SYSTEM SECURITY / état avancé et urgent!

Jetez un œil de cet article : https://www.editboard.com/search/www.geekpolice.net

C'est la version anglaise, mais ici est la version française : http://translate.google.com/...

Salut Néophyte,

Désolé de te répondre seulement maintenant, mais les soucis ne se sont pas arrangés, que du contraire.
J'ai bien lancé le programme et l'option deux, comme tu me le demandais.
Résultat des courses: après l'opération, je n'ai plus accès à internet (erreur de proxy).
Je suis donc obligé de t'écrire depuis le boulot, ce qui ne facilite pas les choses, tu t'en doutes!

Je vais essayer de travailler ce soir avec deux PC en parallèle.
Il faudrait vraiment que j'arrange cela.

Merci de ta patience en tout cas,
Laurent

OK, je sauvegarde tout cela sur un CD rom et j'essaye de lancer cela ce soir.
Je reviens vers toi demain avec mon fichier .txt !
ps: as-tu une idée de la raison de mes problèmes de connection internet, et de la manière de les résoudre?

Laurent

Salut néophyte,

J'ai bien lancé et installé comobfix, et voici le log que cela génère.
ps: pendant l'exe, le virus a continué d'apparaître, il est toujours bien présent, et je n ai toujours pas de connection internet (je travaille ici avec un 2e PC)



ComboFix 09-04-04.01 - natacha 2009-04-06 18:13:45.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.447.73 [GMT 2:00]
Lancé depuis: c:\documents and settings\natacha\Bureau\C-Fix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ld03.exe
c:\windows\pp06.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mukmil.dll
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
E:\autorun.inf
G:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-06 au 2009-04-06 ))))))))))))))))))))))))))))))))))))
.

2009-04-06 18:00 . 2009-04-06 18:01 <REP> d-------- C:\32788R22FWJFW.0.tmp
2009-04-06 18:00 . 2009-04-06 18:00 150,032 --------- c:\windows\system32\e8c3859cc3c9e7d62a63099896228962.exe
2009-04-06 18:00 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-04 23:20 . 2009-04-04 23:20 11,776 --a------ c:\windows\tt_1238880030.exe
2009-04-04 18:24 . 2009-04-04 18:24 11,776 --a------ c:\windows\tt_1238862283.exe
2009-04-04 18:14 . 2009-04-04 18:14 <REP> d-------- c:\program files\websrvx
2009-04-04 18:14 . 2009-04-04 18:14 11,776 --a------ c:\windows\tt_1238861647.exe
2009-04-04 18:14 . 2009-04-04 18:14 2 ---h----- c:\windows\t55ft3242f44.dat
2009-04-04 16:58 . 2009-04-04 16:58 <REP> d-------- c:\program files\Lavasoft
2009-04-04 16:55 . 2009-04-04 16:55 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-04-03 19:08 . 2009-04-03 19:08 11,776 --a------ c:\windows\tt_1238778517.exe
2009-04-03 01:05 . 2009-04-03 01:05 11,776 --a------ c:\windows\tt_1238713514.exe
2009-04-03 01:03 . 2009-04-03 01:03 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-03 00:27 . 2009-04-03 00:27 11,776 --a------ c:\windows\tt_1238711245.exe
2009-04-03 00:20 . 2009-04-03 00:20 <REP> d-------- c:\program files\Enigma Software Group
2009-04-03 00:17 . 2009-04-03 00:17 <REP> d-------- C:\_OTMoveIt
2009-04-03 00:09 . 2009-04-03 00:10 <REP> d-------- C:\rsit
2009-04-03 00:09 . 2009-04-03 00:09 <REP> d-------- c:\program files\trend micro
2009-04-03 00:02 . 2009-04-03 00:02 <REP> d-------- c:\program files\CCleaner
2009-04-02 23:54 . 2009-04-02 23:54 0 --a------ c:\windows\nsreg.dat
2009-04-02 20:32 . 2009-04-02 20:32 <REP> d-------- c:\documents and settings\All Users\Application Data\[u]0/u8599046
2009-04-02 20:01 . 2009-04-02 20:01 <REP> d-------- c:\documents and settings\All Users\Application Data\[u]0/u8583421
2009-04-02 17:45 . 2009-04-02 17:45 1 --a------ c:\windows\9g2234wesdf3dfgjf23
2009-04-01 16:42 . 2009-04-01 16:49 2,670 ---h----- c:\windows\f5087.dat
2009-04-01 16:37 . 2009-04-01 16:37 30,720 ---h----- c:\windows\freddy40.exe
2009-04-01 16:37 . 2009-04-01 16:37 2 ---h----- c:\windows\t55ft3223f44.dat
2009-04-01 16:37 . 2009-04-01 16:37 2 ---h----- c:\windows\t55ft2784f44.dat
2009-04-01 16:37 . 2009-04-01 16:37 1 ---h----- c:\windows\f23567.dat
2009-03-19 00:10 . 2009-03-19 00:10 <REP> d-------- c:\documents and settings\natacha\Application Data\dvdcss

