[PAS DU TOUT URGENT] : Infection par 007guard

ce n'est peut être pas fine mais avec les dernière manip, je perd ma carte d'accès wireless, donc pas envir de refaire une resrurarion à chasue fois;

ce qui en plud m'oblige à refaire une autre maip, ect...



donc je laisse comme cela


Kerio ne me donne plus d''accès sortant à partles localhost , et après scan Avast et spybot et de nouveau malwarebytes, je n'a plus rien.


merci pour l'aide

@+

je veux bien continuer mais, comment de pas perdre ma connexion et ne pas devoir faire une restauration système pour avoir tout à recommencer à chaque fois.

alors on continue

Merci de ta réponse rapide


voici les rapports :

le premier

Logfile of random's system information tool 1.05 (written by random/random)
Run by Fabrice at 2009-02-16 15:57:30
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 4 GB (24%) free of 17 GB
Total RAM: 895 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:51, on 16/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tweak-XP Pro\transtask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fabrice\Bureau\RSIT.exe
C:\Program Files\trend micro\Fabrice.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.254:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\System32\LVComS.exe
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TransTask] "C:\Program Files\Tweak-XP Pro\transtask.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{96E942F3-CEB6-4232-9E62-B98AF335700F}: NameServer = 192.168.1.254
O20 - AppInit_DLLs: c:\windows\system32\sstqolm.dll
O20 - Winlogon Notify: kbdhbk - kbdhbk.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
End of file - 10783 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E03C0FD-4C48-43A7-9A54-00240C70FF16}]
ECarteBleueBrowserHelper Class - C:\WINDOWS\system32\BhoECart.dll [2003-10-31 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E}]
SnapFlash Class - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll [2006-03-16 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-03-09 335872]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-01-22 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-01-22 495616]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2004-05-04 266240]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2004-04-30 430080]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-20 88363]
"LVComs"=C:\WINDOWS\System32\LVComS.exe [2000-12-06 86016]
"AS00_Gear511"=C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe [2004-12-03 475136]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [2001-12-14 196608]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-07-02 185896]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2006-03-23 1398272]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-13 110592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"TransTask"=C:\Program Files\Tweak-XP Pro\transtask.exe [2003-01-07 24576]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockAds]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransparentIcons]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]
[]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\sstqolm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-03-09 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbdhbk]
kbdhbk.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOWS\system32\srr

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=FF000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-02-16 15:57:31 ----D---- C:\Program Files\trend micro
2009-02-16 15:57:30 ----D---- C:\rsit
2009-02-16 14:14:31 ----A---- C:\rapport_clean.txt
2009-02-16 14:08:39 ----A---- C:\resultat_clean.txt
2009-02-14 10:31:23 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-12 16:07:40 ----D---- C:\Documents and Settings\Fabrice\Application Data\Malwarebytes
2009-02-12 16:07:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-12 16:07:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-12 16:01:37 ----A---- C:\TCleaner.txt
2009-02-09 15:36:36 ----D---- C:\Program Files\Trillian
2009-02-08 19:57:25 ----D---- C:\Program Files\msn gaming zone
2009-02-05 19:24:48 ----A---- C:\WINDOWS\BPama.INI
2009-02-05 19:22:15 ----D---- C:\Program Files\FG Software

======List of files/folders modified in the last 1 months======

2009-02-16 15:57:34 ----D---- C:\WINDOWS\Prefetch
2009-02-16 15:57:31 ----RD---- C:\Program Files
2009-02-16 15:14:53 ----D---- C:\Program Files\Mozilla Firefox
2009-02-16 14:38:37 ----D---- C:\WINDOWS\Temp
2009-02-16 14:36:54 ----D---- C:\WINDOWS
2009-02-16 14:35:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-16 14:34:56 ----SHD---- C:\WINDOWS\Installer
2009-02-16 14:34:07 ----D---- C:\WINDOWS\system32\drivers
2009-02-16 14:34:04 ----HD---- C:\WINDOWS\inf
2009-02-16 14:33:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-16 14:33:49 ----D---- C:\WINDOWS\system32
2009-02-16 13:52:38 ----D---- C:\Program Files\Mozilla Thunderbird
2009-02-14 13:04:41 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-12 12:45:20 ----A---- C:\WINDOWS\wininit.ini
2009-02-12 12:11:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-12 12:10:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-11 16:25:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-10 15:04:36 ----D---- C:\Program Files\AV WebCam Morpher GOLD
2009-02-08 00:45:36 ----D---- C:\WINDOWS\security
2009-02-08 00:41:09 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-06 14:01:12 ----D---- C:\Documents and Settings\Fabrice\Application Data\AdobeUM
2009-02-06 13:50:37 ----D---- C:\Program Files\Enigma Software Group
2009-02-05 22:11:35 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-02 12:22:40 ----D---- C:\WINDOWS\Minidump
2009-01-31 16:08:54 ----D---- C:\WINDOWS\Help
2009-01-28 13:16:05 ----D---- C:\Documents and Settings\Fabrice\Application Data\LimeWire
2009-01-28 12:40:12 ----D---- C:\Program Files\Shareaza
2009-01-26 11:15:32 ----D---- C:\Program Files\TuneUp Utilities 2008

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2006-03-23 29440]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-03-23 33536]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 AVWEBCAM;AV WebCam, WDM Video Capture; C:\WINDOWS\system32\DRIVERS\avwebcam.sys [2005-11-22 215552]
R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2006-07-05 15781]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2006-03-02 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2006-03-02 55936]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\System32\drivers\tmcomm.sys []
R2 WebCamHelper;WebCamHelper; \??\C:\PROGRA~1\AVWEBC~1\WebCamHelper.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-26 611820]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-03-09 680448]
R3 AWINDIS5;AWINDIS5 Protocol Driver; \??\C:\WINDOWS\System32\AWINDIS5.SYS []
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-03-05 34576]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2006-03-02 12288]
R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service; C:\WINDOWS\System32\DRIVERS\wg511nd5.sys [2004-08-13 395840]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-12-05 68352]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-23 36937]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-01-22 178816]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\System32\DRIVERS\NBSMI.sys [2004-02-27 4224]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2006-03-23 102016]
S1 lusbaudio;Logitech USB Microphone; C:\WINDOWS\system32\drivers\lvsound2.sys [2000-12-06 29696]
S1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys []
S3 61883;Pilote d'unité 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-02-20 1265388]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2004-05-28 390944]
S3 Avc;Périphérique AVC; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-03-05 39184]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-13 273664]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\System32\DRIVERS\kvpndrv.sys [2004-08-19 59392]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PID_0890_I;Logitech QuickCam Traveler (Still Camera)(PID_0890_I); C:\WINDOWS\System32\DRIVERS\BULKUSB.sys [2000-11-13 10547]
S3 PID_0890_V;Logitech QuickCam Traveler(PID_0890_V); C:\WINDOWS\System32\DRIVERS\CA500AV.SYS [2000-11-13 191052]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-03-09 397312]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-01-12 117520]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-03-04 28672]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2006-03-23 880128]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-09 355584]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

