Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Virus autorun.inf

Dernière réponse le 11 oct 2009 à 21:17:44 clala, le 10 oct 2009 à 21:01:38

Signaler ce message aux modérateurs

Bonsoir,

Je sais bien que je vais vous embêter avec ce virus, j'ai lu plein de sujet dessus, et déjà fait plein de chose mais rien ne marche...

Ma clef usb est infectée par le virun autoun.inf.
Avg, et avast n'y font rien, C cleaner non plus.
J'ai essayé avec RAV, Flash disenfector et rien n'y fait. Le fichier est toujours occupé par une autre ressource.
J'ai donc téléchargé unlock, et la ressource utilisée par autorun.inf est explorer.exe. J'ai donc désactivé celui ci, je peux alors supprimé mon fichier autorun.inf et même formater ma clef usb.
Seulement dès que je la rebranche sur mon pc je fichier reviens.

Ce virus se manifeste par une fenêtre d'interruption d'iexplore.exe, et par des publicités intempestives que je n'avais pas avant.

Pourriez vous m'aider, une petite idée s'il vous plait ?
Déjà me répondre serait une aide à mes yeux.
Bonne soirée.

Configuration: Windows XP
Firefox 3.5.3

Meilleures réponses pour « Virus autorun.inf » dans :

Virus AUTORUN.inf + (fichier.exe) Voir

Supprimer trojans et virus AUTORUN.INF Voir

Comment supprimer le virus autorun.inf ? Voir

Créer un fichier Autorun.inf VoirCréation de fichier autorun Autoriser l'exécution automatique Création du fichier autorun.inf Personnaliser l'icône Personnaliser le texte Personnaliser le menu Autoriser l'exécution automatique Une fonctionnalité de Windows...

[Windows] Une icône custom pour votre clé USB VoirIl est possible d'avoir une icône customizée pour votre clé USB (et même un nom). Pour cela, il suffit de placer un fichier .ICO (ou une image .BMP) à la racine de votre clé USB et de créer un fichier autorun.inf, par...

Suppression de virus autorun.inf Voir

Virus J:\AutoRun.inf (Résolu) Voir

Ipod virus autorun.inf récurrent Voir

Télécharger APO USB Autorun VoirAPO USB Autorun vous permet d'ajouter la fonction de lancement automatique à votre clé USB. Il cherche automatiquement l'extension autorun.inf comme sur les CDs pour l'exécuter. Cette fonction toute simple et pourtant indispensable vous permet...

Utilitaires de désinfection des principaux virus et vers VoirQu'est-ce qu'un kit de désinfection ? Un kit de désinfection est un petit exécutable dont le but est de nettoyer une machine infectée par un virus particulier. Chaque kit de désinfection est donc uniquement capable d'éradiquer un type de virus...

Posez votre question Répondre

qsdq, le 10 oct 2009 à 21:02:05

Salut,

Clique droit sur ce lien pour installer ComboFix (par sUBs) :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
et sauvegarde-le (Enregistrer dans) sur le Bureau.

Important : dans "Nom du fichier" enregistre (renomme) "combofix" en combo-fix.exe

Prends connaissance de ce tutoriel : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Ferme toutes les fenêtres et applications.
Déconnecte-toi du net et désactive tes protections résidentes :
http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm

Sur le bureau, double clique combo-fix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
ComboFix redémarrera ton PC.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse.

PS : Le rapport se trouve également ici : C:\Combofix.txt

Ne clique pas dans la fenêtre de Combofix durant l’analyse : cela pourrait provoquer le gel du programme !

Répondre à qsdq

clala, le 10 oct 2009 à 21:34:42

Merci de m'avoir répondu.
Le rapport a été assez long.
Suite à ce rapport j'ai l'impression d'être sous une apparence 98 et non Xp. Le virus est toujours là, car j'ai toujours la fenêtre qui s'affiche.
Le voici:

ComboFix 09-10-08.04 - Marlène Cxxxx 10/10/2009 21:12.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1279.602 [GMT 2:00]
Lancé depuis: c:\documents and settings\Marlène Cxxxx\Bureau\combo-fix.exe
AV: avast! antivirus 4.8.1335 [VPS 091009-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
[i] ADS - WINDOWS: deleted 72 bytes in 1 streams. /i
[i] ADS - svchost.exe: deleted 31744 bytes in 1 streams. /i

