Pc infecté par un virus

midnightdevil Messages postés 73 Statut Membre -  
 Eric -
Bonjour,
J'ai un pb avec 2 chevaux de troie qui sont entrés dans mon pc hier soir et que je n'arrive pas à supprimer. J'ai Avast qui m'indique que je suis infecté par win32: obfuscated-EJC [TROJAN], et win32.trojen-gen.
Je peut plu aller sur internet avec ce pc, je peut plus éteindre le pc non plus qui se reboote à chaque fois, je suis obligé de le débrancher. ça me tue, il a 1 semaine mon pc, ras le bol des hackers, j'y ai mis tt mon blé dans cette config!!!
Si quelqu'un peut m'aider

12 réponses

  1. midnightdevil Messages postés 73 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:30:42, on 05/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\GIGABYTE\GEST\gest.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\GIGABYTE\GEST\GSvr.exe
    E:\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: (no name) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
    O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [b4cdad56] rundll32.exe "C:\WINDOWS\system32\ibbxeyvn.dll",b
    O4 - HKLM\..\Run: [BMb7fe9eca] Rundll32.exe "C:\WINDOWS\system32\qawadtwj.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\LaunchRegistryHelper.Exe" "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
    O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\LaunchDiskCleaner.Exe" "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
    O4 - HKCU\..\Run: [WindowsManager] c:\cuhv.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  2. chefpunky Messages postés 676 Statut Membre 31
     
    rien de grave

    telecharge MBAM
    https://www.commentcamarche.net/telecharger/ 34055379 malwarebyte s anti malware

    1.1 installe le
    1.2 fai une recherche complete
    1.3 a la fin affiche le resultat
    1.4 nettoit tout
    1.5 post le rapport ici.
    0
    1. midnightdevil
       
      Malwarebytes' Anti-Malware 1.24
      Version de la base de données: 1012
      Windows 5.1.2600 Service Pack 3

      22:54:16 06/08/2008
      mbam-log-8-6-2008 (22-54-01).txt

      Type de recherche: Examen complet (C:\|E:\|)
      Eléments examinés: 61724
      Temps écoulé: 9 minute(s), 29 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 5
      Clé(s) du Registre infectée(s): 19
      Valeur(s) du Registre infectée(s): 6
      Elément(s) de données du Registre infecté(s): 2
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 25

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\torbbwwl.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\tuvvVOge.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\cwhnqt.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\winjks32.dll (Dialer) -> No action taken.
      C:\WINDOWS\system32\mlJDwtsp.dll (Trojan.Vundo) -> No action taken.

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5327bb3a-ec76-41a6-aa04-98be0fa2317c} (Trojan.Vundo) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{5327bb3a-ec76-41a6-aa04-98be0fa2317c} (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fde4d301-b496-4556-9a38-99b4dcbed2b0} (Trojan.Vundo) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{fde4d301-b496-4556-9a38-99b4dcbed2b0} (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a23ca8a9-47d8-4db1-ae46-0aa018cc576e} (Trojan.BHO) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{a23ca8a9-47d8-4db1-ae46-0aa018cc576e} (Trojan.BHO) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjks32 (Dialer) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> No action taken.
      HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljdwtsp (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ICF (Rootkit.Agent) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b4cdad56 (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmb7fe9eca (Trojan.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a23ca8a9-47d8-4db1-ae46-0aa018cc576e} (Trojan.Vundo) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvvvoge -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvvvoge -> No action taken.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\yhtlij.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\tuvvVOge.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\egOVvvut.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\egOVvvut.ini2 (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\ibbxeyvn.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\nvyexbbi.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\torbbwwl.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\lwwbbrot.ini (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\cwhnqt.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\mlJDwtsp.dll (Trojan.BHO) -> No action taken.
      C:\Documents and Settings\GT Race\Local Settings\Temporary Internet Files\Content.IE5\4XENS123\kb767887[1] (Trojan.Vundo) -> No action taken.
      C:\Documents and Settings\GT Race\Local Settings\Temporary Internet Files\Content.IE5\SL2NSPQR\kb456456[1] (Trojan.Vundo) -> No action taken.
      C:\System Volume Information\_restore{CDDDF4D5-6103-4A26-9C6E-D532160E2ACB}\RP30\A0011462.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\egrypywy.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\nkhhdz.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\rjixvvyp.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\sqsdljds.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\system32\winjks32.dll (Dialer) -> No action taken.
      C:\WINDOWS\msacm32.drv (Trojan.Agent) -> No action taken.
      C:\WINDOWS\Prefetch\SVCHOST.EXE (Trojan.Agent) -> No action taken.
      C:\WINDOWS\system32\agrqgiqg.dll (Trojan.Agent) -> No action taken.
      C:\WINDOWS\system32\svchost.exe:exe.exe (Rootkit.ADS) -> No action taken.
      C:\WINDOWS\system32\yayXnLFV.dll (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\BMb7fe9eca.xml (Trojan.Vundo) -> No action taken.
      C:\WINDOWS\BMb7fe9eca.txt (Trojan.Vundo) -> No action taken.
      0
  3. midnightdevil
     