et le second

info.txt logfile of random's system information tool 1.05 2009-02-16 15:57:55

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.isu"
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x40c -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 6.0 Professional - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001}
Adobe Illustrator 10.0.3-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe InDesign 2.0.2-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\InDesign 2.0\Uninst.isu" -c"C:\Program Files\Adobe\InDesign 2.0\Uninst.dll"
Adobe Photoshop 7.0.1-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agfa ScanWise 2.00-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Agfa\ScanWise 2_00\uninst.isu" -c"C:\Program Files\Agfa\ScanWise 2_00\UNINSTALL.DLL"
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Architecte Studio 2005-->MsiExec.exe /I{3963072C-FD39-4178-9B60-C3B9D7AB69F2}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x40c
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AV WebCam Morpher GOLD 1.0-->C:\PROGRA~1\AVWEBC~1\UNWISE.EXE C:\PROGRA~1\AVWEBC~1\INSTALL.LOG
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Babimals-->"C:\Program Files\Babimals\uninstall.exe"
Bluesoleil3.2.1.2 Release 070314-->MsiExec.exe /X{AF98AF15-161E-42EC-9008-1CCF9BB83961}
BPM-Studio 4 Profi-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ALCATech\BPM-Studio 4 Profi\DeIsL2.isu"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Commandes TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x40c UNINSTALL
Console TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x40c
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Audio Extractor 4.2.1-->"C:\Program Files\DVD Audio Extractor\unins000.exe"
DX-Ball 2 ModPack-->F:\DXBALL~1\DXBall2\UNWISE.EXE F:\DXBALL~1\DXBall2\INSTALL.LOG
DX-Ball 2 v1.2 Patch-->F:\DXBALL~1\DXBall2\UNWISE.EXE F:\DXBALL~1\DXBall2\INSTALL.LOG
DX-Ball 2-->F:\DXBALL~1\DXBall2\UNWISE.EXE F:\DXBALL~1\DXBall2\INSTALL.LOG
Easy CD-DA Extractor 8.2.2-->"C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 8\irunin.xml"
EPSON Photo Chargeur3 V1.22F-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\EPSON\Epf_upld3.v12\Uninst.isu"
EPSON Photo!3 Ver.1-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\EPSON\Epphoto3.v1\Uninst.isu"
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Extension SRS WOW XT 1.0.1 pour le Lecteur Windows Media pour TOSHIBA-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D368EE-F5AC-4402-BD45-B454B5453FE1}
Flash Catcher-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C6B728E-31B1-48B3-99B5-6B6BB85BC896}\setup.exe"
Gestion d'énergie TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\System32\TPSDel.dll"
GetRight-->C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Harry Potter et le prisonnier d'Azkaban(TM)-->F:\EA GAMES\Harry Potter et le prisonnier d'Azkaban(TM)\EAUninstall.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Fabrice\Bureau\HijackThis.exe" /uninstall
hp deskjet 960c series (Supprimer uniquement)-->C:\Program Files\hp deskjet 960c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=960c -huninstall
hp deskjet 960c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 960c series
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
InterVideo WinDVD for Toshiba-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Les départements français-->"F:\GEOGRAPHIE\FRANCE\uninstall.exe"
Les états d'Amérique du Nord-->"F:\GEOGRAPHIE\AmeriqueNord\uninstall.exe"
Les pays d'Amérique du Sud-->"F:\GEOGRAPHIE\AMERIQUE\uninstall.exe"
Les pays d'Europe 6.04-->"F:\GEOGRAPHIE\EUROPE\uninstall.exe"
Livre Album Fuji Photo-->"C:\Program Files\Livre Album Fuji Photo\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manuels TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}\Setup.exe" -l0x40c
Micro Application - 1, 2, 3 Photo 2006-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A20B1BE5-F7DC-4201-A72F-EE432AAD5BCD}\SETUP.EXE" -l0x40c
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A1040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002-->MsiExec.exe /I{9019040C-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Monopoly-->C:\WINDOWS\IsUn040c.exe -ff:\Monopoly\Uninst.isu
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN Webcam Recorder 11.1-->MsiExec.exe /I{0991E101-B081-4F65-B30A-5BEDA8CF7CEE}
Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NETGEAR 108 Mbps Wireless PC Card WG511T-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9D20484-D3CC-4CD2-B1ED-B72A9CEFD45D}\Setup.exe" -l0x40c
OpenOffice.org 2.0-->MsiExec.exe /I{E2055AB2-D1C7-4147-A384-2B4B1C04282B}
Outil de diagnostic PC TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
Paltalk Messenger-->"C:\WINDOWS\Paltalk Messenger\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
PCI 1620 Cardbus Controller and Software-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AE2310DC-B261-4D84-BE03-BD318EB41B78} /l1036
Photo Portrait Studio-->C:\WINDOWS\IsUn040c.exe -f"f:\micro application\Photo Portrait Studio\Uninst.isu"
Photo Resize Magic 1.0-->C:\Program Files\Photo Resize Magic\uninst.exe
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickCam-->MsiExec.exe /I{43A9F944-0398-425E-9E22-201F65FE0CCA}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\SETUP.EXE" -l0x40c REMOVE
Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x40c
SMSC IrCC V5.1.3600.3 SP1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x40c UNINSTALL
Sony Picture Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x40c /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Steam-->C:\PROGRA~1\Valve\Steam\UNWISE.EXE C:\PROGRA~1\Valve\Steam\INSTALL.LOG
Sunbelt Personal Firewall-->MsiExec.exe /X{82B1150E-9B37-49FC-83EB-D52197D900D0}
Suppress Plus-->C:\Program Files\splus\uninstall.exe
swf2avi 0.3-->"C:\Program Files\swf2avi\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
TmUnitedForever-->"F:\TmUnitedForever\unins000.exe"
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\Setup.exe" -l0x40c UNINSTALL
TOSHIBA Hotkey Utility for Display Devices-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Toshiba\Toshiba Applet\TFNF5.isu" -c"C:\Program Files\Toshiba\Toshiba Applet\TF5Unist.dll"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Utilities-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Toshiba\TOSHIBA Applet\TSBUTIL.isu"
Touch and Launch-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3470FBE6-B743-420F-B5CE-0D27FA749C16}\Setup.exe" -l0x40c
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Tweak-XP Pro-->MsiExec.exe /I{BA3BC81F-0035-4D62-8AB4-6F83D7C1F480}
Utilitaire de zoom TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe"
Virtualis Crédit Mutuel-->C:\Program Files\Virtualis\Désinstallation Virtualis Crédit Mutuel
Visviva Animation Player-->C:\Program Files\visviva\vae\bin\uninstall.exe
VSO Image Resizer 1.0.5-->"C:\Program Files\VSO\Image Resizer\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Winamp 5 FR-->"C:\Program Files\Winamp\UninstFR.exe"
WinAVI Video Converter 7.7.1-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
WinAVI VideoConverter-->"C:\Program Files\WinAVI VideoConverter\unins000.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Support Tools-->MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XnView 1.82.4-->"C:\Program Files\XnView\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090216-0]
FW: Sunbelt Personal Firewall

System event log

Computer Name: NEO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

Record Number: 5442
Source Name: Service Control Manager
Time Written: 20081201144415.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: NEO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 5441
Source Name: Service Control Manager
Time Written: 20081201144415.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: NEO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Web Scanner.

Record Number: 5440
Source Name: Service Control Manager
Time Written: 20081201144415.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: NEO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.

Record Number: 5439
Source Name: Service Control Manager
Time Written: 20081201144414.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: NEO
Event Code: 10
Message: Ce lecteur ne semble pas prendre en charge la lecture audio numérique.

Record Number: 5438
Source Name: redbook
Time Written: 20081201144353.000000+060
Event Type: Informations
User:

Application event log

Computer Name: NEO
Event Code: 103
Message: wuaueng.dll (1136) SUS20ClientDataStore: Le moteur de base de données a arrêté une instance (0).

Record Number: 1556
Source Name: ESENT
Time Written: 20051122093648.000000+060
Event Type: Informations
User:

Computer Name: NEO
Event Code: 102
Message: wuaueng.dll (1136) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 1555
Source Name: ESENT
Time Written: 20051122093147.000000+060
Event Type: Informations
User:

Computer Name: NEO
Event Code: 100
Message: wuauclt (1136) Le moteur de base de données 5.01.2600.0000 est démarré.

Record Number: 1554
Source Name: ESENT
Time Written: 20051122093147.000000+060
Event Type: Informations
User:

Computer Name: NEO
Event Code: 1000
Message: Application défaillante ypager.exe, version 6.0.0.1750, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x74db5681.

Record Number: 1553
Source Name: Application Error
Time Written: 20051115174703.000000+060
Event Type: erreur
User:

Computer Name: NEO
Event Code: 101
Message: wuauclt (2692) Le moteur de base de données est arrêté.

Record Number: 1552
Source Name: ESENT
Time Written: 20051115150613.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304

Bonjour,


Voici le rapport Combofix


ComboFix 09-02-15.01 - Fabrice 2009-02-17 9:17:28.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.895.496 [GMT 1:00]
Lancé depuis: c:\documents and settings\Fabrice\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090216-1] *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patch.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\_003366_.tmp.dll
c:\windows\system32\_003367_.tmp.dll
c:\windows\system32\_003368_.tmp.dll
c:\windows\system32\_003369_.tmp.dll
c:\windows\system32\_003376_.tmp.dll
c:\windows\system32\_003377_.tmp.dll
c:\windows\system32\_003378_.tmp.dll
c:\windows\system32\_003379_.tmp.dll
c:\windows\system32\_003381_.tmp.dll
c:\windows\system32\_003382_.tmp.dll
c:\windows\system32\_003385_.tmp.dll
c:\windows\system32\_003386_.tmp.dll
c:\windows\system32\_003388_.tmp.dll
c:\windows\system32\_003389_.tmp.dll
c:\windows\system32\_003390_.tmp.dll
c:\windows\system32\_003392_.tmp.dll
c:\windows\system32\_003393_.tmp.dll
c:\windows\system32\_003395_.tmp.dll
c:\windows\system32\_003399_.tmp.dll
c:\windows\system32\_003400_.tmp.dll
c:\windows\system32\_003402_.tmp.dll
c:\windows\system32\_003405_.tmp.dll
c:\windows\system32\_003407_.tmp.dll
c:\windows\system32\_003408_.tmp.dll
c:\windows\system32\_003409_.tmp.dll
c:\windows\system32\_003410_.tmp.dll
c:\windows\system32\_003411_.tmp.dll
c:\windows\system32\_003413_.tmp.dll
c:\windows\system32\_003415_.tmp.dll
c:\windows\system32\_003416_.tmp.dll
c:\windows\system32\_003417_.tmp.dll
c:\windows\system32\_003421_.tmp.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-17 au 2009-02-17 ))))))))))))))))))))))))))))))))))))
.