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\ntuser.dll
c:\recycler\S-1-5-21-0208374356-2181206355-079396765-9477
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1858
c:\recycler\S-1-5-21-0245289987-9686493290-335870376-2847
c:\recycler\S-1-5-21-0628706161-6088795659-537978588-1656
c:\recycler\S-1-5-21-0892343856-2271740846-761648556-1606
c:\recycler\S-1-5-21-0951332512-5343315443-174227498-0259
c:\recycler\S-1-5-21-1484080291-8858831330-464184352-3359
c:\recycler\S-1-5-21-2132614119-5863744320-667308370-5921
c:\recycler\S-1-5-21-2467913445-7132686288-352137432-7831
c:\recycler\S-1-5-21-2478505781-7020578900-670750353-3689
c:\recycler\S-1-5-21-2478505781-7020578900-670750353-3689\Desktop.ini
c:\recycler\S-1-5-21-2478505781-7020578900-670750353-3689\wnzip32.exe
c:\recycler\S-1-5-21-2743983155-6285318407-928190796-9847
c:\recycler\S-1-5-21-2907026870-7554786089-492674946-5545
c:\recycler\S-1-5-21-3539946292-8063953586-335323656-7394
c:\recycler\S-1-5-21-4386793937-4524700639-680774601-9478
c:\recycler\S-1-5-21-4407150767-1561733905-179563447-7031
c:\recycler\S-1-5-21-4469495292-4260688815-324929095-0094
c:\recycler\S-1-5-21-4614510201-8890611533-499363049-7280
c:\recycler\S-1-5-21-5060942413-4791985025-628070533-5700
c:\recycler\S-1-5-21-5287088361-7090177700-141952692-2267
c:\recycler\S-1-5-21-5540211268-4794550213-572687221-3699
c:\recycler\S-1-5-21-5614638252-5671007538-913735555-1698
c:\recycler\S-1-5-21-5661752594-2892416011-397527773-4087
c:\recycler\S-1-5-21-6033903343-5277688092-381710061-3237
c:\recycler\S-1-5-21-6438904790-2652938547-528198323-5059
c:\recycler\S-1-5-21-6450961797-3279482723-089984359-4184
c:\recycler\S-1-5-21-6594004721-4184889828-302637648-0060
c:\recycler\S-1-5-21-6668144127-4209684199-445945401-9863
c:\recycler\S-1-5-21-6669884855-5026225659-871457908-6117
c:\recycler\S-1-5-21-7326129695-0507378237-029498061-1807
c:\recycler\S-1-5-21-7636304563-0031248976-699515553-6252
c:\recycler\S-1-5-21-7726428107-4799412952-488568901-2764
c:\recycler\S-1-5-21-8039072132-7996001462-199017986-1688
c:\recycler\S-1-5-21-8526701702-9534707388-204099756-8653
c:\recycler\S-1-5-21-8584318107-6593789130-459891586-9245
c:\recycler\S-1-5-21-8705049247-0814168968-885919000-2963
c:\recycler\S-1-5-21-8735367446-0220211375-025514443-2870
c:\windows\Fonts\Txtrider.fon
c:\windows\kb913800.exe
c:\windows\system32\_004841_.tmp.dll
c:\windows\system32\_004842_.tmp.dll
c:\windows\system32\_004843_.tmp.dll
c:\windows\system32\_004844_.tmp.dll
c:\windows\system32\_004851_.tmp.dll
c:\windows\system32\_004852_.tmp.dll
c:\windows\system32\_004853_.tmp.dll
c:\windows\system32\_004854_.tmp.dll
c:\windows\system32\_004856_.tmp.dll
c:\windows\system32\_004857_.tmp.dll
c:\windows\system32\_004860_.tmp.dll
c:\windows\system32\_004861_.tmp.dll
c:\windows\system32\_004864_.tmp.dll
c:\windows\system32\_004865_.tmp.dll
c:\windows\system32\_004867_.tmp.dll
c:\windows\system32\_004869_.tmp.dll
c:\windows\system32\_004870_.tmp.dll
c:\windows\system32\_004871_.tmp.dll
c:\windows\system32\_004876_.tmp.dll
c:\windows\system32\_004878_.tmp.dll
c:\windows\system32\_004881_.tmp.dll
c:\windows\system32\_004883_.tmp.dll
c:\windows\system32\_004884_.tmp.dll
c:\windows\system32\_004885_.tmp.dll
c:\windows\system32\_004886_.tmp.dll
c:\windows\system32\_004887_.tmp.dll
c:\windows\system32\_004890_.tmp.dll
c:\windows\system32\_004891_.tmp.dll
c:\windows\system32\_004892_.tmp.dll
c:\windows\system32\_004893_.tmp.dll
c:\windows\system32\_004894_.tmp.dll
c:\windows\system32\_004899_.tmp.dll
c:\windows\system32\_004901_.tmp.dll
c:\windows\system32\calc.dll
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\308984.exe
c:\windows\system32\drivers\downld\319687.exe
c:\windows\system32\drivers\downld\320718.exe
c:\windows\system32\drivers\downld\4487625.exe
c:\windows\system32\drivers\downld\4488765.exe
c:\windows\system32\drivers\downld\4520906.exe
c:\windows\system32\drivers\downld\4523593.exe
c:\windows\system32\drivers\downld\4526312.exe
c:\windows\system32\drivers\downld\4575203.exe
c:\windows\system32\drivers\downld\833187.exe
c:\windows\system32\drivers\hldrrr .exe
c:\windows\system32\drivers\str.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\lsprcxs .exe
c:\windows\system32\lvcomsx .exe
c:\windows\system32\mssrv32.exe
c:\windows\system32\ncmdds .exe
c:\windows\system32\qazbrnn .exe
c:\windows\system32\sdra64.exe
c:\windows\system32\sysmonitor .exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF
-------\Service_ICF

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-10 au 2009-10-10 ))))))))))))))))))))))))))))))))))))
.

