Windows center security karna & co

J'ai du le faire 2 fois car mon disque dur était mal branché

1er rapport

-------------- UsbFix V1.001 ---------------

* User : Acer - DWOL
* Outils mis a jours le 10/10/2008 par Chiquitine29
* Recherche effectuée à 16:20:24 le 12/10/2008
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------



--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur amovible


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
LaunchApp REG_SZ Alaunch
SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
AGRSMMSG REG_SZ AGRSMMSG.exe
SiSPower REG_SZ Rundll32.exe SiSPower.dll,ModeAgent
SiS Windows KeyHook REG_SZ C:\WINDOWS\system32\keyhook.exe
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
LManager REG_SZ C:\Program Files\Launch Manager\QtZgAcer.EXE
HP Software Update REG_SZ "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
HP Component Manager REG_SZ "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
Broadcom Wireless Manager UI REG_SZ C:\WINDOWS\system32\WLTRAY
!AVG Anti-Spyware REG_SZ "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
zzzHPSETUP REG_SZ E:\Setup.exe \RESET
Domino REG_SZ C:\WINDOWS\Domino.exe
NotebookHardwareControl REG_SZ "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Free Uploader Oe Integration REG_SZ C:\Program Files\Free Download Manager\FUM\fumoei.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-4096625331-3012512997-3059648233-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cf47fe3-50d6-11dc-bcbd-00c09fbc7e3b}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-4096625331-3012512997-3059648233-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cf47fe3-50d6-11dc-bcbd-00c09fbc7e3b}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61b330f8-10a4-11dd-be20-00c09fbc7e3b}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-4096625331-3012512997-3059648233-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61b330f8-10a4-11dd-be20-00c09fbc7e3b}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61b330f8-10a4-11dd-be20-00c09fbc7e3b}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-4096625331-3012512997-3059648233-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61b330f8-10a4-11dd-be20-00c09fbc7e3b}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61b330f8-10a4-11dd-be20-00c09fbc7e3b}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-4096625331-3012512997-3059648233-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61b330f8-10a4-11dd-be20-00c09fbc7e3b}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------


--------------- ! Fin du rapport ! ----------------


2ème rapport



-------------- UsbFix V1.001 ---------------

* User : Acer - DWOL
* Outils mis a jours le 10/10/2008 par Chiquitine29
* Recherche effectuée à 16:33:34 le 12/10/2008
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------



--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur amovible

I: - Lecteur fixe


+- Contenu de l'autorun : I:\autorun.inf

[autorun]
open=Autorun.exe
Icon=Sims2EP5.ico
Name=The Sims 2 Seasons

[Special]
Disk=1
ProductGuiID={DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
LaunchApp REG_SZ Alaunch
SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
AGRSMMSG REG_SZ AGRSMMSG.exe
SiSPower REG_SZ Rundll32.exe SiSPower.dll,ModeAgent
SiS Windows KeyHook REG_SZ C:\WINDOWS\system32\keyhook.exe
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
LManager REG_SZ C:\Program Files\Launch Manager\QtZgAcer.EXE
HP Software Update REG_SZ "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
HP Component Manager REG_SZ "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
Broadcom Wireless Manager UI REG_SZ C:\WINDOWS\system32\WLTRAY
!AVG Anti-Spyware REG_SZ "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
zzzHPSETUP REG_SZ E:\Setup.exe \RESET
Domino REG_SZ C:\WINDOWS\Domino.exe
NotebookHardwareControl REG_SZ "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Free Uploader Oe Integration REG_SZ C:\Program Files\Free Download Manager\FUM\fumoei.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cf47fe3-50d6-11dc-bcbd-00c09fbc7e3b}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-4096625331-3012512997-3059648233-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cf47fe3-50d6-11dc-bcbd-00c09fbc7e3b}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - I:\autorun.inf
Supprimé ! - I:\AutoRun

--------------- ! Fin du rapport ! ----------------

J'ai fait la 2ème étape de smit seulement il ne me pose aucune question, je me retrouve ensuite avec un écran noir et je il ne me fait pas le rapport j'ai donc du faire ctrl+alt+suppr pour taper explorer.exe pour récupérer mon écran mais toujours pas de rapport j'ai ensuite redémarré en mode normal et refait un scan dont voici le rapport :

SmitFraudFix v2.359

Rapport fait à 12:31:48.01, 2008-10-12
Executé à partir de C:\Documents and Settings\Acer\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\nwnyxkbo\bsjqxkbi.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\pktypelu.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Acer\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\karna.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Acer