2009-02-16 15:57 . 2009-02-16 15:57 <REP> d-------- C:\rsit
2009-02-16 15:57 . 2009-02-16 16:14 <REP> d-------- c:\program files\trend micro
2009-02-16 14:33 . 2008-10-31 07:09 270,888 -ra------ c:\windows\system32\drivers\SbFw.sys
2009-02-16 14:33 . 2008-06-21 04:54 65,576 --a------ c:\windows\system32\drivers\SBFWIM.sys
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\documents and settings\Fabrice\Application Data\Malwarebytes
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 16:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 16:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 15:36 . 2009-02-09 15:42 <REP> d-------- c:\program files\Trillian
2009-02-05 19:24 . 2009-02-05 19:47 393 --a------ c:\windows\BPama.INI
2009-02-05 19:22 . 2009-02-05 19:22 <REP> d-------- c:\program files\FG Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 17:16 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-16 13:31 108,721 -c--a-w c:\windows\system32\drivers\fwdrv.err
2009-02-12 11:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-12 11:10 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-10 14:04 --------- d-----w c:\program files\AV WebCam Morpher GOLD
2009-02-06 13:01 --------- d-----w c:\documents and settings\Fabrice\Application Data\AdobeUM
2009-02-06 12:50 --------- d-----w c:\program files\Enigma Software Group
2009-01-28 12:16 --------- d-----w c:\documents and settings\Fabrice\Application Data\LimeWire
2009-01-28 11:40 --------- d-----w c:\program files\Shareaza
2009-01-26 10:15 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-03 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2009-01-03 13:36 --------- d-----w c:\program files\IVT Corporation
2008-12-30 15:07 --------- d-----w c:\program files\Java
2008-12-21 10:39 --------- d-----w c:\program files\Yahoo!
2008-12-21 10:39 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-07-04 12:48 259,664 -c--a-w c:\documents and settings\Fabrice\Application Data\GDIPFONTCACHEV1.DAT
2008-04-14 12:16 1,837 -c--a-w c:\windows\inf\COMC5.tmp
2007-12-13 16:34 1,837 -c--a-w c:\windows\inf\COMC6.tmp
2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe
2000-04-19 21:00 6,995 -c--a-w c:\windows\inf\RAMDISK.SYS
2002-12-14 15:41 73,728 -csha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2008-05-31 17:09 80 --sh--r c:\windows\system32\C182FC9913.dll
.

------- Sigcheck -------

2006-03-02 13:00 14336 2979b03d5382a602623c0535b16ab9c0 c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 18:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-13 18:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe

2006-03-02 13:00 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-13 18:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-13 18:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll

2006-03-02 13:00 82944 eed74b969b2ca1acc558ff60fb420e28 c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-13 18:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-13 18:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll

2006-03-02 13:00 660480 4e958b97efc3d801f49283d1820f48b7 c:\windows\$NtServicePackUninstall$\wininet.dll
2008-04-13 18:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ie7\wininet.dll
2008-04-13 18:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ServicePackFiles\i386\wininet.dll
2008-06-23 17:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c c:\windows\SoftwareDistribution\Download\93d2fb5e96afcaf76e5b7606e1b329f8\SP2GDR\wininet.dll
2008-06-23 16:40 827904 52589bae67dd9859724287372668690b c:\windows\SoftwareDistribution\Download\93d2fb5e96afcaf76e5b7606e1b329f8\SP2QFE\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\dllcache\wininet.dll

2006-03-02 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\system32\drivers\tcpip.sys

2006-03-02 13:00 506368 123eea158f74d0f67a51dcdf065d1091 c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe

2006-03-02 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2006-03-02 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

2006-03-02 13:00 2017280 35567c8c50986c2bc5c3efd79cb045e4 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-13 18:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 18:07 2025984 92e82482cdb39929cf7b541a9648afae c:\windows\system32\ntkrnlpa.exe

2006-03-02 13:00 2150400 36f32a5a83df734e022734d93860a9a4 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-13 18:08 2191104 099d639da1ef6968d4e41795bb507e6b c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 18:07 2147328 b10c36956eb7a8b1586dbe3b43875280 c:\windows\system32\ntoskrnl.exe

2008-04-13 18:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe
2006-03-02 13:00 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-13 18:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe

2006-03-02 13:00 108544 63dcde1a0d86eeb8924d6738ff616ead c:\windows\$NtServicePackUninstall$\services.exe
2008-04-13 18:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\ServicePackFiles\i386\services.exe
2008-04-13 18:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe

2006-03-02 13:00 13312 259af82a0932eea4f316f92db94707b6 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-13 18:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-13 18:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe

2006-03-02 13:00 15360 64e41e8fee655b03e3f19ded21ba5118 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 18:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 18:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe

2006-03-02 13:00 57856 df9fc62ad51cb082b0ae371919a232cb c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 18:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 18:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe

2008-04-13 18:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\dllcache\wuauclt.exe

2006-03-02 13:00 25088 84717891f0734c611721f56c60b5fbc3 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 18:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\system32\userinit.exe

2006-03-02 13:00 297984 78f90c3e230ad122bcb116abad5fefe9 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-13 18:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-13 18:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll

2006-03-02 13:00 1048576 c88f74591579dbde273c61312b2d3886 c:\windows\$NtServicePackUninstall$\kernel32.dll
2008-04-13 18:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-13 18:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\kernel32.dll

2006-03-02 13:00 17408 29d5e58fb089c41898a81bd4c8970f22 c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-13 18:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-13 18:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\powrprof.dll

2006-03-02 13:00 110080 e55dafa1a354bd5cb69151563dc9748a c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-13 18:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-13 18:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TransTask"="c:\program files\Tweak-XP Pro\transtask.exe" [2003-01-07 24576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 495616]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-04-30 430080]
"LVComs"="c:\windows\System32\LVComS.exe" [2000-12-06 86016]
"AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2004-12-03 475136]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-14 196608]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-02 185896]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"TPSMain"="TPSMain.exe" [2004-05-04 c:\windows\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\sstqolm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"MSVideo"= lvfwwdmt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SmoothView"=c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-10-01 5632]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-16 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-16 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-16 20560]
R2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\drivers\avwebcam.sys [2008-10-22 215552]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 WebCamHelper;WebCamHelper;c:\progra~1\AVWEBC~1\WebCamHelper.sys [2008-10-22 2688]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-07-05 16194]
R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2006-07-05 395840]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SBFWIM.sys [2009-02-16 65576]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2007-07-03 59392]
S3 PID_0890_I;Logitech QuickCam Traveler (Still Camera)(PID_0890_I);c:\windows\system32\drivers\BULKUSB.sys [2004-10-22 10547]
S3 PID_0890_V;Logitech QuickCam Traveler(PID_0890_V);c:\windows\system32\drivers\CA500AV.SYS [2004-10-22 191052]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2008-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-kbdhbk - kbdhbk.dll
Notify-WgaLogon - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyServer = 192.168.1.254:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel
IE: Ouvrir avec GetRight
IE: Save Flash with Flash Catcher
IE: Télecharger avec GetRight
IE: {{90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
TCP: {96E942F3-CEB6-4232-9E62-B98AF335700F} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Fabrice\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 09:28:26
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="85174679A3847FC95943C0337ECA67AA7294F9FA6595522BC53D2D1E6B4556D459C5698519E7D75514AA29E07E802D0B15CF08125B9A5CE81CBF7BF7C9B8D8970AB9A601080C617C6498B290C578E07CF6FA42320AF267A2F64CED1D22A73103440D530D28ED3E7EAFF9B2629398F3CAD5791F98D90B57D08B5BBA88A49FD3DAD86C06839262120CFDD242AB87995BB21642D737959E126038F95C696504B858BD981DECC31286CC00373FF42B8892E83D5F6CB46CC00330FBC813A15D0DD9298AE7370B1D76C7D806D349F967C51514F6F19CE872D597157A7AE2C868C337ECFCC2B8D0656285BF8665C62C890567FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A2D97226D213B5555D575E7D6A3B980809B2E38F21E3D1D26B9C7462BFC8D2FB3ADD79F8800F9D8BE479779B0CBBBE93776B1BE81A6A033DD7F0D97119683FE6D263E567A44FE65EF9A4685FC53D79A8CA96999A0795B4D3B02998675F52A1634FF026135E656BC220D59A61B8B187CBDC49BE201604AE5F3C136645382EA78C022E661B72A3DB4157AC4E02E7AFBE1979BB80BAA4B50EAD34A10EC98285D27E31E465E059BB3D6A93EED76309B4CAB062C9E8EDC791418D4668EBF94D4777DC1983F58BC1446ACE3D82A0ED86A0A936CC76950246DF8CD5162474205DC53ECAE89E80048DBA12072F74A24BFE38AED06065B5829BCD085CB7AFACC9AB38237441EB0179D07D342D3BF26FEBC52280AC3DDE90C1F7ED9E01B58F30C6E43778073CC6055E56CFA65F2454AB82E16D1AF870517ED1BD3410228F672B2D6843E132E2AC2FE71B5994C0A18F10068B894969024DEB8A85FB71A4358362D4CC3C582DB542B99051A5FA7761BE67B2334AB2B5E907DC0A9A80A9F10E50AADC586B29B2264E6D165CA32BAE02A492067AE84B1A95D7E32E7CE4F4F6F3DFED2488F7F37D1C3C2B7B59A6CC9597240644B7025ED565BCAB1EDDAC61233467AB520F73AF527219E48592E6D65DAA444AF3F6948B2CAE57713E28C3D46C11C2754FCECEA2F47898A2408B0099BC37B17A607585C365B96A06BDF4F5864AC06E71C76060EAAEF012FEF778EFB4EF2D3CC819A61E504C45604F8B94F4023A6D8CD9AC91E279CE9280AA40439A20B4F057F7F0AE89C9B180C545DB0A5627BC35E37DB5617491268902E66F0A4824CDD99BE0FEEAD820E791CCF5270E132956AA5CBE588597CE0AF3598C1E1E23DE813444EF9F698195C712C7832A0B88118ED185935565B21B55646F862C843C419ABFB224EFEA5AC02D8D322263227839F3A690062B9E10B8E3634C543AF785936831E814D3679F0E7685A79B972588D2171754349F81DD3C986AA1882F6456ECBD300FE5F309733A07EF"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1412)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1732)
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-02-17 9:33:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-17 08:33:08