2009-10-10 18:26 . 2009-10-10 18:27 -------- d-----w- c:\program files\Unlocker
2009-10-10 16:55 . 2009-10-10 16:57 -------- d-----w- c:\windows\LastGood.Tmp
2009-10-10 16:52 . 2009-10-10 16:52 -------- d-----w- c:\windows\system32\fr
2009-10-10 16:52 . 2009-10-10 16:52 -------- d-----w- c:\windows\system32\bits
2009-10-10 16:52 . 2009-10-10 16:52 -------- d-----w- c:\windows\l2schemas
2009-10-10 16:50 . 2009-10-10 16:52 -------- d-----w- c:\windows\ServicePackFiles
2009-10-10 16:40 . 2009-10-10 16:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 16:43 . 2009-10-08 16:43 56832 ----a-w- c:\windows\system32\jrnfd32.dll
2009-10-08 15:35 . 2009-10-10 16:32 30720 --sh--r- c:\windows\system32\lsprcxs.exe
2009-10-08 15:35 . 2009-10-10 16:32 30720 --sh--r- c:\windows\system32\ncmdds.exe
2009-10-08 15:35 . 2009-10-10 16:26 30720 --sh--r- c:\windows\system32\qazbrnn.exe
2009-10-08 14:40 . 2009-10-08 14:40 9440 ----a-w- c:\windows\system32\drivers\nmwcdq.sys
2009-10-08 13:52 . 2009-10-08 16:43 82944 --sh--w- C:\klnjswpx.exe
2009-09-24 20:59 . 2009-09-24 20:59 -------- d-----w- c:\program files\ma-config.com
2009-09-24 20:59 . 2009-09-24 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 18:06 . 2007-03-06 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-10 16:39 . 2007-03-03 10:03 -------- d-----w- c:\program files\Java
2009-10-10 16:37 . 2006-09-08 11:17 85018 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-10 16:37 . 2006-09-08 11:17 492138 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-10 16:32 . 2004-05-21 18:11 30720 ----a-w- c:\windows\system32\lvcomsx.exe
2009-10-10 16:32 . 2007-03-03 10:04 30720 ----a-w- c:\windows\system32\sysmonitor.exe
2009-10-09 16:10 . 2008-05-05 18:42 -------- d-----w- c:\program files\CEDP Stealer 6.0 for Messenger
2009-09-27 19:48 . 2009-03-20 16:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-25 15:16 . 2007-06-18 21:27 -------- d-----w- c:\program files\Windows Live
2009-09-14 10:27 . 2007-03-06 08:43 -------- d-----w- c:\program files\eMule
2009-09-08 16:15 . 2007-04-17 17:28 -------- d-----w- c:\program files\Nvu
2009-09-08 16:13 . 2006-09-08 11:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\sp3gdr\tcpip.sys
[-] 2008-06-20 . 0B788EE2A876D7B31DF840C13F08CD2B . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
[-] 2008-04-13 . 99BD46C2C790E52363DD1021DDCA3E8F . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"wesspell"="c:\windows\system32\qazbrnn.exe" [2009-10-10 30720]
"zmmclr"="c:\windows\system32\ncmdds.exe" [2009-10-10 30720]
"mqlwindl"="c:\windows\system32\lsprcxs.exe" [2009-10-10 30720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2009-10-10 30720]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2009-10-10 30720]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2009-10-10 30720]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2009-10-10 30720]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2009-10-10 30720]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2009-10-10 30720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-17 185896]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"\\marlene\EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\MarlŠne CHERPEAU\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
scandisk.dll [2009-10-8 25088]
scandisk.lnk - c:\windows\system32\rundll32.exe [2004-8-10 33792]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-3-3 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Marlène CHERPEAU^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Marlène CHERPEAU\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Marlène CHERPEAU^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Marlène CHERPEAU\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1a\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1a\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\explorer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:BitTorrent
"21758:TCP"= 21758:TCP:BitComet 21758 TCP
"21758:UDP"= 21758:UDP:BitComet 21758 UDP
"65534:TCP"= 65534:TCP:BitComet 65534 TCP
"65534:UDP"= 65534:UDP:BitComet 65534 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/04/2008 18:58 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 18:58 20560]
R2 e4mnt4;e4mnt4;c:\windows\system32\drivers\e4mnt4.sys [07/05/2008 17:18 75360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [24/01/2008 13:12 24652]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [06/03/2007 21:49 163328]
S2 e4mservice;E4M service;e4mserv.exe --> e4mserv.exe [?]
S2 qrdgjouxevmdq;qrdgjouxevmdq;\??\c:\windows\system32\drivers\kdehlyggwpefu.sys --> c:\windows\system32\drivers\kdehlyggwpefu.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960]
S3 pohci13F;pohci13F;\??\c:\docume~1\MARLNE~1\LOCALS~1\Temp\pohci13F.sys --> c:\docume~1\MARLNE~1\LOCALS~1\Temp\pohci13F.sys [?]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [28/03/2007 21:11 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [28/03/2007 21:11 85696]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - EHRECVR
*NewlyCreated* - EHSCHED
.
Contenu du dossier 'Tâches planifiées'