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Acer\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ACER\FAVORIS


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Broadcom 802.11g - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F3AE12BB-121B-4B99-9B77-DC61D9DCFDA0}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F3AE12BB-121B-4B99-9B77-DC61D9DCFDA0}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F3AE12BB-121B-4B99-9B77-DC61D9DCFDA0}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F3AE12BB-121B-4B99-9B77-DC61D9DCFDA0}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

voici le rapport

C:\WINDOWS\system32\karna.dat moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10122008_124837

ComboFix 08-10-11.02 - Acer 2008-10-12 14:20:42.5 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.586 [GMT -12:00]
Lancé depuis: C:\Documents and Settings\Acer\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.

2008-10-12 13:09 . 2008-10-12 13:09 <REP> d-------- C:\Documents and Settings\Acer\Application Data\Malwarebytes
2008-10-12 13:08 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-12 13:08 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-12 12:48 . 2008-10-12 12:48 <REP> d-------- C:\_OTMoveIt
2008-10-12 11:57 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-12 11:57 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-12 11:57 . 2008-10-01 15:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-12 11:57 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-12 11:57 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-12 11:57 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-12 11:57 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-12 11:57 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-12 11:28 . 2001-08-28 14:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-10-12 10:57 . 2008-10-12 10:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 10:57 . 2008-10-12 10:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-12 10:29 . 2008-10-12 10:29 <REP> d-------- C:\Lop SD
2008-10-12 07:50 . 2008-10-12 07:50 <REP> d--hs---- C:\FOUND.049
2008-10-10 12:48 . 2008-10-10 12:48 <REP> d-------- C:\abzpaie
2008-10-09 22:36 . 2008-10-09 22:36 <REP> d-------- C:\Assigest
2008-10-09 11:13 . 2008-10-09 11:13 19,615 --a------ C:\WINDOWS\yxekuli.ban
2008-10-09 11:13 . 2008-10-09 11:13 19,611 --a------ C:\Program Files\Fichiers communs\cijybyhe.sys
2008-10-09 11:13 . 2008-10-09 11:13 18,299 --a------ C:\WINDOWS\system32\liviqimo.reg
2008-10-09 11:13 . 2008-10-09 11:13 17,740 --a------ C:\Program Files\Fichiers communs\woqe.reg
2008-10-09 11:13 . 2008-10-09 11:13 15,696 --a------ C:\WINDOWS\ihadaji.pif
2008-10-09 11:13 . 2008-10-09 11:13 15,685 --a------ C:\WINDOWS\pahep.dl
2008-10-09 11:13 . 2008-10-09 11:13 14,516 --a------ C:\Documents and Settings\All Users\Application Data\okusiliq.sys
2008-10-09 11:13 . 2008-10-09 11:13 14,492 --a------ C:\WINDOWS\system32\byduwuxa.inf
2008-10-09 11:13 . 2008-10-09 11:13 13,777 --a------ C:\WINDOWS\system32\kunygol.sys
2008-10-09 11:13 . 2008-10-09 11:13 12,449 --a------ C:\Documents and Settings\All Users\Application Data\sejan.pif
2008-10-09 11:13 . 2008-10-09 11:13 12,174 --a------ C:\WINDOWS\akac.exe
2008-10-09 11:13 . 2008-10-09 11:13 11,258 --a------ C:\WINDOWS\odutel.dat
2008-10-08 20:35 . 2008-10-08 20:35 <REP> d-------- C:\Program Files\dhahmac
2008-10-08 20:35 . 2008-10-08 20:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nwnyxkbo
2008-10-07 17:26 . 2008-10-07 17:26 <REP> d-------- C:\Documents and Settings\Acer\Application Data\OpenOffice.org2
2008-10-07 17:07 . 2008-10-07 17:07 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-10-02 03:01 . 2008-10-02 03:01 <REP> d-------- C:\Program Files\Tempstrav
2008-09-29 05:57 . 2008-09-29 05:57 <REP> d-------- C:\Program Files\Google
2008-09-16 06:46 . 2008-09-16 06:46 <REP> d-------- C:\Documents and Settings\Acer\Application Data\Apple Computer
2008-09-16 06:38 . 2008-09-16 06:38 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-16 06:38 . 2008-09-16 06:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 02:30 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-10-13 00:32 3,392 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-13 00:21 43,099 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-10-12 04:05 21,916 ----a-w C:\Documents and Settings\Acer\Application Data\wklnhst.dat
2008-10-09 23:13 18,097 ----a-w C:\Program Files\Fichiers communs\arihodese.ban
2008-09-12 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-12 13:34 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-07 07:30 --------- d-----w C:\Program Files\WordBiz
2008-08-28 05:21 --------- d-----w C:\Program Files\Interstem
2008-08-19 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-08-19 21:47 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-18 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Micro Application
2008-07-19 10:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 10:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 10:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 10:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 10:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 10:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 10:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 10:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 10:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 10:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 10:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 10:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 10:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 10:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 10:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 10:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 10:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-11-07 04:28 78,568 ----a-w C:\Documents and Settings\Acer\Application Data\GDIPFONTCACHEV1.DAT
2007-05-25 05:21 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
1998-04-28 11:00 570,128 ----a-w C:\Program Files\Fichiers communs\DAO350.DLL
.
[code]<pre>
----a-w 524,288 2007-06-19 13:24:54 C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe
</pre>[/code]