Avant-CF: 4 294 250 496 octets libres
Après-CF: 4,230,987,776 octets libres

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
293 --- E O F --- 2009-02-09 15:29:07

MalawareBytes est en cours des can depuis 30 min, pour le moment pas de problèmes constatés.

Kerio ne me met plus rien concernant 007guard, par contre ma vitesse de connexion est divisé par 2 depuis le redémarrage windows par combofix.

je te poste le rapport malaware dès que le scan est terminé

voici le rapport MalawareBytes, tout me semble correcte,

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1768
Windows 5.1.2600 Service Pack 3

17/02/2009 10:40:40
mbam-log-2009-02-17 (10-40-40).txt

Type de recherche: Examen complet (C:\|E:\|F:\|G:\|)
Eléments examinés: 163671
Temps écoulé: 48 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)




mais ma connexion est toujours de 230/240 ko/sec alors qu'avant je téléchager aux environs de 520/540 ko/sec

voici le rapport OTMoveI3

========== PROCESSES ==========
Process explorer.exe killed successfully.
Error: Unable to interpret <:file> in the current context!
Error: Unable to interpret <c:\windows\system32\drivers\SbFw.sys> in the current context!
Error: Unable to interpret <c:\windows\system32\drivers\SBFWIM.sys> in the current context!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Fabrice\LOCALS~1\Temp\etilqs_12byrJuUdsvgeAt8nfgo scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Fabrice\LOCALS~1\Temp\etilqs_RE9doKk7kBOH4z0Q4nAM scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Fabrice\LOCALS~1\Temp\etilqs_RE9doKk7kBOH4z0Q4nAM-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Fabrice\LOCALS~1\Temp\~DF10C1.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_284.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02172009_104654

Files moved on Reboot...
File C:\DOCUME~1\Fabrice\LOCALS~1\Temp\etilqs_12byrJuUdsvgeAt8nfgo not found!
File C:\DOCUME~1\Fabrice\LOCALS~1\Temp\etilqs_RE9doKk7kBOH4z0Q4nAM not found!
File C:\DOCUME~1\Fabrice\LOCALS~1\Temp\etilqs_RE9doKk7kBOH4z0Q4nAM-journal not found!
C:\DOCUME~1\Fabrice\LOCALS~1\Temp\~DF10C1.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_284.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_4b0.dat not found!
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\XUL.mfl moved successfully.


maias ma vitesse de connexion est toujours autour de 240 KO au lieu de 520 KO

:Files au lieu de :File

Al.

voici le rapport combo fix,


ComboFix 09-02-15.01 - Fabrice 2009-02-17 11:04:55.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.895.498 [GMT 1:00]
Lancé depuis: c:\documents and settings\Fabrice\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Fabrice\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090216-1] *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\drivers\SbFw.sys
c:\windows\system32\drivers\SBFWIM.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SbFw.sys
c:\windows\system32\drivers\SBFWIM.sys

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-17 au 2009-02-17 ))))))))))))))))))))))))))))))))))))
.

2009-02-17 10:46 . 2009-02-17 10:46 <REP> d-------- C:\_OTMoveIt
2009-02-16 15:57 . 2009-02-16 15:57 <REP> d-------- C:\rsit
2009-02-16 15:57 . 2009-02-16 16:14 <REP> d-------- c:\program files\trend micro
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\documents and settings\Fabrice\Application Data\Malwarebytes
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 16:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 16:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 15:36 . 2009-02-09 15:42 <REP> d-------- c:\program files\Trillian
2009-02-05 19:24 . 2009-02-05 19:47 393 --a------ c:\windows\BPama.INI
2009-02-05 19:22 . 2009-02-05 19:22 <REP> d-------- c:\program files\FG Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 09:36 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-17 08:45 --------- d-----w c:\documents and settings\Fabrice\Application Data\AdobeUM
2009-02-16 13:31 108,721 -c--a-w c:\windows\system32\drivers\fwdrv.err
2009-02-12 11:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-12 11:10 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-10 14:04 --------- d-----w c:\program files\AV WebCam Morpher GOLD
2009-02-06 12:50 --------- d-----w c:\program files\Enigma Software Group
2009-01-28 12:16 --------- d-----w c:\documents and settings\Fabrice\Application Data\LimeWire
2009-01-28 11:40 --------- d-----w c:\program files\Shareaza
2009-01-26 10:15 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-03 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2009-01-03 13:36 --------- d-----w c:\program files\IVT Corporation
2008-12-30 15:07 --------- d-----w c:\program files\Java
2008-12-21 10:39 --------- d-----w c:\program files\Yahoo!
2008-12-21 10:39 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-07-04 12:48 259,664 -c--a-w c:\documents and settings\Fabrice\Application Data\GDIPFONTCACHEV1.DAT
2008-04-14 12:16 1,837 -c--a-w c:\windows\inf\COMC5.tmp
2007-12-13 16:34 1,837 -c--a-w c:\windows\inf\COMC6.tmp
2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe
2000-04-19 21:00 6,995 -c--a-w c:\windows\inf\RAMDISK.SYS
2002-12-14 15:41 73,728 -csha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2008-05-31 17:09 80 --sh--r c:\windows\system32\C182FC9913.dll
.

------- Sigcheck -------

2006-03-02 13:00 14336 2979b03d5382a602623c0535b16ab9c0 c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 18:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-13 18:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe

2006-03-02 13:00 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-13 18:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-13 18:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll

2006-03-02 13:00 82944 eed74b969b2ca1acc558ff60fb420e28 c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-13 18:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-13 18:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll

2006-03-02 13:00 660480 4e958b97efc3d801f49283d1820f48b7 c:\windows\$NtServicePackUninstall$\wininet.dll
2008-04-13 18:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ie7\wininet.dll
2008-04-13 18:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ServicePackFiles\i386\wininet.dll
2008-06-23 17:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c c:\windows\SoftwareDistribution\Download\93d2fb5e96afcaf76e5b7606e1b329f8\SP2GDR\wininet.dll
2008-06-23 16:40 827904 52589bae67dd9859724287372668690b c:\windows\SoftwareDistribution\Download\93d2fb5e96afcaf76e5b7606e1b329f8\SP2QFE\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\dllcache\wininet.dll

2006-03-02 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\system32\drivers\tcpip.sys

2006-03-02 13:00 506368 123eea158f74d0f67a51dcdf065d1091 c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe

2006-03-02 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2006-03-02 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

2006-03-02 13:00 2017280 35567c8c50986c2bc5c3efd79cb045e4 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-13 18:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 18:07 2025984 92e82482cdb39929cf7b541a9648afae c:\windows\system32\ntkrnlpa.exe