2009-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
c:\windows\Tasks\At6.job
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Marlène CHERPEAU\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
TCP: {D32D6B20-C01E-4920-AA7A-8E2B05516D9D} = 192.168.30.1,0.0.0.0
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Marlène CHERPEAU\Application Data\Mozilla\Firefox\Profiles\leo1ccsp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-AVG Anti-Spyware Driver
AddRemove-debug meta obj - c:\docume~1\MARLNE~1\APPLIC~1\MEETMI~1\Batvccake.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 21:22
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\system32\lsprcxs .exe 30720 bytes executable
c:\windows\system32\lvcomsx .exe 30720 bytes executable
c:\windows\system32\ncmdds .exe 30720 bytes executable
c:\windows\system32\sysmonitor .exe 30720 bytes executable
c:\windows\system32\qazbrnn .exe 30720 bytes executable

Scan terminé avec succès
Fichiers cachés: 5

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1840)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
c:\windows\system32\searchindexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\acer\Empowering Technology\eRecovery\eragent .exe
c:\program files\Logitech\Video\logitray .exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\docume~1\MARLNE~1\LOCALS~1\Temp\ctv333.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Windows Live\Toolbar\wltuser.exe
c:\windows\ehome\ehSched.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Heure de fin: 2009-10-10 21:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-10 19:30

Avant-CF: 11 114 086 400 octets libres
Après-CF: 11 098 783 744 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
362 --- E O F --- 2009-10-10 16:55

Que dois-je en conclure? Merci d'avance.

Répondre à clala

guglo, le 10 oct 2009 à 21:39:12

Bizar mon avast (sur vista) le vire sans souci et y compri sur les clé usb et disques dur de mes camarades utilisant xp.....

Répondre à guglo

clala, le 10 oct 2009 à 21:42:08

Oui je suis d'accord, c'est bizarre, mais il résiste beaucoup avec moi!
Mais apparement finalement il n'est plus sur ma clef.

qsdq pourrai tu m'expliquer ce que le rapport signifie globalement? D'autres virus? Celui ci est il bien supprimé?

Merci :)

Répondre à clala

nathandre, le 10 oct 2009 à 22:13:47

Bonsoir
faut pas faire passer ComboFix sans savoir, car c'est un outil très puissant et qui doit etre conseillé par un helpeur expérimenté
clala, fait moi ceci
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

- http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

- Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

- laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

Répondre à nathandre

Helper-Mask, le 10 oct 2009 à 23:14:59

Hello tout le monde !

Pour suivre ...

Bonne chance ;-) ¿« H€Ļρέя мĄ$к »? ™

Répondre à Helper-Mask

Lyonnais92, le 10 oct 2009 à 23:25:03

Bonsoir,

pour suivre aussi.

Au passage, le tutoriel officiel de Combofix sur Bleeping Computer ne parle pas de "helpeur expérimenté", il parle de "quelqu'un qui a suivi une formation adéquate."

Moi, je ne sais pas si qsdq a ou non reçu une telle formation. @+
Avez vous une sauvegarde de vos données personnelles ?
Même si Windows ne démarre plus, nous savons encore les sauver. Ne formatez pas !

Répondre à Lyonnais92

clala, le 11 oct 2009 à 16:21:13

Bonjour.

Combofix m'a bien supprimé mon fichier, je n'ai pour le moment plus de problème.
Dois je quand même faire un log de RSIT?

Merci à tous!

Répondre à clala

nathandre, le 11 oct 2009 à 16:23:46

Bonjour
fait RSIT, c'est pour voir s'il y a des clés mountpoint2

Répondre à nathandre

Lyonnais92, le 11 oct 2009 à 18:42:28

Salut

http://www.google.fr/... @+
Avez vous une sauvegarde de vos données personnelles ?
Même si Windows ne démarre plus, nous savons encore les sauver. Ne formatez pas !