    Quelqu'un qui pourrait m'aider pour la suite S.V.P. Je sais po quoi faire maintenant, et je peut po me connecter en tant que membre, mon accés internet est restreint avec ses foutus virus, pourtant j'me connectes depuis un pc portable en wifi.
    D'avance merci, et merci aussi à Chefpunky pour son aide si précieuse!!!
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. chefpunky Messages postés 676 Statut Membre 31
     
    nettoit tout
    0
  6. midnightdevil
     
    J'ai récupéré internet, enfin !!!
    Malwarebyte m'a bien tout supprimé, il ne trouve plus rien mais dès que j'relance Avast, j'ai de nouveau plus d'internet et il me dit que je suis infecté par un trojan-gen, je le supprime mais ça revient. C'es casse couille les virus.
    Là j'ai téléchargé Ad Aware qui m'en a resupprimé 10 dont Zango.
    Y a pas un truc radical pour tout virer, sans reformater. Est-c-que tu pense pas que ça soit possible que Avast soit infecté et que ce soit lui qui me recontamine sans arrêt?
    Peut-être me faut-il un correctif?
    Au fait je peut tjrs pas me connecter sur le forum en tant que membre, un message apparaît en me disant d'activer les cookies sous peine d'être déconnecter et me déconnecte derriére, t'aurai une idée ???
    Merci d'avance
    0
  7. chefpunky Messages postés 676 Statut Membre 31
     
    si, combofix
    https://forospyware.com

    telecharge le
    installe le

    et choisit l' option 1.

    ensuite poste le rapport sur ce forum.

    Si vous rencontrez des problèmes pour vous reconnecter à internet après avoir exécuter ComboFix, faite ce qui suit :

    -Essayez d'abord en redémarrant votre ordinateur
    -Si vous n'avez toujours pas de connexion à internet après avoir redémarrer, exécutez les étapes suivantes :

    1. Cliquez sur Démarrer
    2. Cliquez sur panneau de configuration
    3. Faites un double-clic sur l'icône connexion réseau (si votre panneau de configuration est paramètré pour un affichage
    en catégories, faites un double-clic sur connexion réseau et internet puis cliquez sur connexion réseau tout en bas.
    4. Vous verez alors une liste de toutes les connexions réseau disponibles.Repérez votre connexion et faite un clic droit dessus.
    5. Vous verez alors un menu .Cliquez simplement sur réparer.

    0
  8. midnightdevil
     
    ComboFix 08-08-12.01 - GT Race 2008-08-13 21:18:29.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2811 [GMT 2:00]
    Endroit: E:\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\pskt.ini
    C:\WINDOWS\sdfixwcs.dll
    C:\WINDOWS\system32\drivers\tcpsr.sys
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\wuasirvy.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_fci
    -------\Legacy_tcpsr
    -------\Service_tcpsr