2006-03-02 13:00 2150400 36f32a5a83df734e022734d93860a9a4 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-13 18:08 2191104 099d639da1ef6968d4e41795bb507e6b c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 18:07 2147328 b10c36956eb7a8b1586dbe3b43875280 c:\windows\system32\ntoskrnl.exe

2008-04-13 18:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe
2006-03-02 13:00 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-13 18:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe

2006-03-02 13:00 108544 63dcde1a0d86eeb8924d6738ff616ead c:\windows\$NtServicePackUninstall$\services.exe
2008-04-13 18:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\ServicePackFiles\i386\services.exe
2008-04-13 18:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe

2006-03-02 13:00 13312 259af82a0932eea4f316f92db94707b6 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-13 18:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-13 18:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe

2006-03-02 13:00 15360 64e41e8fee655b03e3f19ded21ba5118 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 18:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 18:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe

2006-03-02 13:00 57856 df9fc62ad51cb082b0ae371919a232cb c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 18:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 18:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe

2008-04-13 18:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\dllcache\wuauclt.exe

2006-03-02 13:00 25088 84717891f0734c611721f56c60b5fbc3 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 18:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\system32\userinit.exe

2006-03-02 13:00 297984 78f90c3e230ad122bcb116abad5fefe9 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-13 18:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-13 18:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll

2006-03-02 13:00 1048576 c88f74591579dbde273c61312b2d3886 c:\windows\$NtServicePackUninstall$\kernel32.dll
2008-04-13 18:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-13 18:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\kernel32.dll

2006-03-02 13:00 17408 29d5e58fb089c41898a81bd4c8970f22 c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-13 18:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-13 18:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\powrprof.dll

2006-03-02 13:00 110080 e55dafa1a354bd5cb69151563dc9748a c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-13 18:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-13 18:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-17_ 9.30.47.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-17 09:50:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_118.dat
+ 2009-02-17 09:51:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2bc.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TransTask"="c:\program files\Tweak-XP Pro\transtask.exe" [2003-01-07 24576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 495616]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-04-30 430080]
"LVComs"="c:\windows\System32\LVComS.exe" [2000-12-06 86016]
"AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2004-12-03 475136]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-14 196608]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-02 185896]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"TPSMain"="TPSMain.exe" [2004-05-04 c:\windows\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdhbk]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\sstqolm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"MSVideo"= lvfwwdmt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SmoothView"=c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-10-01 5632]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-16 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys --> c:\windows\system32\drivers\SbFw.sys [?]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-16 20560]
R2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\drivers\avwebcam.sys [2008-10-22 215552]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 WebCamHelper;WebCamHelper;c:\progra~1\AVWEBC~1\WebCamHelper.sys [2008-10-22 2688]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-07-05 16194]
R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2006-07-05 395840]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys --> c:\windows\system32\DRIVERS\sbfwim.sys [?]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2007-07-03 59392]
S3 PID_0890_I;Logitech QuickCam Traveler (Still Camera)(PID_0890_I);c:\windows\system32\drivers\BULKUSB.sys [2004-10-22 10547]
S3 PID_0890_V;Logitech QuickCam Traveler(PID_0890_V);c:\windows\system32\drivers\CA500AV.SYS [2004-10-22 191052]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2008-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyServer = 192.168.1.254:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel
IE: Ouvrir avec GetRight
IE: Save Flash with Flash Catcher
IE: Télecharger avec GetRight
IE: {{90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
TCP: {96E942F3-CEB6-4232-9E62-B98AF335700F} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Fabrice\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 11:10:30
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="85174679A3847FC95943C0337ECA67AA7294F9FA6595522BC53D2D1E6B4556D459C5698519E7D75514AA29E07E802D0B15CF08125B9A5CE81CBF7BF7C9B8D8970AB9A601080C617C6498B290C578E07CF6FA42320AF267A2F64CED1D22A73103440D530D28ED3E7EAFF9B2629398F3CAD5791F98D90B57D08B5BBA88A49FD3DAD86C06839262120CFDD242AB87995BB21642D737959E126038F95C696504B858BD981DECC31286CC00373FF42B8892E83D5F6CB46CC00330FBC813A15D0DD9298AE7370B1D76C7D806D349F967C51514F6F19CE872D597157A7AE2C868C337ECFCC2B8D0656285BF8665C62C890567FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A2D97226D213B5555D575E7D6A3B980809B2E38F21E3D1D26B9C7462BFC8D2FB3ADD79F8800F9D8BE479779B0CBBBE93776B1BE81A6A033DD7F0D97119683FE6D263E567A44FE65EF9A4685FC53D79A8CA96999A0795B4D3B02998675F52A1634FF026135E656BC220D59A61B8B187CBDC49BE201604AE5F3C136645382EA78C022E661B72A3DB4157AC4E02E7AFBE1979BB80BAA4B50EAD34A10EC98285D27E31E465E059BB3D6A93EED76309B4CAB062C9E8EDC791418D4668EBF94D4777DC1983F58BC1446ACE3D82A0ED86A0A936CC76950246DF8CD5162474205DC53ECAE89E80048DBA12072F74A24BFE38AED06065B5829BCD085CB7AFACC9AB38237441EB0179D07D342D3BF26FEBC52280AC3DDE90C1F7ED9E01B58F30C6E43778073CC6055E56CFA65F2454AB82E16D1AF870517ED1BD3410228F672B2D6843E132E2AC2FE71B5994C0A18F10068B894969024DEB8A85FB71A4358362D4CC3C582DB542B99051A5FA7761BE67B2334AB2B5E907DC0A9A80A9F10E50AADC586B29B2264E6D165CA32BAE02A492067AE84B1A95D7E32E7CE4F4F6F3DFED2488F7F37D1C3C2B7B59A6CC9597240644B7025ED565BCAB1EDDAC61233467AB520F73AF527219E48592E6D65DAA444AF3F6948B2CAE57713E28C3D46C11C2754FCECEA2F47898A2408B0099BC37B17A607585C365B96A06BDF4F5864AC06E71C76060EAAEF012FEF778EFB4EF2D3CC819A61E504C45604F8B94F4023A6D8CD9AC91E279CE9280AA40439A20B4F057F7F0AE89C9B180C545DB0A5627BC35E37DB5617491268902E66F0A4824CDD99BE0FEEAD820E791CCF5270E132956AA5CBE588597CE0AF3598C1E1E23DE813444EF9F698195C712C7832A0B88118ED185935565B21B55646F862C843C419ABFB224EFEA5AC02D8D322263227839F3A690062B9E10B8E3634C543AF785936831E814D3679F0E7685A79B972588D2171754349F81DD3C986AA1882F6456ECBD300FE5F309733A07EF"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-02-17 11:14:29
ComboFix-quarantined-files.txt 2009-02-17 10:14:23
ComboFix2.txt 2009-02-17 08:33:21

Avant-CF: 4 431 732 736 octets libres
Après-CF: 4,416,626,688 octets libres

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
252 --- E O F --- 2009-02-09 15:29:07




mais je n'ai pas eu a taper 1 ou 2 dans la fenêtre de scan, il a refait un scan complet seul avec le glisser déplacer


vitesse toujours autour de 240 ko ???

je sui de retour,
j'ai une un bug Internet après la dernière opération de OTMovit3, plus de carte Wirelsse plus de connexion Internet

j'ai du réinstaller carte wireless pour avoir internet et cela ne marchait toujours pas, j'ai donc fait une restauration système après la sauvegarde ce combrofix de 11h00


je suis donc revenu au sytème de 11h00

j'ai perdu ma connexion après avoir fait cela :

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:file
c:\windows\inf\COMC5.tmp
c:\windows\inf\COMC6.tmp

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

erreur tout a l'heure,

c'est en faisnant cela :

Ouvre le bloc notes. Copie colle ceci dedans :sans les **************

*********************************************
File::
c:\windows\system32\drivers\SbFw.sys
c:\windows\system32\drivers\SBFWIM.sys



Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\sstqolm.dll "=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"MSVideo"= lvfwwdmt.dll"=""



******************************************

* Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe


* Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
que je perd mas carte wireless,



cela à recommencer avec le redémarrage du PC

:Files au lieu de :File

Al.

voici le rapport après avoir refait la manip

ComboFix 09-02-15.01 - Fabrice 2009-02-17 13:06:31.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.895.490 [GMT 1:00]
Lancé depuis: c:\documents and settings\Fabrice\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Fabrice\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090216-1] *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\drivers\SbFw.sys
c:\windows\system32\drivers\SBFWIM.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SbFw.sys
c:\windows\system32\drivers\SBFWIM.sys

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-17 au 2009-02-17 ))))))))))))))))))))))))))))))))))))
.

