03 22:50:23 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys
    2007-04-03 22:50:23 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewh.sys
    2007-04-03 22:50:23 61600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys
    2007-04-03 22:49:22 0 d-------- C:\Documents and Settings\thierry\Application Data\Teleca
    2007-04-03 22:48:10 0 d-------- C:\Documents and Settings\thierry\Application Data\Sony Ericsson<SONYER~1>
    2007-04-03 22:44:40 0 d-------- C:\WINDOWS\system32\DRVSTORE
    2007-04-03 22:41:08 0 d-------- C:\Program Files\Disc2Phone<DISC2P~1>

    -- Find3M Report ---------------------------------------------------------------

    2007-04-18 19:22:18 2094 --a------ C:\WINDOWS\system32\tmp.reg
    2007-04-14 09:42:44 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-04-10 13:18:32 712832 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-03-17 15:44:48 293376 --a------ C:\WINDOWS\system32\winsrv.dll
    2007-03-08 17:37:50 578560 --a------ C:\WINDOWS\system32\user32.dll
    2007-03-08 17:37:50 40960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-03-08 17:37:50 281600 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-03-08 17:33:58 1843712 --a------ C:\WINDOWS\system32\win32k.sys
    2007-02-05 22:19:06 185344 --a------ C:\WINDOWS\system32\upnphost.dll
    2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

    -- Registry Dump ---------------------------------------------------------------

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "pdfSaver3"="\"C:\\Program Files\\Tracker Software\\PDF-XChange 3\\pdfSaver\\pdfSaver3.exe\""
    "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
    "Copernic Desktop Search 2"="\"C:\\Program Files\\Copernic Desktop Search 2\\DesktopSearchService.exe\" /tray"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LVCOMS"="C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver\\LVCOMS.EXE"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "xcgylg"="c:\\windows\\system32\\xcgylg.exe xcgylg"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
    "forwas"=hex:15,26,db,fb,69
    "kylog"=hex:43,6e,6a,7d,75,77,50,1c,04,38,17,09,ff,da,ad,95,69,4e,2a

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    ComboScan v20070306.20 run by thierry on 2007-04-21 at 13:02:07
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created ComboScan Restore Point.

    -- Last 2 Restore Point(s) --
    2: 2007-04-21 11:02:27 UTC - RP2 - ComboScan Restore Point
    1: 2007-04-20 10:55:19 UTC - RP1 - Point de vérification système

    Performed disk cleanup.

    -- HijackThis (run as thierry.exe) ---------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 13:04:45, on 21/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Copernic Desktop Search 2\DesktopSearch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\thierry\Bureau\comboscan.exe
    C:\PROGRA~1\HIJACK~2\thierry.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Ille Point Net
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [xcgylg] c:\windows\system32\xcgylg.exe xcgylg
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
    O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{56684DC9-7958-4701-B1D3-B95055CD529D}: NameServer = 80.10.246.130 80.10.246.3
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    -- File Associations -----------------------------------------------------------