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-13 21:21 . 2008-08-13 21:21 6,784 --a------ C:\WINDOWS\system32\drivers\tcpsr.sys
    2008-08-12 22:34 . 2008-08-12 22:34 <REP> d-------- C:\Program Files\Lavasoft
    2008-08-12 22:34 . 2008-08-12 22:34 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-08-12 22:34 . 2008-08-12 22:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-08-12 22:31 . 2008-08-12 22:31 268 --ah----- C:\sqmdata02.sqm
    2008-08-12 22:31 . 2008-08-12 22:31 244 --ah----- C:\sqmnoopt02.sqm
    2008-08-12 19:58 . 2008-08-12 19:58 268 --ah----- C:\sqmdata01.sqm
    2008-08-12 19:58 . 2008-08-12 19:58 244 --ah----- C:\sqmnoopt01.sqm
    2008-08-12 19:56 . 2008-08-12 19:56 2,048 --a------ C:\WINDOWS\system32\khlxkhew.exe
    2008-08-12 19:50 . 2008-08-12 19:50 1,374 ---hs---- C:\WINDOWS\system32\megnobqm.ini
    2008-08-07 22:50 . 2008-08-07 22:50 2,048 --a------ C:\WINDOWS\system32\jrmmatro.exe
    2008-08-06 22:44 . 2008-08-06 22:44 2,048 --a------ C:\WINDOWS\system32\yiuqticn.exe
    2008-08-06 22:42 . 2008-08-06 22:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-06 22:42 . 2008-08-06 22:42 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\Malwarebytes
    2008-08-06 22:42 . 2008-08-06 22:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-06 22:42 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-06 22:42 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-06 22:41 . 2008-08-07 22:42 954 ---hs---- C:\WINDOWS\system32\lwwbbrot.ini
    2008-08-05 07:12 . 2008-08-05 07:12 2,048 --a------ C:\WINDOWS\system32\ksiysyhl.exe
    2008-08-05 07:12 . 2008-08-06 22:39 834 ---hs---- C:\WINDOWS\system32\nvyexbbi.ini
    2008-08-04 22:57 . 2008-08-05 07:06 534 ---hs---- C:\WINDOWS\system32\batcuwuj.ini
    2008-08-04 22:44 . 2008-08-13 21:12 30,848 --a------ C:\WINDOWS\system32\drivers\Aid63.sys
    2008-08-04 22:44 . 2008-08-04 22:44 27,136 --a------ C:\srdyxdh.exe
    2008-08-04 22:44 . 2008-08-04 22:44 2 --a------ C:\-1261588999
    2008-08-04 11:09 . 2008-08-04 11:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
    2008-08-03 21:06 . 2008-08-03 21:06 <REP> d-------- C:\Program Files\P2P_Torrent
    2008-08-03 21:06 . 2008-08-03 21:06 <REP> d-------- C:\Program Files\Conduit
    2008-08-03 10:07 . 2008-08-05 09:34 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\BitTorrent
    2008-08-03 09:57 . 2008-08-13 21:18 <REP> d-------- C:\Program Files\DNA
    2008-08-03 09:57 . 2008-08-03 09:57 <REP> d-------- C:\Program Files\BitTorrent
    2008-08-03 09:57 . 2008-08-13 21:19 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\DNA
    2008-08-03 09:41 . 2008-08-03 09:54 <REP> d-------- C:\WINDOWS\NV1552668.TMP
    2008-08-03 09:41 . 2008-06-18 17:46 190,432 --a------ C:\WINDOWS\system32\nvapps.nvb
    2008-08-03 09:40 . 2008-08-03 09:40 <REP> d-------- C:\NVIDIA
    2008-08-03 09:36 . 2008-08-03 09:36 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-08-02 22:15 . 2008-08-02 22:15 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-08-02 22:14 . 2008-08-02 22:14 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-08-02 22:14 . 2008-08-02 22:15 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-08-02 22:14 . 2008-08-02 22:15 <REP> d-------- C:\a0ae3dee063b03619a
    2008-07-31 21:07 . 2008-04-13 11:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
    2008-07-31 21:07 . 2008-04-13 11:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
    2008-07-31 21:07 . 2008-07-31 21:07 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-07-31 21:06 . 2008-07-31 21:08 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\PC Suite
    2008-07-31 21:06 . 2008-07-31 21:09 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\Nokia
    2008-07-31 21:06 . 2008-07-31 21:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
    2008-07-31 21:05 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\PC Connectivity Solution
    2008-07-31 21:05 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Nokia
    2008-07-31 21:05 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
    2008-07-31 21:05 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
    2008-07-31 21:05 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\DIFX
    2008-07-31 21:05 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
    2008-07-31 21:05 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
    2008-07-31 21:05 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
    2008-07-31 21:05 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
    2008-07-31 21:05 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
    2008-07-31 21:05 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
    2008-07-31 21:05 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
    2008-07-31 21:04 . 2008-07-31 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations
    2008-07-28 23:18 . 2008-07-28 23:18 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2008-07-28 23:18 . 2004-04-14 10:54 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
    2008-07-28 23:18 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
    2008-07-28 23:18 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
    2008-07-28 23:18 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
    2008-07-28 23:18 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
    2008-07-28 22:58 . 2008-07-28 22:58 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\Ubisoft
    2008-07-28 22:56 . 2008-07-28 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
    2008-07-28 22:47 . 2008-07-28 22:47 <REP> d-------- C:\Program Files\Ubisoft
    2008-07-28 22:35 . 2008-07-28 22:35 <REP> d-------- C:\Program Files\DAEMON Tools Toolbar
    2008-07-28 22:35 . 2008-07-29 08:36 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-07-28 22:29 . 2008-07-28 22:29 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\DAEMON Tools
    2008-07-28 22:29 . 2008-07-28 22:29 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-07-28 21:59 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-07-28 21:50 . 2008-07-28 21:50 <REP> d-------- C:\Program Files\Undisker
    2008-07-28 18:51 . 2008-07-28 18:51 <REP> d-------- C:\Program Files\oZone3D
    2008-07-28 18:23 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-07-28 15:16 . 2008-07-28 19:24 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-07-28 14:15 . 2008-05-07 07:11 1,294,336 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
    2008-07-28 14:15 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-07-27 20:21 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-07-27 20:21 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-07-27 20:21 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-07-27 20:08 . 2008-07-27 20:09 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\Media Player Classic
    2008-07-27 20:00 . 2008-07-27 20:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-07-27 20:00 . 2005-02-17 07:15 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
    2008-07-27 01:02 . 2008-07-27 01:02 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\vlc
    2008-07-27 01:00 . 2008-07-27 01:00 <REP> d-------- C:\Program Files\VideoLAN
    2008-07-27 00:55 . 2008-07-27 00:55 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-07-26 23:48 . 2008-08-05 08:22 <REP> d-------- C:\Program Files\eMule
    2008-07-26 23:25 . 2008-07-26 23:25 <REP> dr-h----- C:\Documents and Settings\GT Race\Application Data\SecuROM
    2008-07-26 23:18 . 2008-07-26 23:18 <REP> d-------- C:\Program Files\Electronic Arts
    2008-07-26 22:57 . 2008-07-26 22:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
    2008-07-26 22:56 . 2008-07-26 22:56 <REP> d-------- C:\Documents and Settings\GT Race\Application Data\Logitech
    2008-07-26 22:56 . 2008-07-26 22:56 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-07-26 22:56 . 2008-07-26 22:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-07-26 22:56 . 2008-07-26 22:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2008-07-26 22:55 . 2008-07-28 23:18 <REP> d-------- C:\Program Files\Logitech
    2008-07-26 22:55 . 2008-07-26 22:55 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
    2008-07-26 22:55 . 2008-07-26 22:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
    2008-07-26 22:55 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
    2008-07-26 22:55 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
    2008-07-26 22:55 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
    2008-07-26 22:55 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
    2008-07-26 22:55 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
    2008-07-26 21:23 . 2008-07-26 21:23 <REP> d-------- C:\Program Files\Alwil Software
    2008-07-26 20:54 . 2008-07-26 20:54 <REP> d-------- C:\WINDOWS\BtFxTemp
    2008-07-26 20:54 . 2008-07-26 20:54 <REP> d-------- C:\btinbox
    2008-07-26 20:46 . 2000-05-22 00:00 166,600 --a------ C:\WINDOWS\system32\MSMASK32.OCX
    2008-07-26 20:46 . 2002-06-19 15:02 90,112 --a------ C:\WINDOWS\system32\ESICOMMN.dll
    2008-07-26 20:46 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
    2008-07-26 20:40 . 2008-07-26 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-07-26 05:10 . 2008-04-13 18:57 58,752 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2008-07-26 05:10 . 2008-04-13 19:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-07-26 05:10 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2008-07-26 05:10 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2008-07-26 05:09 . 2008-07-26 05:09 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage r‚seau
    2008-07-26 05:09 . 2008-07-26 05:09 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
    2008-07-26 05:09 . 2008-07-25 22:22 <REP> d--h----- C:\Documents and Settings\Default User\ModŠles
    2008-07-26 05:09 . 2008-07-26 05:09 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
    2008-07-26 05:09 . 2008-07-26 05:09 <REP> dr------- C:\Documents and Settings\Default User\Menu D‚marrer
    2008-07-26 05:09 . 2008-07-26 05:09 <REP> d-------- C:\Documents and Settings\Default User\Favoris
    2008-07-26 05:09 . 2008-07-26 05:09 <REP> d-------- C:\Documents and Settings\Default User\Bureau
    2008-07-26 05:09 . 2008-07-26 05:09 <REP> d--h----- C:\Documents and Settings\All Users\ModŠles
    2008-07-26 05:09 . 2008-07-27 20:00 <REP> dr------- C:\Documents and Settings\All Users\Menu D‚marrer
    2008-07-26 05:09 . 2008-07-26 05:09 <REP> d-------- C:\Documents and Settings\All Users\Favoris
    2008-07-26 05:09 . 2008-07-25 23:26 <REP> dr------- C:\Documents and Settings\All Users\Documents