Répondre à Lyonnais92

Helper-Mask, le 11 oct 2009 à 16:23:05

Oui vaux mieux le faire pour que Nathandre y voit un peu plus clairement ;-) tu as surement d'autre infections à traité =)" ¿« H€Ļρέя мĄ$к »? ™

Répondre à Helper-Mask

clala, le 11 oct 2009 à 16:43:15

Le rapport du Log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Marlène CHERPEAU at 2009-10-11 16:41:42
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 10 GB (13%) free of 73 GB
Total RAM: 1279 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:55, on 11/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\e4mserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Logitech\Video\LogiTray .exe
C:\Program Files\Messenger\msmsgs.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\DOCUME~1\MARLNE~1\LOCALS~1\Temp\ctv1265.exe
C:\program files\Common Files\system\logonui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marlène CHERPEAU\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Marlène CHERPEAU.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [\\marlene\EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P36 "\\marlene\EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Interfaz de usuario de inicio d sesión de Windows] C:\program files\Common Files\system\logonui.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wesspell] C:\WINDOWS\system32\qazbrnn.exe
O4 - HKCU\..\Run: [zmmclr] C:\WINDOWS\system32\ncmdds.exe
O4 - HKCU\..\Run: [mqlwindl] C:\WINDOWS\system32\lsprcxs.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Marlène CHERPEAU\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D32D6B20-C01E-4920-AA7A-8E2B05516D9D}: NameServer = 192.168.30.1,0.0.0.0
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: E4M service (e4mservice) - Unknown owner - C:\WINDOWS\SYSTEM32\e4mserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
End of file - 12814 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2007-11-17 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll [2007-08-30 513336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-20 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-15 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-20 2436160]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"LaunchApp"=Alaunch []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-01 16208384]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"ntiMUI"=c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2009-10-11 30720]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"Acer Empowering Technology Monitor"=C:\WINDOWS\system32\SysMonitor.exe [2009-10-11 30720]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2009-10-10 30720]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2009-10-11 30720]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2009-10-11 30720]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2009-10-11 30720]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2007-11-17 185896]
"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-10 149280]
"\\marlene\EPSON Stylus DX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE [2005-02-08 98304]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"Interfaz de usuario de inicio d sesión de Windows"=C:\program files\Common Files\system\logonui.exe [2004-10-16 45056]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2004-06-01 196608]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"wesspell"=C:\WINDOWS\system32\qazbrnn.exe [2009-10-11 30720]
"zmmclr"=C:\WINDOWS\system32\ncmdds.exe [2009-10-11 30720]
"mqlwindl"=C:\WINDOWS\system32\lsprcxs.exe [2009-10-11 30720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2007-09-07 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2007-02-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marlène CHERPEAU^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marlène CHERPEAU^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-04-16 384000]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe

C:\Documents and Settings\Marlène CHERPEAU\Menu Démarrer\Programmes\Démarrage
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
scandisk.dll
scandisk.lnk - C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-07-18 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\explorer.exe"="%windir%\explorer.exe:*:Enabled:Windows Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2009-10-11 16:41:43 ----D---- C:\Program Files\trend micro
2009-10-11 16:41:42 ----D---- C:\rsit
2009-10-11 16:33:41 ----D---- C:\juegos
2009-10-11 16:33:40 ----D---- C:\Program Files\Common Files
2009-10-10 22:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-10 22:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-10-10 22:13:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-10 22:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-10-10 22:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-10 22:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-10-10 22:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-10 22:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-10-10 22:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-10 22:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-10 22:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-10 22:08:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-10 22:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-10-10 22:02:02 ----D---- C:\WINDOWS\system32\XPSViewer
2009-10-10 22:01:57 ----D---- C:\Program Files\MSBuild
2009-10-10 22:01:56 ----D---- C:\WINDOWS\system32\en-US
2009-10-10 22:01:49 ----D---- C:\Program Files\Reference Assemblies
2009-10-10 22:01:09 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-10-10 22:01:08 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-10-10 22:01:08 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-10-10 22:01:07 ----D---- C:\dbc9ad630330d7f0dbad0da8
2009-10-10 21:56:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-10 21:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-10 21:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-10 21:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-10-10 21:55:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-10 21:55:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-10 21:55:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-10 21:54:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-10 21:54:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-10-10 21:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-10 21:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-10 21:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-10 21:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-10-10 21:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-10-10 21:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-10-10 21:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-10-10 21:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-10 21:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-10 21:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-10 21:51:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-10 21:51:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-10-10 21:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-10-10 21:51:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-10-10 21:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-10 21:51:17 ----D---- C:\Program Files\MSXML 4.0
2009-10-10 21:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-10 21:51:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-10 21:50:35 ----A---- C:\WINDOWS\imsins.BAK
2009-10-10 21:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-10 21:50:30 ----D---- C:\WINDOWS\LastGood
2009-10-10 21:31:00 ----A---- C:\ComboFix.txt
2009-10-10 21:24:20 ----SHD---- C:\RECYCLER
2009-10-10 21:21:35 ----D---- C:\WINDOWS\Prefetch
2009-10-10 21:21:17 ----A---- C:\WINDOWS\setuplog.txt
2009-10-10 21:11:12 ----A---- C:\Boot.bak
2009-10-10 21:11:07 ----RASHD---- C:\cmdcons
2009-10-10 21:09:57 ----A---- C:\WINDOWS\zip.exe
2009-10-10 21:09:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-10 21:09:57 ----A---- C:\WINDOWS\SWSC.exe
2009-10-10 21:09:57 ----A---- C:\WINDOWS\SWREG.exe
2009-10-10 21:09:57 ----A---- C:\WINDOWS\sed.exe
2009-10-10 21:09:57 ----A---- C:\WINDOWS\PEV.exe
2009-10-10 21:09:57 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-10 21:09:57 ----A---- C:\WINDOWS\grep.exe
2009-10-10 21:09:48 ----D---- C:\WINDOWS\ERDNT
2009-10-10 21:08:31 ----D---- C:\Qoobox
2009-10-10 20:26:40 ----D---- C:\Documents and Settings\Marlène CHERPEAU\Application Data\Desktopicon
2009-10-10 20:26:39 ----D---- C:\Program Files\Unlocker
2009-10-10 19:23:16 ----RAD---- C:\autorun.inf
2009-10-10 18:52:29 ----D---- C:\WINDOWS\system32\fr
2009-10-10 18:52:29 ----D---- C:\WINDOWS\system32\bits
2009-10-10 18:52:29 ----D---- C:\WINDOWS\l2schemas
2009-10-10 18:50:31 ----D---- C:\WINDOWS\ServicePackFiles
2009-10-10 18:48:52 ----D---- C:\WINDOWS\network diagnostic
2009-10-10 18:43:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-10-10 18:40:02 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-10 18:40:02 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-10 18:40:02 ----A---- C:\WINDOWS\system32\java.exe
2009-10-10 18:40:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-08 18:43:33 ----A---- C:\WINDOWS\system32\jrnfd32.dll
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\qazbrnn.exe72
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\qazbrnn.exe68
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\qazbrnn.exe64
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\qazbrnn .exe
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\ncmdds.exe74
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\ncmdds.exe69
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\ncmdds.exe67
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\ncmdds.exe65
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\ncmdds .exe
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\lsprcxs.exe75
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\lsprcxs.exe71
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\lsprcxs.exe69
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\lsprcxs.exe68
2009-10-08 17:35:50 ----RASH---- C:\WINDOWS\system32\lsprcxs .exe
2009-10-08 17:35:50 ----A---- C:\WINDOWS\system32\qazbrnn.exe
2009-10-08 17:35:50 ----A---- C:\WINDOWS\system32\ncmdds.exe
2009-10-08 17:35:50 ----A---- C:\WINDOWS\system32\lsprcxs.exe
2009-10-08 15:52:50 ----SH---- C:\klnjswpx.exe
2009-09-24 22:59:11 ----D---- C:\Program Files\ma-config.com
2009-09-24 22:59:11 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-09-14 21:50:16 ----A---- C:\WINDOWS\ModemLog_Nokia GSM Phone USB Modem #3.txt