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 21:19 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-04 17:02 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-04 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-02 23:12 --------- d-----w c:\documents and settings\natacha\Application Data\Azureus
2009-02-27 13:20 --------- d-----w c:\program files\Vuze
2009-02-23 10:06 --------- d-----w c:\program files\Google
2009-02-09 14:17 1,846,400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:17 1,846,400 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-08 20:48 --------- d-----w c:\documents and settings\natacha\Application Data\Skype
2009-02-08 19:18 --------- d-----w c:\program files\Fichiers communs\ArcSoft
2009-02-08 19:17 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 19:17 --------- d-----w c:\program files\ArcSoft
2009-02-08 19:16 --------- d-----w c:\documents and settings\natacha\Application Data\Panasonic
2009-02-08 19:15 --------- d-----w c:\program files\Panasonic
2009-02-08 17:53 --------- d-----w c:\documents and settings\natacha\Application Data\ATI
2009-02-08 17:50 --------- d-----w c:\program files\Canon
2009-02-08 17:38 --------- d-----w c:\program files\Sony Ericsson
2009-02-08 17:38 --------- d-----w c:\program files\Fichiers communs\Teleca Shared
2009-02-08 17:38 --------- d-----w c:\documents and settings\natacha\Application Data\Teleca
2009-02-08 17:31 --------- d-----w c:\program files\Microsoft Works
2009-02-08 16:18 --------- d-----w c:\documents and settings\natacha\Application Data\skypePM
2009-01-16 20:15 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-10 14:58 1,107,296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
2008-02-25 14:00 33,912 ----a-w c:\documents and settings\natacha\Application Data\GDIPFONTCACHEV1.DAT
2008-02-24 15:10 16,438 ----a-w c:\documents and settings\natacha\Application Data\wklnhst.dat
2009-04-06 16:02 66,576 ----a-w c:\program files\mozilla firefox\components\dedccbeacce.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-03-29 258048]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-03-24 1488112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-07-21 185896]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 327720]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-09-18 1696768]
"beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"08583421"="c:\documents and settings\All Users\Application Data\[u]0/u8583421\[u]0/u8583421.exe" [2009-04-02 20:01 316516]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 c:\windows\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 c:\windows\system32\P0620Pin.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2006-10-02 29696]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 176128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-02-08 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aceefabdaaaeffe]
2004-07-18 06:02 280064 c:\windows\system32\aceefabdaaaeffe.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [2007-02-19 225280]
R2 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [2007-02-19 331776]
R2 websrvx;websrvx;c:\program files\websrvx\websrvx.exe [2009-04-04 9728]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2008-04-21 16269]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-01-10 10976]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2009-01-10 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2009-01-10 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2009-01-10 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2009-01-10 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2009-01-10 98696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37e7c1e6-7755-11dd-b9bc-001617a20c5f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2009-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2007-05-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1167499026.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 01:52]
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellIconOverlayIdentifiers-{9D1F87E7-4D72-41AB-9D57-D101A08F20E5} - (no file)
ShellExecuteHooks-{483910AC-20E0-42A6-B6F5-3902EEF878D0} - (no file)


.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\natacha\Application Data\Mozilla\Firefox\Profiles\38ndv7ff.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 18:15:46
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\b93537044f0363a4387c45b643484045.sys 39936 bytes executable
c:\windows\system32\_b93537044f0363a4387c45b643484045.sys_.vir 39936 bytes executable

Scan terminé avec succès
Fichiers cachés: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b93537044f0363a4387c45b643484045]
"ImagePath"="system32\b93537044f0363a4387c45b643484045.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\aceefabdaaaeffe.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\hnetcfg.dll
.
Heure de fin: 2009-04-06 18:17:47
ComboFix-quarantined-files.txt 2009-04-06 16:17:44

Avant-CF: 116.384.149.504 octets libres
Après-CF: 116,621,959,168 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

225 --- E O F --- 2009-04-02 22:43:44

Pas de problème pour le délai!

Je comprends bien ta demande, mais là, j'ai un souci: ma connection internet n'est pas rétablie...
Du coup, impossible d'aller en ligne sur le PC infecté pour effectuer l'opération demandée!
Que me conseilles-tu?

A+
L.

Je peux éventuellement emprunter un Pc portable au boulot, si cela peut aider...
Merci,
A+
L.

Le message lors de ma connexion est le suivant:

Connexion au serveu proxy refusée.
Firefox est configuré pour utiliser un serveur proxy mais celui-ci n'accepte pas les connexions.

Peux-tu m'aider?
Merci,
Laurent

Salut néophyte,

Voilà, ma connexion est rétablie, tout refonctionne a priori normalement.
Voici les deux (derniers?) log demandés:
Logfile of random's system information tool 1.06 (written by random/random)
Run by natacha at 2009-04-08 18:00:31
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 111 GB (73%) free of 153 GB
Total RAM: 447 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:45, on 8/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\natacha\Bureau\RSIT.exe
C:\Documents and Settings\natacha\Bureau\natacha.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.spie-ics.be/nl/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Merci néophyte,

A priori, j'ai tout fait!
Il reste quoi à faire?
Je t'écoute :)

L.