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-13 19:20 16,608 ----a-w C:\WINDOWS\gdrv.sys
    2008-08-04 20:44 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-07-28 21:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-27 18:00 --------- d-----w C:\Program Files\GIGABYTE
    2008-07-27 18:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-07-25 21:28 30,008 ----a-w C:\WINDOWS\system32\drivers\ET5Drv.sys
    2008-07-25 20:49 --------- d-----w C:\Program Files\Realtek
    2008-07-25 20:49 --------- d-----w C:\Documents and Settings\GT Race\Application Data\InstallShield
    2008-07-25 20:47 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-07-25 20:45 --------- d-----w C:\Program Files\Intel
    2008-07-25 20:37 --------- d-----w C:\Documents and Settings\GT Race\Application Data\MSN6
    2008-07-25 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2008-07-25 20:25 --------- d-----w C:\Program Files\microsoft frontpage
    2008-07-25 20:24 558,142 ----a-w C:\WINDOWS\java\Packages\USBFJTVH.ZIP
    2008-07-25 20:24 155,995 ----a-w C:\WINDOWS\java\Packages\EOD71BL7.ZIP
    2008-07-25 20:22 --------- d-----w C:\Program Files\Services en ligne
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll
    2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 14:20 490952]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 16:00 1249280]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 14:31 1122816]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-08-03 09:57 341824]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GEST"="C:\Program Files\GIGABYTE\GEST\RUN.exe" [2008-07-25 23:29 236040]
    "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
    "36X Raid Configurer"="C:\WINDOWS\System32\xRaidSetup.exe" [2007-08-29 10:55 1966080]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-06-18 17:46 13533184]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-06-18 17:46 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 12:14 16844800 C:\WINDOWS\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2008-06-18 17:46 1657376 C:\WINDOWS\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 19:34 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aid63.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\WINDOWS\\system32\\winver.exe"=