    .bat - batfile - "%1" %*
    .chm - chm.file - "C:\WINDOWS\hh.exe" %1
    .cmd - cmdfile - "%1" %*
    .com - comfile - "%1" %*
    .exe - exefile - "%1" %*
    .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
    .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
    .lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
    .pif - piffile - "%1" %*
    .reg - regfile - regedit.exe "%1"
    .scr - scrfile - "%1" /S
    .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
    .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
    2S ADILOADER (General Purpose USB Driver (adildr.sys)) - C:\WINDOWS\SYSTEM32\DRIVERS\adildr.sys
    3R adiusbaw (USB ADSL WAN Adapter) - C:\WINDOWS\SYSTEM32\DRIVERS\adiusbaw.sys
    1R AmdK7 (Pilote de processeur AMD K7) - C:\WINDOWS\SYSTEM32\DRIVERS\amdk7.sys
    3R AN983 (Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X) - C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys
    2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
    3R aswRdr - C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
    1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
    3R ati2mtag - C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
    1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
    3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\SYSTEM32\DRIVERS\ccdecode.sys
    1R fwdrv (Firewall Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\fwdrv.sys
    3R GEARAspiWDM - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
    3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\SYSTEM32\DRIVERS\hpzid412.sys
    3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
    3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys
    1R khips (Kerio HIPS Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\khips.sys
    3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\SYSTEM32\DRIVERS\mstee.sys
    3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\SYSTEM32\DRIVERS\nabtsfec.sys
    3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\SYSTEM32\DRIVERS\ndisip.sys
    3R P0630VID (Creative WebCam Live!) - C:\WINDOWS\SYSTEM32\DRIVERS\P0630Vid.sys
    3S Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\Drivers\Pcouffin.sys (not found)
    3R pfc (Padus ASPI Shell) - C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys
    3R Ptserlp (PCTEL Serial Device Driver for PCI) - C:\WINDOWS\SYSTEM32\DRIVERS\ptserlp.sys
    0R PxHelp20 - C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys
    3S QCDonner (Labtec WebCam(PID_0840)) - C:\WINDOWS\SYSTEM32\DRIVERS\lvcd.sys
    3S SE2Ebus (Sony Ericsson Device 046 Driver driver (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Ebus.sys
    3S SE2Emdfl (Sony Ericsson Device 046 USB WMC Modem Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emdfl.sys
    3S SE2Emdm (Sony Ericsson Device 046 USB WMC Modem Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emdm.sys
    3S SE2Emgmt (Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emgmt.sys
    3S se2End5 (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS)) - C:\WINDOWS\SYSTEM32\DRIVERS\se2End5.sys
    3S SE2Eobex (Sony Ericsson Device 046 USB WMC OBEX Interface) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Eobex.sys
    3S se2Eunic (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\se2Eunic.sys
    3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\SYSTEM32\DRIVERS\slip.sys
    3S streamip (BDA IPSink) - C:\WINDOWS\SYSTEM32\DRIVERS\streamip.sys
    1R UdfReadr - C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr.sys
    3S usbccgp (Pilote parent générique USB Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
    3R usbehci (Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
    3S usbprint (Classe d'imprimantes USB Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
    3S usbscan (Pilote de scanneur USB) - C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
    3S USBSTOR (Pilote de stockage de masse USB) - C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys
    0R viaagp (Filtre de bus AGP VIA) - C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys
    0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\VIAAGP1.SYS
    3R VIAudio (Contrôleur audio VIA AC'97 (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\ac97via.sys
    0R Vmodem (XP Vmodem) - C:\WINDOWS\SYSTEM32\DRIVERS\vmodem.sys
    0R Vpctcom (XP Vpctcom) - C:\WINDOWS\SYSTEM32\DRIVERS\vpctcom.sys
    3R vulfnths (VIA USB Host Controller Lower Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\vulfnth.sys
    3R vulfntrs (VIA USB Roothub Lower Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\vulfntr.sys
    0R Vvoice (XP Vvoice) - C:\WINDOWS\SYSTEM32\DRIVERS\vvoice.sys
    3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\SYSTEM32\DRIVERS\wstcodec.sys

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    3S aspnet_state (Service d'état ASP.NET) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
    2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
    3R avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
    3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
    2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
    3S iPodService - C:\Program Files\iPod\bin\iPodService.exe
    2R KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
    2R Pctspk (PCTEL Speaker Phone) - C:\WINDOWS\system32\pctspk.exe
    3S Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
    2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe

    -- Scheduled Tasks -------------------------------------------------------------

    2007-04-20 22:24:02 394 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1075325006.job<FRUTAS~1.JOB>
    2007-04-20 17:15:04 412 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job<MAINTE~1.JOB>