2009-02-17 11:32 . 2009-02-17 12:42 <REP> d--hs---- C:\RECYCLER(2)
2009-02-17 10:46 . 2009-02-17 10:46 <REP> d-------- C:\_OTMoveIt
2009-02-16 15:57 . 2009-02-16 15:57 <REP> d-------- C:\rsit
2009-02-16 15:57 . 2009-02-16 16:14 <REP> d-------- c:\program files\trend micro
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\documents and settings\Fabrice\Application Data\Malwarebytes
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 16:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 16:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 15:36 . 2009-02-09 15:42 <REP> d-------- c:\program files\Trillian
2009-02-05 19:24 . 2009-02-05 19:47 393 --a------ c:\windows\BPama.INI
2009-02-05 19:22 . 2009-02-05 19:22 <REP> d-------- c:\program files\FG Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 11:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 09:36 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-17 08:45 --------- d-----w c:\documents and settings\Fabrice\Application Data\AdobeUM
2009-02-16 13:31 108,721 -c--a-w c:\windows\system32\drivers\fwdrv.err
2009-02-12 11:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-12 11:10 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-10 14:04 --------- d-----w c:\program files\AV WebCam Morpher GOLD
2009-02-06 12:50 --------- d-----w c:\program files\Enigma Software Group
2009-01-28 12:16 --------- d-----w c:\documents and settings\Fabrice\Application Data\LimeWire
2009-01-28 11:40 --------- d-----w c:\program files\Shareaza
2009-01-26 10:15 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-03 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2009-01-03 13:36 --------- d-----w c:\program files\IVT Corporation
2008-12-30 15:07 --------- d-----w c:\program files\Java
2008-12-21 10:39 --------- d-----w c:\program files\Yahoo!
2008-12-21 10:39 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-07-04 12:48 259,664 -c--a-w c:\documents and settings\Fabrice\Application Data\GDIPFONTCACHEV1.DAT
2008-04-14 12:16 1,837 -c--a-w c:\windows\inf\COMC5.tmp
2007-12-13 16:34 1,837 -c--a-w c:\windows\inf\COMC6.tmp
2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe
2000-04-19 21:00 6,995 -c--a-w c:\windows\inf\RAMDISK.SYS
2002-12-14 15:41 73,728 -csha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2008-05-31 17:09 80 --sh--r c:\windows\system32\C182FC9913.dll
.

------- Sigcheck -------

2006-03-02 13:00 14336 2979b03d5382a602623c0535b16ab9c0 c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 18:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-13 18:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe

2006-03-02 13:00 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-13 18:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-13 18:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll

2006-03-02 13:00 82944 eed74b969b2ca1acc558ff60fb420e28 c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-13 18:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-13 18:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll

2006-03-02 13:00 660480 4e958b97efc3d801f49283d1820f48b7 c:\windows\$NtServicePackUninstall$\wininet.dll
2008-04-13 18:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ie7\wininet.dll
2008-04-13 18:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ServicePackFiles\i386\wininet.dll
2008-06-23 17:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c c:\windows\SoftwareDistribution\Download\93d2fb5e96afcaf76e5b7606e1b329f8\SP2GDR\wininet.dll
2008-06-23 16:40 827904 52589bae67dd9859724287372668690b c:\windows\SoftwareDistribution\Download\93d2fb5e96afcaf76e5b7606e1b329f8\SP2QFE\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\dllcache\wininet.dll

2006-03-02 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\system32\drivers\tcpip.sys

2006-03-02 13:00 506368 123eea158f74d0f67a51dcdf065d1091 c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe

2006-03-02 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2006-03-02 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

2006-03-02 13:00 2017280 35567c8c50986c2bc5c3efd79cb045e4 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-13 18:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 18:07 2025984 92e82482cdb39929cf7b541a9648afae c:\windows\system32\ntkrnlpa.exe

2006-03-02 13:00 2150400 36f32a5a83df734e022734d93860a9a4 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-13 18:08 2191104 099d639da1ef6968d4e41795bb507e6b c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 18:07 2147328 b10c36956eb7a8b1586dbe3b43875280 c:\windows\system32\ntoskrnl.exe

2008-04-13 18:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe
2006-03-02 13:00 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-13 18:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe

2006-03-02 13:00 108544 63dcde1a0d86eeb8924d6738ff616ead c:\windows\$NtServicePackUninstall$\services.exe
2008-04-13 18:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\ServicePackFiles\i386\services.exe
2008-04-13 18:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe

2006-03-02 13:00 13312 259af82a0932eea4f316f92db94707b6 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-13 18:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-13 18:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe

2006-03-02 13:00 15360 64e41e8fee655b03e3f19ded21ba5118 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 18:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 18:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe

2006-03-02 13:00 57856 df9fc62ad51cb082b0ae371919a232cb c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 18:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 18:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe

2008-04-13 18:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\dllcache\wuauclt.exe

2006-03-02 13:00 25088 84717891f0734c611721f56c60b5fbc3 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 18:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\system32\userinit.exe

2006-03-02 13:00 297984 78f90c3e230ad122bcb116abad5fefe9 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-13 18:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-13 18:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll

2006-03-02 13:00 1048576 c88f74591579dbde273c61312b2d3886 c:\windows\$NtServicePackUninstall$\kernel32.dll
2008-04-13 18:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-13 18:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\kernel32.dll

2006-03-02 13:00 17408 29d5e58fb089c41898a81bd4c8970f22 c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-13 18:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-13 18:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\powrprof.dll

2006-03-02 13:00 110080 e55dafa1a354bd5cb69151563dc9748a c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-13 18:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-13 18:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-17_ 9.30.47.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-15 11:20:39 2,030,640 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-17 11:44:39 2,030,640 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-11-18 11:56:05 3,105,400 -c--a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-02-17 11:43:07 283,304 -c--a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-02-17 11:44:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2b8.dat
+ 2009-02-17 11:45:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TransTask"="c:\program files\Tweak-XP Pro\transtask.exe" [2003-01-07 24576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 495616]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-04-30 430080]
"LVComs"="c:\windows\System32\LVComS.exe" [2000-12-06 86016]
"AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2004-12-03 475136]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-14 196608]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-02 185896]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"TPSMain"="TPSMain.exe" [2004-05-04 c:\windows\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdhbk]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\sstqolm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"MSVideo"= lvfwwdmt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SmoothView"=c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-10-01 5632]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-16 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys --> c:\windows\system32\drivers\SbFw.sys [?]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-16 20560]
R2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\drivers\avwebcam.sys [2008-10-22 215552]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 WebCamHelper;WebCamHelper;c:\progra~1\AVWEBC~1\WebCamHelper.sys [2008-10-22 2688]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-07-05 16194]
R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2006-07-05 395840]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys --> c:\windows\system32\DRIVERS\sbfwim.sys [?]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2007-07-03 59392]
S3 PID_0890_I;Logitech QuickCam Traveler (Still Camera)(PID_0890_I);c:\windows\system32\drivers\BULKUSB.sys [2004-10-22 10547]
S3 PID_0890_V;Logitech QuickCam Traveler(PID_0890_V);c:\windows\system32\drivers\CA500AV.SYS [2004-10-22 191052]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2008-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyServer = 192.168.1.254:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel
IE: Ouvrir avec GetRight
IE: Save Flash with Flash Catcher
IE: Télecharger avec GetRight
IE: {{90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
TCP: {96E942F3-CEB6-4232-9E62-B98AF335700F} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Fabrice\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: network.proxy.http - 193.252.19.3
FF - prefs.js: network.proxy.type - 4
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 13:12:34
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="85174679A3847FC95943C0337ECA67AA7294F9FA6595522BC53D2D1E6B4556D459C5698519E7D75514AA29E07E802D0B15CF08125B9A5CE81CBF7BF7C9B8D8970AB9A601080C617C6498B290C578E07CF6FA42320AF267A2F64CED1D22A73103440D530D28ED3E7EAFF9B2629398F3CAD5791F98D90B57D08B5BBA88A49FD3DAD86C06839262120CFDD242AB87995BB21642D737959E126038F95C696504B858BD981DECC31286CC00373FF42B8892E83D5F6CB46CC00330FBC813A15D0DD9298AE7370B1D76C7D806D349F967C51514F6F19CE872D597157A7AE2C868C337ECFCC2B8D0656285BF8665C62C890567FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A2D97226D213B5555D575E7D6A3B980809B2E38F21E3D1D26B9C7462BFC8D2FB3ADD79F8800F9D8BE479779B0CBBBE93776B1BE81A6A033DD7F0D97119683FE6D263E567A44FE65EF9A4685FC53D79A8CA96999A0795B4D3B02998675F52A1634FF026135E656BC220D59A61B8B187CBDC49BE201604AE5F3C136645382EA78C022E661B72A3DB4157AC4E02E7AFBE1979BB80BAA4B50EAD34A10EC98285D27E31E465E059BB3D6A93EED76309B4CAB062C9E8EDC791418D4668EBF94D4777DC1983F58BC1446ACE3D82A0ED86A0A936CC76950246DF8CD5162474205DC53ECAE89E80048DBA12072F74A24BFE38AED06065B5829BCD085CB7AFACC9AB38237441EB0179D07D342D3BF26FEBC52280AC3DDE90C1F7ED9E01B58F30C6E43778073CC6055E56CFA65F2454AB82E16D1AF870517ED1BD3410228F672B2D6843E132E2AC2FE71B5994C0A18F10068B894969024DEB8A85FB71A4358362D4CC3C582DB542B99051A5FA7761BE67B2334AB2B5E907DC0A9A80A9F10E50AADC586B29B2264E6D165CA32BAE02A492067AE84B1A95D7E32E7CE4F4F6F3DFED2488F7F37D1C3C2B7B59A6CC9597240644B7025ED565BCAB1EDDAC61233467AB520F73AF527219E48592E6D65DAA444AF3F6948B2CAE57713E28C3D46C11C2754FCECEA2F47898A2408B0099BC37B17A607585C365B96A06BDF4F5864AC06E71C76060EAAEF012FEF778EFB4EF2D3CC819A61E504C45604F8B94F4023A6D8CD9AC91E279CE9280AA40439A20B4F057F7F0AE89C9B180C545DB0A5627BC35E37DB5617491268902E66F0A4824CDD99BE0FEEAD820E791CCF5270E132956AA5CBE588597CE0AF3598C1E1E23DE813444EF9F698195C712C7832A0B88118ED185935565B21B55646F862C843C419ABFB224EFEA5AC02D8D322263227839F3A690062B9E10B8E3634C543AF785936831E814D3679F0E7685A79B972588D2171754349F81DD3C986AA1882F6456ECBD300FE5F309733A07EF"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(2012)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-02-17 13:16:33
ComboFix-quarantined-files.txt 2009-02-17 12:16:27
ComboFix2.txt 2009-02-17 10:14:33
ComboFix3.txt 2009-02-17 08:33:21