    R0 Aid63;Aid63;C:\WINDOWS\system32\Drivers\Aid63.sys [2008-08-13 21:12]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    R3 GEST Service;GEST Service for program management.;C:\Program Files\GIGABYTE\GEST\GSvr.exe [2008-07-25 23:28]
    S1 d9dc4bed;d9dc4bed;C:\WINDOWS\system32\drivers\d9dc4bed.sys []
    S3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys []
    S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys []
    S3 tcpsr;tcpsr;C:\WINDOWS\System32\drivers\tcpsr.sys [2008-08-13 21:21]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78e21d09-5cde-11dd-9a34-001d7d06b401}]
    \Shell\AutoRun\command - l2f.cmd
    \Shell\explore\Command - l2f.cmd
    \Shell\open\Command - l2f.cmd
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Registry Helper - C:\Program Files\Registry Helper\LaunchRegistryHelper.Exe
    HKCU-Run-Disk Cleaner - C:\Program Files\Disk Cleaner\LaunchDiskCleaner.Exe
    HKCU-Run-WindowsManager - c:\cuhv.exe

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/

    O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
    C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
    C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-13 21:21:04
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-13 21:22:06 - machine was rebooted [GT Race]
    ComboFix-quarantined-files.txt 2008-08-13 19:22:03

    Pre-Run: 239,854,407,680 octets libres
    Post-Run: 239,835,721,728 octets libres