    -- Files created between 2007-03-21 and 2007-04-21 -----------------------------

    2007-04-18 20:58:11 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-04-18 20:58:06 0 d-------- C:\Program Files\Grisoft
    2007-04-18 20:13:48 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
    2007-04-18 19:21:26 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2007-04-18 19:21:26 40960 --a------ C:\WINDOWS\system32\swsc.exe
    2007-04-18 19:21:26 135168 --a------ C:\WINDOWS\system32\swreg.exe
    2007-04-18 19:21:26 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-04-18 19:21:26 53248 --a------ C:\WINDOWS\system32\Process.exe
    2007-04-18 19:21:26 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-04-12 13:16:48 0 d-------- C:\Program Files\Copernic Desktop Search 2<COPERN~2>
    2007-04-11 21:19:40 673610 --a------ C:\WINDOWS\unins000.exe
    2007-04-11 21:19:40 1345 --a------ C:\WINDOWS\unins000.dat
    2007-04-04 13:36:44 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
    2007-04-04 13:36:38 0 d-------- C:\1b64e43b3df43e2893d7af08<1B64E4~1>
    2007-04-04 13:19:18 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard<WISEIN~1>
    2007-04-03 22:50:57 18704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys
    2007-04-03 22:50:43 90800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys
    2007-04-03 22:50:43 4128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys
    2007-04-03 22:50:42 88688 -ra------ C:\WINDOWS\system32\drivers\SE2Emgmt.sys
    2007-04-03 22:50:38 86560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys
    2007-04-03 22:50:27 97184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys
    2007-04-03 22:50:27 9360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys
    2007-04-03 22:50:27 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecmnt.sys
    2007-04-03 22:50:27 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecm.sys
    2007-04-03 22:50:23 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys
    2007-04-03 22:50:23 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewh.sys
    2007-04-03 22:50:23 61600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys
    2007-04-03 22:49:22 0 d-------- C:\Documents and Settings\thierry\Application Data\Teleca
    2007-04-03 22:48:10 0 d-------- C:\Documents and Settings\thierry\Application Data\Sony Ericsson<SONYER~1>
    2007-04-03 22:44:40 0 d-------- C:\WINDOWS\system32\DRVSTORE
    2007-04-03 22:41:08 0 d-------- C:\Program Files\Disc2Phone<DISC2P~1>

    -- Find3M Report ---------------------------------------------------------------

    2007-04-18 19:22:18 2094 --a------ C:\WINDOWS\system32\tmp.reg
    2007-04-14 09:42:44 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-04-10 13:18:32 712832 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-03-17 15:44:48 293376 --a------ C:\WINDOWS\system32\winsrv.dll
    2007-03-08 17:37:50 578560 --a------ C:\WINDOWS\system32\user32.dll
    2007-03-08 17:37:50 40960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-03-08 17:37:50 281600 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-03-08 17:33:58 1843712 --a------ C:\WINDOWS\system32\win32k.sys
    2007-02-05 22:19:06 185344 --a------ C:\WINDOWS\system32\upnphost.dll
    2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

    -- Registry Dump ---------------------------------------------------------------

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "pdfSaver3"="\"C:\\Program Files\\Tracker Software\\PDF-XChange 3\\pdfSaver\\pdfSaver3.exe\""
    "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
    "Copernic Desktop Search 2"="\"C:\\Program Files\\Copernic Desktop Search 2\\DesktopSearchService.exe\" /tray"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LVCOMS"="C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver\\LVCOMS.EXE"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "xcgylg"="c:\\windows\\system32\\xcgylg.exe xcgylg"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
    "forwas"=hex:15,26,db,fb,69
    "kylog"=hex:43,6e,6a,7d,75,77,50,1c,04,38,17,09,ff,da,ad,95,69,4e,2a

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    -- End of ComboScan: finished at 2007-04-21 at 13:07:15 ------------------------

    -- End of ComboScan: finished at 2007-04-21 at 13:07:15 ------------------------

    jour
    voila le rapport comboscan .

    En attendant votre réponse ,merci
    0