Avant-CF: 4,219,031,552 octets libres
Après-CF: 4,184,064,000 octets libres

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
261 --- E O F --- 2009-02-09 15:29:07

je pense que je vais arrêter là ou je suis,

j'ai installé TCP Optimizer, et et j'ai maintenant récupérer toute ma vitesse de connexion, j'ai juste mis MTU à 1492 au lieu de 1500


Et je n'ai plus de sortie trouvées par le firewall, à par les localhost qui sont normales en ntant que sorties.


Merci de m'avoir aidé à résoudre mon pb

peut-être à bientôt


Nerio

voici le rapport OTMoveIT3 :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\windows\inf\COMC5.tmp not found.
File/Folder c:\windows\inf\COMC6.tmp not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Fabrice\LOCALS~1\Temp\etilqs_jvvq0EwQDiY8cFZbEkvD scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Fabrice\LOCALS~1\Temp\~DF82CE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2a4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6bc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02192009_104538

Files moved on Reboot...
File C:\DOCUME~1\Fabrice\LOCALS~1\Temp\etilqs_jvvq0EwQDiY8cFZbEkvD not found!
C:\DOCUME~1\Fabrice\LOCALS~1\Temp\~DF82CE.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_2a4.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_6bc.dat moved successfully.
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\XUL.mfl moved successfully.


et voici le rapport smitfraudfix

SmitFraudFix v2.396

Rapport fait à 10:50:17,39, 19/02/2009
Executé à partir de C:\Documents and Settings\Fabrice\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\notepad.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tweak-XP Pro\transtask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.spywareinfo.com
127.0.0.1 spywareinfo.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fabrice


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Fabrice\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fabrice\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Fabrice\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\system32\\sstqolm.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.254

Description: NETGEAR 108 Mbps Wireless PC Card WG511T - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0E7441DF-9EAC-42BC-9023-0CE0A72CBB42}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{96E942F3-CEB6-4232-9E62-B98AF335700F}: NameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0E7441DF-9EAC-42BC-9023-0CE0A72CBB42}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{96E942F3-CEB6-4232-9E62-B98AF335700F}: NameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Merci

Ce qui suit s'adresse à kevin05 afin qu'il le gère.

Pourquoi supprimer ces drivers de KERIO ?

c:\windows\system32\drivers\SbFw.sys => Sunbelt Personal Firewall Driver
c:\windows\system32\drivers\SBFWIM.sys => Sunbelt Personal Firewall NDIS Intermediate Driver

VirusTotal pour:

c:\windows\system32\C182FC9913.dll


OT_Move!t pour:

c:\windows\system32\sstqolm.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdhbk]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-



Mise à jour
c:\program files\Adobe\Acrobat 6.0
C:\Program Files\Java\jre6

Supprimer AVAST et Spybot S&D

Télécharger et installer ANTIVIR ?


Bonne chance
Al.

voici le rapport Option 2 (Mode Sans Echec) de SmitfraudFix :


SmitFraudFix v2.396

Rapport fait à 12:14:29,15, 19/02/2009
Executé à partir de C:\Documents and Settings\Fabrice\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{96E942F3-CEB6-4232-9E62-B98AF335700F}: NameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{96E942F3-CEB6-4232-9E62-B98AF335700F}: NameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

re salut

heuu !!!, j'ai pas très bien suivi là

mon PC est désinfecté ou je dois faire autre chose ?

Re termine al j'savais pas pour les driver de kerio ... :-(

Mais c'est en faisant des erreurs que l'ont apprend non ? :)
++

Question1 = Avais-tu lancé RHosts de SiRi ? OUI
Question2 = As-tu téléchargé Winsock sur le bureau ? OUI

voici le rapport combo fix après le dernier script ::


ComboFix 09-02-18.01 - Fabrice 2009-02-19 13:48:00.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.895.432 [GMT 1:00]
Lancé depuis: c:\documents and settings\Fabrice\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Fabrice\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\sstqolm.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-19 au 2009-02-19 ))))))))))))))))))))))))))))))))))))
.

2009-02-19 13:52 . 2009-02-19 13:52 <REP> d-------- c:\windows\LastGood
2009-02-19 10:35 . 2009-02-19 10:35 <REP> d-------- C:\rsit
2009-02-19 10:35 . 2009-02-19 10:35 <REP> d-------- C:\_OTMoveIt
2009-02-19 10:30 . 2009-02-19 10:35 <REP> d--hs---- C:\RECYCLER(3)
2009-02-19 10:30 . 2009-02-19 10:35 <REP> d-------- C:\_OTMoveIt(2)
2009-02-17 11:32 . 2009-02-17 12:42 <REP> d--hs---- C:\RECYCLER(2)
2009-02-16 15:57 . 2009-02-16 16:14 <REP> d-------- c:\program files\trend micro
2009-02-16 14:33 . 2008-10-31 07:09 270,888 -ra------ c:\windows\system32\drivers\SbFw.sys
2009-02-16 14:33 . 2008-06-21 04:54 65,576 --a------ c:\windows\system32\drivers\SBFWIM.sys
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\documents and settings\Fabrice\Application Data\Malwarebytes
2009-02-12 16:07 . 2009-02-12 16:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 16:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 16:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 15:36 . 2009-02-09 15:42 <REP> d-------- c:\program files\Trillian
2009-02-05 19:24 . 2009-02-05 19:47 393 --a------ c:\windows\BPama.INI
2009-02-05 19:22 . 2009-02-05 19:22 <REP> d-------- c:\program files\FG Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 11:25 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-19 09:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-18 12:24 --------- d-----w c:\program files\GetRight
2009-02-17 11:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 08:45 --------- d-----w c:\documents and settings\Fabrice\Application Data\AdobeUM
2009-02-16 13:31 108,721 -c--a-w c:\windows\system32\drivers\fwdrv.err
2009-02-12 11:10 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-10 14:04 --------- d-----w c:\program files\AV WebCam Morpher GOLD
2009-02-06 12:50 --------- d-----w c:\program files\Enigma Software Group
2009-01-28 12:16 --------- d-----w c:\documents and settings\Fabrice\Application Data\LimeWire
2009-01-28 11:40 --------- d-----w c:\program files\Shareaza
2009-01-26 10:15 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-03 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2009-01-03 13:36 --------- d-----w c:\program files\IVT Corporation
2008-12-30 15:07 --------- d-----w c:\program files\Java
2008-12-21 10:39 --------- d-----w c:\program files\Yahoo!
2008-12-21 10:39 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-07-04 12:48 259,664 -c--a-w c:\documents and settings\Fabrice\Application Data\GDIPFONTCACHEV1.DAT
2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe
2000-04-19 21:00 6,995 -c--a-w c:\windows\inf\RAMDISK.SYS
2002-12-14 15:41 73,728 -csha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2008-05-31 17:09 80 --sh--r c:\windows\system32\C182FC9913.dll
.