    287 --- E O F --- 2008-08-03 18:08:45
    0
  9. midnightdevil
     
    j'arrives tjrs pas à me connecter à msn pour lire mes mails, il me dit encore que mon mot de passe est incorrect alors que de partout ailleurs j'y vait sans pb. De plus j'ai mis 1h à me connecter sur internet en faisant un pont avec mes connections, sinon avant ça marchait plus. J'ai l'impression d'être dans une impasse, à chaque foi que j'utilise un des logiciels que tu me dit il me trouve quelque chose, mais ça revient à chaque fois. Le jour ou j'ai chopé le virus il est allé sur mon invité de commande, y aurait-il pas un exécutable à supprimer, de plus j'ai remarqué plusieures fois dans les divers log utilisés qu'un fichier de restore était présent à chaque fois dans la liste des éléments à supprimer. Je craque, ça fait 15 jrs, et puis il a même po 1 mois mon PC!!!
    Merci à toi de t'intéresser autant à mes pb
    0
  10. midnightdevil
     
    Voici un rapport que j'ai reçu de windows à mon dernier démarrage de pc:

    Summary
    Win32/Cutwail is a multi-component family of trojans that download and execute arbitrary files. Downloaded files may be executed from disk or injected directly into other processes. Whilst the functionality of the files that are downloaded is variable, Cutwail's purpose is often to send spam. Cutwail also employs a rootkit and other defensive techniques to avoid detection and removal. This component is used to send spam.
    Symptoms
    System Changes
    The following system changes may indicate the presence of Spammer:Win32/Cutwail.gen!B:
    Presence of the following files:
    <system folder>\drivers\dumplog.exe
    <system folder>\drivers\nktest.sys
    <system folder>\drivers\nkv2.sys
    Technical Information
    Win32/Cutwail is a multi-component family of trojans that download and execute arbitrary files. Downloaded files may be executed from disk or injected directly into other processes. Whilst the functionality of the files that are downloaded is variable, Cutwail's purpose is often to send spam. Cutwail may employ a rootkit and other defensive techniques to avoid detection and removal. This component is used to send spam. Installation Spammer:Win32/Cutwail.gen!B is injected into the %windows%\system32\svchost.exe process by other Cutwail variants/components. When running, it may drop the following files:
    <system folder>\drivers\dumplog.exe
    <system folder>\drivers\nktest.sys
    <system folder>\drivers\nkv2.sys
    Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP and Vista is C:\Windows\System32. Payload Sends Spam Spammer:Win32/Cutwail.gen!B may contact the following IP addresses in order to receive configuration instructions:
    208.66.194.227
    207.46.55.28
    The trojan may also make a number of outbound connection attempts via port 25 to the following servers in order to test for e-mail-sending capability:
    mxs.mail.ru
    gmail-smtp-in.l.google.com
    gsmtp183.google.com
    in1.smtp.messagingengine.com
    mail7.digitalwaves.co.nz
    After receiving configuration data from a remote controller and testing the affected machine's capabilities, this trojan may be used to send bulk unwanted e-mail (i.e. spam). Analysis by Scott Molenkamp
    Steps
    Take the following steps to help prevent infection on your system:
    Enable a firewall on your computer.
    Get the latest computer updates.
    Use up-to-date antivirus software.
    Use caution with attachments and file transfers.
    Enable a firewall on your computer
    Use a third-party firewall product or turn on the Microsoft Windows XP Internet Connection Firewall.
    To turn on the Internet Connection Firewall in Windows XP
    Click Start, and click Control Panel.
    Click Network and Internet Connections. If you do not see Network and Internet Connections, click Switch to Category View.
    Click Change Windows Firewall Settings.
    Select On.
    Click OK.
    To turn on the Windows Firewall in Windows Vista
    Click Start, and click Control Panel.
    Click Security.
    Click Turn Windows Firewall on or off.
    Select On.
    Click OK.
    Get the latest computer updates
    Updates help protect your computer from viruses, worms, and other threats as they are discovered. You can use the Automatic Updates feature in Windows XP to automatically download future Microsoft security updates while your computer is on and connected to the Internet.
    To turn on Automatic Updates in Windows XP
    Click Start, and click Control Panel.
    Click System.
    Click Automatic Updates.
    Select a setting. Microsoft recommends selecting Automatic. If you do not choose Automatic, but you choose to be notified when updates are ready, a notification balloon appears when new downloads are available to install. Click the notification balloon to review and install the updates.
    Use up-to-date antivirus software
    Most antivirus software can detect and prevent infection by known malicious software. To help protect you from infection, you should always run antivirus software that is updated with the latest signature files. Antivirus software is available from several sources. For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.
    Use caution with attachments and file transfers
    Exercise caution with e-mail and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources.
    Recovery Steps
    Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft online scanner (http://safety.live.com). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