======List of files/folders modified in the last 2 months======

2009-10-11 16:41:43 ----D---- C:\Program Files
2009-10-11 16:33:41 ----D---- C:\WINDOWS\system32
2009-10-11 16:24:04 ----D---- C:\Program Files\Mozilla Firefox
2009-10-11 16:24:02 ----A---- C:\WINDOWS\win.ini
2009-10-11 16:17:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-11 16:16:17 ----SD---- C:\WINDOWS\Tasks
2009-10-11 16:16:10 ----D---- C:\Program Files\Adobe
2009-10-11 16:15:55 ----A---- C:\WINDOWS\system32\lvcomsx.exe
2009-10-11 16:15:53 ----AD---- C:\WINDOWS
2009-10-11 16:15:49 ----A---- C:\WINDOWS\system32\sysmonitor.exe
2009-10-11 16:15:15 ----D---- C:\WINDOWS\temp
2009-10-11 16:14:51 ----D---- C:\WINDOWS\Registration
2009-10-11 16:12:05 ----D---- C:\WINDOWS\system32\wbem
2009-10-11 16:12:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-11 16:12:04 ----D---- C:\WINDOWS\AppPatch
2009-10-10 22:14:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-10 22:14:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-10 22:14:44 ----RSD---- C:\WINDOWS\assembly
2009-10-10 22:14:37 ----HD---- C:\WINDOWS\inf
2009-10-10 22:14:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-10 22:14:36 ----HD---- C:\WINDOWS\system32\drivers
2009-10-10 22:14:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-10 22:14:03 ----D---- C:\Program Files\Messenger
2009-10-10 22:13:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-10 22:13:36 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-10 22:13:31 ----SHD---- C:\WINDOWS\Installer
2009-10-10 22:13:31 ----D---- C:\Config.Msi
2009-10-10 22:10:19 ----D---- C:\WINDOWS\Debug
2009-10-10 22:05:52 ----D---- C:\WINDOWS\WinSxS
2009-10-10 22:01:54 ----RSD---- C:\WINDOWS\Fonts
2009-10-10 22:01:23 ----D---- C:\WINDOWS\system32\spool
2009-10-10 21:54:19 ----D---- C:\Program Files\Outlook Express
2009-10-10 21:53:01 ----D---- C:\WINDOWS\ehome
2009-10-10 21:24:30 ----D---- C:\WINDOWS\system32\FxsTmp
2009-10-10 21:22:11 ----A---- C:\WINDOWS\system.ini
2009-10-10 21:20:58 ----D---- C:\WINDOWS\system32\Setup
2009-10-10 21:20:58 ----D---- C:\Program Files\Internet Explorer
2009-10-10 21:19:18 ----D---- C:\WINDOWS\system32\config
2009-10-10 21:16:02 ----D---- C:\Program Files\Fichiers communs
2009-10-10 21:11:12 ----RASH---- C:\boot.ini
2009-10-10 20:36:54 ----SHD---- C:\System Volume Information
2009-10-10 20:36:54 ----D---- C:\WINDOWS\system32\Restore
2009-10-10 20:06:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-10 19:23:15 ----AD---- C:\WINDOWS\system
2009-10-10 19:01:24 ----D---- C:\WINDOWS\security
2009-10-10 18:56:28 ----D---- C:\WINDOWS\Help
2009-10-10 18:52:39 ----D---- C:\WINDOWS\system32\inetsrv
2009-10-10 18:52:38 ----D---- C:\WINDOWS\ime
2009-10-10 18:52:30 ----D---- C:\WINDOWS\system32\usmt
2009-10-10 18:52:30 ----D---- C:\WINDOWS\system32\fr-FR
2009-10-10 18:52:29 ----D---- C:\WINDOWS\PeerNet
2009-10-10 18:52:29 ----D---- C:\Program Files\Movie Maker
2009-10-10 18:50:24 ----D---- C:\WINDOWS\system32\npp
2009-10-10 18:50:23 ----D---- C:\WINDOWS\msagent
2009-10-10 18:50:22 ----D---- C:\WINDOWS\srchasst
2009-10-10 18:50:21 ----D---- C:\Program Files\NetMeeting
2009-10-10 18:50:20 ----D---- C:\WINDOWS\system32\Com
2009-10-10 18:50:18 ----D---- C:\Program Files\Windows NT
2009-10-10 18:50:15 ----D---- C:\Program Files\Fichiers communs\System
2009-10-10 18:50:02 ----AD---- C:\WINDOWS\system32\oobe
2009-10-10 18:47:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-10 18:39:35 ----D---- C:\Program Files\Java
2009-10-10 18:32:55 ----A---- C:\WINDOWS\system32\lvcomsx .exe
2009-10-10 18:32:52 ----A---- C:\WINDOWS\system32\sysmonitor .exe
2009-10-09 18:10:58 ----D---- C:\Program Files\CEDP Stealer 6.0 for Messenger
2009-10-08 22:13:12 ----D---- C:\WINDOWS\Minidump
2009-10-07 19:42:43 ----D---- C:\Downloads
2009-10-01 21:35:36 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-25 17:16:34 ----D---- C:\Program Files\Windows Live
2009-09-25 17:15:25 ----D---- C:\WINDOWS\system32\DirectX
2009-09-14 12:27:17 ----D---- C:\Program Files\eMule
2009-09-11 22:30:18 ----D---- C:\Documents and Settings\Marlène CHERPEAU\Application Data\Real
2009-09-08 18:15:14 ----D---- C:\Program Files\Nvu
2009-09-08 18:14:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-08 18:13:34 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-30 10:16:44 ----A---- C:\WINDOWS\ModemLog_Nokia GSM Phone USB Modem.txt
2009-08-28 14:38:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-13 17:20:43 ----A---- C:\WINDOWS\system32\jscript.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 e4mnt4;e4mnt4; \??\C:\WINDOWS\system32\Drivers\e4mnt4.sys []
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-07-18 1621504]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-08-24 25544]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-06 4284928]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-05-27 19968]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-09-08 6144]
R3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 163328]
R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-10 244864]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S2 qrdgjouxevmdq;qrdgjouxevmdq; \??\C:\WINDOWS\system32\drivers\kdehlyggwpefu.sys []
S3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-04-10 103744]
S3 aqgdxbiz;aqgdxbiz; C:\WINDOWS\system32\drivers\aqgdxbiz.sys []
S3 axgwbstl;axgwbstl; C:\WINDOWS\system32\drivers\axgwbstl.sys []
S3 catchme;catchme; \??\C:\combo-fix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys []
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 pohci13F;pohci13F; \??\C:\DOCUME~1\MARLNE~1\LOCALS~1\Temp\pohci13F.sys []
S3 RimUsb;Téléphone intelligent BlackBerry ; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-03-24 49536]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-10-04 280064]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-05-11 28672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 e4mservice;E4M service; C:\WINDOWS\system32\e4mserv.exe [1999-09-16 57344]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-10 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe [2005-04-02 217600]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WSearch;Recherche Windows; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-06 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe [2007-02-27 123064]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe [2007-02-27 1204416]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-07-18 401408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Répondre à clala