((((((((((((((((((((((((((((( snapshot@2008-10-09_12.33.21.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-06 20:25:38 340,564 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-10-12 23:12:24 529,804 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 315392]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"zzzHPSETUP"="E:\Setup.exe" [N/A]
"Domino"="C:\WINDOWS\Domino.exe" [2006-08-18 49152]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-03 2629632]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-19 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

C:\Documents and Settings\Acer\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-20 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-20 155648]
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\KPF4GUI.EXE"=
"D:\\gnucash\\bin\\gnucash-bin.exe"=
"D:\\gnucash\\bin\\gconfd-2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 119552]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 5504]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 fsssvc;Windows Live OneCare Contrôle parental;C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 523816]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 8704]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768]
S2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [ ]
S3 A4501A;802.11g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\A4501A.sys [2005-06-19 349728]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2006-04-22 29184]
S3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys [ ]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cf47fe3-50d6-11dc-bcbd-00c09fbc7e3b}]
\Shell\AutoRun\command - Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61b330f8-10a4-11dd-be20-00c09fbc7e3b}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vmxclutg.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF -: plugin - C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vmxclutg.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 14:30:26
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\WLTRAY.EXE
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\IMAPI.EXE
.
**************************************************************************
.
Heure de fin: 2008-10-12 14:35:27 - La machine a redémarré [Acer]
ComboFix-quarantined-files.txt 2008-10-13 02:35:16
ComboFix3.txt 2008-10-10 00:35:12
ComboFix2.txt 2008-10-12 09:48:42

Avant-CF: 347,832,320 octets libres
Après-CF: 325,664,768 octets libres

237 --- E O F --- 2008-09-10 15:07:53

le pc va beaucoup mieux windows center security n'est plus dans le panneau de config, je peux désormais activé ou désactivé le pare-feu qui n'est plus bloqué et je n'ai plus cette fenêtre qui m'informait que mon ordi était infecté.