    Technical Information
    Win32/Cutwail is a multi-component family of trojans that download and execute arbitrary files. Downloaded files may be executed from disk or injected directly into other processes. Whilst the functionality of the files that are downloaded is variable, Cutwail's purpose is often to send spam. Cutwail may employ a rootkit and other defensive techniques to avoid detection and removal. This component is used to send spam. Installation Spammer:Win32/Cutwail.gen!B is injected into the %windows%\system32\svchost.exe process by other Cutwail variants/components. When running, it may drop the following files:
    <system folder>\drivers\dumplog.exe
    <system folder>\drivers\nktest.sys
    <system folder>\drivers\nkv2.sys
    Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP and Vista is C:\Windows\System32. Payload Sends Spam Spammer:Win32/Cutwail.gen!B may contact the following IP addresses in order to receive configuration instructions:
    208.66.194.227
    207.46.55.28
    The trojan may also make a number of outbound connection attempts via port 25 to the following servers in order to test for e-mail-sending capability:
    mxs.mail.ru
    gmail-smtp-in.l.google.com
    gsmtp183.google.com
    in1.smtp.messagingengine.com
    mail7.digitalwaves.co.nz
    After receiving configuration data from a remote controller and testing the affected machine's capabilities, this trojan may be used to send bulk unwanted e-mail (i.e. spam). Analysis by Scott Molenkamp
    Steps
    Take the following steps to help prevent infection on your system:
    Enable a firewall on your computer.
    Get the latest computer updates.
    Use up-to-date antivirus software.
    Use caution with attachments and file transfers.
    Enable a firewall on your computer
    Use a third-party firewall product or turn on the Microsoft Windows XP Internet Connection Firewall.
    To turn on the Internet Connection Firewall in Windows XP
    Click Start, and click Control Panel.
    Click Network and Internet Connections. If you do not see Network and Internet Connections, click Switch to Category View.
    Click Change Windows Firewall Settings.
    Select On.
    Click OK.
    To turn on the Windows Firewall in Windows Vista
    Click Start, and click Control Panel.
    Click Security.
    Click Turn Windows Firewall on or off.
    Select On.
    Click OK.
    Get the latest computer updates
    Updates help protect your computer from viruses, worms, and other threats as they are discovered. You can use the Automatic Updates feature in Windows XP to automatically download future Microsoft security updates while your computer is on and connected to the Internet.
    To turn on Automatic Updates in Windows XP
    Click Start, and click Control Panel.
    Click System.
    Click Automatic Updates.
    Select a setting. Microsoft recommends selecting Automatic. If you do not choose Automatic, but you choose to be notified when updates are ready, a notification balloon appears when new downloads are available to install. Click the notification balloon to review and install the updates.
    Use up-to-date antivirus software
    Most antivirus software can detect and prevent infection by known malicious software. To help protect you from infection, you should always run antivirus software that is updated with the latest signature files. Antivirus software is available from several sources. For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.
    Use caution with attachments and file transfers
    Exercise caution with e-mail and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources.
    Recovery Steps
    Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft online scanner (http://safety.live.com). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.
    0
  11. midnightdevil Messages postés 73 Statut Membre
     
    Je suis allé acheter kaspersky internet security 2009 que j'ai installé, et miracle il me semble que tout est renté dans l'ordre enfin!!!
    Mais ça reste à confirmer dans les jours à venir.
    En tout cas merci encore pour tout chefpunki tu m'as été d'un grand secours. Je croise les doigts pour la suite, de toute façons je te tinedrai au courant sur cette page !!!
    Bonne soirée à toi, et merci aussi à toute l'équipe de comment ça marche pour l'aide précieuse qu'ils nous distillent à nous pcistes néophytes.
    0
  12. Eric
     
    Bonjour
    j'ai un Cheval de troie Cutwail, j'ai donc suivi la procédure avec Hijack This, et voici le log:
    Merci pour votre réponse

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:51:25, on 10/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\APPS\SMP\SMPSYS.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    D:\Documents and Settings\éric\éric.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.seekgoofr.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PostOOBE] C:\WINDOWS\system32\wscript.exe C:\DRIVERS\POSTOOBE.NEC //E:VBS
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [éric] D:\Documents and Settings\éric\éric.exe /i
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0