------- Sigcheck -------

2006-03-02 13:00 14336 2979b03d5382a602623c0535b16ab9c0 c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-13 18:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-13 18:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe

2006-03-02 13:00 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-13 18:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-13 18:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll

2006-03-02 13:00 82944 eed74b969b2ca1acc558ff60fb420e28 c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-13 18:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-13 18:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll

2006-03-02 13:00 660480 4e958b97efc3d801f49283d1820f48b7 c:\windows\$NtServicePackUninstall$\wininet.dll
2008-04-13 18:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ie7\wininet.dll
2008-04-13 18:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ServicePackFiles\i386\wininet.dll
2008-06-23 17:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c c:\windows\SoftwareDistribution\Download\93d2fb5e96afcaf76e5b7606e1b329f8\SP2GDR\wininet.dll
2008-06-23 16:40 827904 52589bae67dd9859724287372668690b c:\windows\SoftwareDistribution\Download\93d2fb5e96afcaf76e5b7606e1b329f8\SP2QFE\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\dllcache\wininet.dll

2006-03-02 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\system32\drivers\tcpip.sys

2006-03-02 13:00 506368 123eea158f74d0f67a51dcdf065d1091 c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-13 18:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe

2006-03-02 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 11:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2006-03-02 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

2006-03-02 13:00 2017280 35567c8c50986c2bc5c3efd79cb045e4 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-13 18:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 18:07 2025984 92e82482cdb39929cf7b541a9648afae c:\windows\system32\ntkrnlpa.exe

2006-03-02 13:00 2150400 36f32a5a83df734e022734d93860a9a4 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-13 18:08 2191104 099d639da1ef6968d4e41795bb507e6b c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 18:07 2147328 b10c36956eb7a8b1586dbe3b43875280 c:\windows\system32\ntoskrnl.exe

2008-04-13 18:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe
2006-03-02 13:00 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-13 18:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe

2006-03-02 13:00 108544 63dcde1a0d86eeb8924d6738ff616ead c:\windows\$NtServicePackUninstall$\services.exe
2008-04-13 18:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\ServicePackFiles\i386\services.exe
2008-04-13 18:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe

2006-03-02 13:00 13312 259af82a0932eea4f316f92db94707b6 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-13 18:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-13 18:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe

2006-03-02 13:00 15360 64e41e8fee655b03e3f19ded21ba5118 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 18:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 18:34 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe

2006-03-02 13:00 57856 df9fc62ad51cb082b0ae371919a232cb c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 18:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 18:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe

2008-04-13 18:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\dllcache\wuauclt.exe

2006-03-02 13:00 25088 84717891f0734c611721f56c60b5fbc3 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 18:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\system32\userinit.exe

2006-03-02 13:00 297984 78f90c3e230ad122bcb116abad5fefe9 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-13 18:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-13 18:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll

2006-03-02 13:00 1048576 c88f74591579dbde273c61312b2d3886 c:\windows\$NtServicePackUninstall$\kernel32.dll
2008-04-13 18:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-13 18:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\kernel32.dll

2006-03-02 13:00 17408 29d5e58fb089c41898a81bd4c8970f22 c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-13 18:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-13 18:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\powrprof.dll

2006-03-02 13:00 110080 e55dafa1a354bd5cb69151563dc9748a c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-13 18:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-13 18:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TransTask"="c:\program files\Tweak-XP Pro\transtask.exe" [2003-01-07 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 495616]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-04-30 430080]
"LVComs"="c:\windows\System32\LVComS.exe" [2000-12-06 86016]
"AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2004-12-03 475136]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-14 196608]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-02 185896]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"TPSMain"="TPSMain.exe" [2004-05-04 c:\windows\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 c:\windows\agrsmmsg.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"MSVideo"= lvfwwdmt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SmoothView"=c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-10-01 5632]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-16 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-16 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-16 20560]
R2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\drivers\avwebcam.sys [2008-10-22 215552]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 WebCamHelper;WebCamHelper;c:\progra~1\AVWEBC~1\WebCamHelper.sys [2008-10-22 2688]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2006-07-05 16194]
R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2006-07-05 395840]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SBFWIM.sys [2009-02-16 65576]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2007-07-03 59392]
S3 PID_0890_I;Logitech QuickCam Traveler (Still Camera)(PID_0890_I);c:\windows\system32\drivers\BULKUSB.sys [2004-10-22 10547]
S3 PID_0890_V;Logitech QuickCam Traveler(PID_0890_V);c:\windows\system32\drivers\CA500AV.SYS [2004-10-22 191052]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2008-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-WgaLogon - (no file)


.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = 192.168.1.254:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel
IE: Ouvrir avec GetRight
IE: Save Flash with Flash Catcher
IE: Télecharger avec GetRight
IE: {{90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
TCP: {96E942F3-CEB6-4232-9E62-B98AF335700F} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Fabrice\Application Data\Mozilla\Firefox\Profiles\5esdyd6w.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: network.proxy.http - 193.252.19.3
FF - prefs.js: network.proxy.type - 4
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 13:53:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="85174679A3847FC95943C0337ECA67AA7294F9FA6595522BC53D2D1E6B4556D459C5698519E7D75514AA29E07E802D0B15CF08125B9A5CE81CBF7BF7C9B8D8970AB9A601080C617C6498B290C578E07CF6FA42320AF267A2F64CED1D22A73103440D530D28ED3E7EAFF9B2629398F3CAD5791F98D90B57D08B5BBA88A49FD3DAD86C06839262120CFDD242AB87995BB21642D737959E126038F95C696504B858BD981DECC31286CC00373FF42B8892E83D5F6CB46CC00330FBC813A15D0DD9298AE7370B1D76C7D806D349F967C51514F6F19CE872D597157A7AE2C868C337ECFCC2B8D0656285BF8665C62C890567FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A2D97226D213B5555D575E7D6A3B980809B2E38F21E3D1D26B9C7462BFC8D2FB3ADD79F8800F9D8BE479779B0CBBBE93776B1BE81A6A033DD7F0D97119683FE6D263E567A44FE65EF9A4685FC53D79A8CA96999A0795B4D3B02998675F52A1634FF026135E656BC220D59A61B8B187CBDC49BE201604AE5F3C136645382EA78C022E661B72A3DB4157AC4E02E7AFBE1979BB80BAA4B50EAD34A10EC98285D27E31E465E059BB3D6A93EED76309B4CAB062C9E8EDC791418D4668EBF94D4777DC1983F58BC1446ACE3D82A0ED86A0A936CC76950246DF8CD5162474205DC53ECAE89E80048DBA12072F74A24BFE38AED06065B5829BCD085CB7AFACC9AB38237441EB0179D07D342D3BF26FEBC52280AC3DDE90C1F7ED9E01B58F30C6E43778073CC6055E56CFA65F2454AB82E16D1AF870517ED1BD3410228F672B2D6843E132E2AC2FE71B5994C0A18F10068B894969024DEB8A85FB71A4358362D4CC3C582DB542B99051A5FA7761BE67B2334AB2B5E907DC0A9A80A9F10E50AADC586B29B2264E6D165CA32BAE02A492067AE84B1A95D7E32E7CE4F4F6F3DFED2488F7F37D1C3C2B7B59A6CC9597240644B7025ED565BCAB1EDDAC61233467AB520F73AF527219E48592E6D65DAA444AF3F6948B2CAE57713E28C3D46C11C2754FCECEA2F47898A2408B0099BC37B17A607585C365B96A06BDF4F5864AC06E71C76060EAAEF012FEF778EFB4EF2D3CC819A61E504C45604F8B94F4023A6D8CD9AC91E279CE9280AA40439A20B4F057F7F0AE89C9B180C545DB0A5627BC35E37DB5617491268902E66F0A4824CDD99BE0FEEAD820E791CCF5270E132956AA5CBE588597CE0AF3598C1E1E23DE813444EF9F698195C712C7832A0B88118ED185935565B21B55646F862C843C419ABFB224EFEA5AC02D8D322263227839F3A690062B9E10B8E3634C543AF785936831E814D3679F0E7685A79B972588D2171754349F81DD3C986AA1882F6456ECBD300FE5F309733A07EF"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-02-19 13:57:44
ComboFix-quarantined-files.txt 2009-02-19 12:57:39

Avant-CF: 4,186,492,928 octets libres
Après-CF: 4,175,769,600 octets libres

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
246 --- E O F --- 2009-02-19 11:11:18

bonjour,

j'ai donc effectué toutes les étapes , par contre j'ai maintenant de gros souci de connexion et kério plante à chaque fois. je l'ai donc désinstallé, mais ma connexion varie maintenant de 80 ko a 250 ko max, alors que je devrais être autour de 480/520 KO


Que faire ?