info.txt logfile of random's system information tool 1.04 2008-10-12 18:03:27

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x40c -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
802.11 USB Wireless LAN Adapter-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Acer eManager for Notebook-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Agere Systems AC'97 Modem-->agrsmdel
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
avast! Antivirus-->rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Broadcom 802.11 Network Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose
Bryce 5.5c-->C:\WINDOWS\unvise32.exe d:\Bryce Uninstall.log
Calculette Orplan-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Calculette Orplan\ST5UNST.LOG"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CHANTIER 3.0B-->"c:\chantier\setup\uninst.exe"
Ciel Compta 13.0-->MsiExec.exe /I{053E4C51-9876-4F8E-874C-D77F559DAD5A}
Ciel Devis Factures 6.0-->MsiExec.exe /I{F29DDAD0-447D-4BDB-80CB-4276B4D5C9A7}
Ciel Gestion Commerciale 13.0-->MsiExec.exe /I{414C215E-F8E2-4235-BE08-B3932F50246D}
Ciel Immobilisations 13.0-->MsiExec.exe /I{14E10810-FC26-4707-AEBA-0CA5F6E6EE87}
Ciel Paye Démo 13.00-->MsiExec.exe /I{FB2230B0-02B9-4ED5-82AD-ED91ED719CFE}
Code de la Route Pratic-->MsiExec.exe /X{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}
ComptaOne 7.2.001-->"C:\Program Files\ComptaOne\unins000.exe"
Compteur Horaire 1.5-->"C:\Program Files\Compteur Horaire\unins000.exe"
CoreVorbis Audio Decoder (remove only)-->"C:\WINDOWS\system32\CoreVorbis-uninstall.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DAEMON Tools-->MsiExec.exe /I{2DF9A978-DEA1-4433-805D-66790FC28C62}
DAZ|Studio1.8.1.5-->C:\WINDOWS\unvise32.exe d:\DAZ Studio Uninstall.log
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
directDeclaration-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E8CD2C36-FABF-4277-A732-B978E20FB88F}\setup.exe" -l0x0
DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NT
DivX Codec 3.1alpha release-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
Filters Unlimited 2.0 Demo-->"C:\Program Files\PhotoFiltre Studio\Plugins\Filters Unlimited 2.0 Demo\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
GnuCash 2.2.2-->"D:\gnucash\uninstall\gnucash\unins000.exe"
GoodFrame-->"D:\GoodFrame\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Hermes hotel-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Interstem\Hermes hotel\DeIsL1.isu" -c"C:\Program Files\Interstem\Hermes hotel\_ISREG32.DLL"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hijackthis Version Française 1.99.0.1-->"C:\Program Files\Hijackthis Version Française\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
IziSpot 4.10-->MsiExec.exe /I{44E96AC6-1850-4391-8DC2-7816B92EB713}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
La boite a couleurs version 1.6.14-->"C:\Program Files\LaBoiteACouleurs\unins000.exe"
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Lauyan TOWeb V2-->"C:\Program Files\Lauyan\TOWeb V2\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Legacy 5.0-->D:\Legacy\UNWISE.EXE /U D:\Legacy\Install.log
Macrogaming SweetIM 2.1-->MsiExec.exe /X{502358FB-0718-45BC-B142-7511F1694D58}
Magic Photo Editor 4.23-->"D:\Magic Photo Editor\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maskimage-->D:\Maskimage\uninstall.exe
Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
MediaInfo 0.7.5.1-->C:\Program Files\MediaInfo\uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Micro Application - Cartes de visite 2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B4BA7E2-4BF4-4D97-B00D-6176A1C79B7D}\SETUP.EXE" -l0x40c
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Morgan Stream Switcher-->"C:\Program Files\Morgan\mmswitch\uninst.exe"
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Notebook Hardware Control 2.0 Pre-Release-06-->C:\Program Files\Notebook Hardware Control\uninst.exe
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Photo Framer 2.10-->"C:\Program Files\Photo Framer\unins000.exe"
PhotoDream 1.2-->"D:\PhotoDreamr\unins000.exe"
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PhotoFiltre-->"D:\PhotoFiltre\Uninst.exe"
Pixia 3.3b-->"C:\Program Files\Seagrand\Pixia\unins000.exe"
Planning-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Planning\ST6UNST.LOG"
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem7.inf
SiSAGP driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x40c
SmartUtils FastChords Lite 3.0-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\SmartUtils\FastChordsLite\Deploy.log"
SodeaSoft Planning Home Edition-->"C:\Program Files\SodeaSoft\PlanningFree\Uninstall.exe" "C:\Program Files\SodeaSoft\PlanningFree\install.log" -u
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sqirlz Lite-->C:\WINDOWS\Sqirlz Lite Uninstaller.exe
Sqirlz Water Reflections-->C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
Sunbelt Personal Firewall-->MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
SweetIM For Internet Explorer 3.0b-->MsiExec.exe /X{F6D63A65-BD23-46F3-B9A3-87F442423481}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Tempstrav-->"C:\Program Files\Tempstrav\unins000.exe"
Texture Processor v1.3-->"D:\Texture Processor\unins000.exe"
Thoosje Sidebar V2.0-->C:\Program Files\Thoosje Sidebar V2.0\Uninstal.exe
TurboCASH 3.7.55-->"D:\TCash3\unins000.exe"
USB PC Camera (ZS0211)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}\setup.exe" -l0x40c
UsbFix-->C:\Program Files\UsbFix\Uninstal.exe
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.5-freehd-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare Contrôle parental-->MsiExec.exe /X{3677FD57-D0DE-47CD-942E-99913D04C135}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordBiz version 1.8-->"C:\Program Files\WordBiz\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Security center information======

AV: avast! antivirus 4.7.1029 [VPS 000764-6]
FW: Sunbelt Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Fichiers communs\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------