clala, le 11 oct 2009 à 16:43:47

Le contenu de info:

info.txt logfile of random's system information tool 1.06 2009-10-11 16:42:00

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eDataSecurity Management 2.0.3077-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1036
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x40c -removeonly
Acer WLAN 11g USB Dongle-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{0CB98AC0-D691-4B21-AD3D-95982517021D} /l1036
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitComet 0.92-->C:\Program Files\BitComet\uninst.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
comsummer-1024x768-->MsiExec.exe /I{D27E6ABB-AF22-4618-838E-B4A3A1B02F98}
Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
E4M-->C:\WINDOWS\e4msetup.exe /u
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
GemMaster Mystic-->"C:\Program Files\GemMasterFrench\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hamachi 1.0.2.2-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Ink-->MsiExec.exe /I{9FCB2876-554D-491D-A2CD-58F8252D6C64}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Codec Pack 2.54 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Language pack for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam-->MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
Luxor 3-->C:\PROGRA~1\GAMEHO~1\LUXOR3~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\LUXOR3~1\INSTALL.LOG
Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7}
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Reaper-->"C:\Program Files\MSN Reaper\uninst.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_EA.exe
Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
OCA Client history tool install-->"C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe"
OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC}
Otto-->"C:\Program Files\FrenchOtto\uninstallotto.exe"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Package de pilotes Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Package de pilotes Windows - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre\Uninst2.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.EXE" -uninstall
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Quick Zip 3.06.3-->"C:\Program Files\QuickZip\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RamBoost XP 4.0.6-->"C:\Program Files\RamBoost XP\unins000.exe"
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Ridedit-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Ridedit\ST5UNST.LOG"
River Past Video Cleaner-->C:\WINDOWS\Video Cleaner Uninstaller.exe
RollerCoaster Tycoon® 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x40c
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SiSoftware Sandra Lite XI.SP1a (Win64/32/CE)-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\unins000.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SpotAuditor 3.7.1-->"C:\Program Files\Nsasoft\SpotAuditor\unins000.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sqirlz Morph-->C:\WINDOWS\Sqirlz Morph Uninstaller.exe
Super Mahjong-->"C:\Program Files\Super Mahjong\unins000.exe"
TI Connect(TM) 1.3-->C:\PROGRA~1\TIEDUC~1\TICONN~1\UNWISE.EXE C:\PROGRA~1\TIEDUC~1\TICONN~1\INSTALL.LOG
TxtEdit-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\MadCoder\TxtEdit\DeIsL1.isu" -c"C:\Program Files\MadCoder\TxtEdit\_ISREG32.DLL"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZix version 1.0-->"C:\Program Files\WinZix\unins000.exe"
Zylom Games Player Plugin-->"C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 091010-0] (disabled)

======System event log======

Computer Name: CLAIRE
Event Code: 7036
Message: Le service Ma-Config Service est entré dans l'état : arrêté.

Record Number: 62919
Source Name: Service Control Manager
Time Written: 20090924225935.000000+120
Event Type: Informations
User:

Computer Name: CLAIRE
Event Code: 7035
Message: Un contrôle Arrêter a correctement été envoyé au service Ma-Config Service.

Record Number: 62918
Source Name: Service Control Manager
Time Written: 20090924225935.000000+120
Event Type: Informations
User: CLAIRE\Marlène CHERPEAU

Computer Name: CLAIRE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service cpuz132.

Record Number: 62917
Source Name: Service Control Manager
Time Written: 20090924225929.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: CLAIRE
Event Code: 7036
Message: Le service Ma-Config Service est entré dans l'état : en cours d'exécution.

Record Number: 62916
Source Name: Service Control Manager
Time Written: 20090924225928.000000+120
Event Type: Informations
User:

Computer Name: CLAIRE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Ma-Config Service.

Record Number: 62915
Source Name: Service Control Manager
Time Written: 20090924225928.000000+120
Event Type: Informations
User: CLAIRE\Marlène CHERPEAU

=====Application event log=====

Computer Name: CLAIRE
Event Code: 11707
Message: Produit : Windows Live Communications Platform -- L'installation s'est terminée correctement.

Record Number: 9129
Source Name: MsiInstaller
Time Written: 20090320174908.000000+060
Event Type: Informations
User: CLAIRE\Marlène CHERPEAU

Computer Name: CLAIRE
Event Code: 11707
Message: Product: MSVCRT -- Installation completed successfully.

Record Number: 9128
Source Name: MsiInstaller
Time Written: 20090320174902.000000+060
Event Type: Informations
User: CLAIRE\Marlène CHERPEAU

Computer Name: CLAIRE
Event Code: 11707
Message: Product: Microsoft Application Error Reporting -- Installation completed successfully.

Record Number: 9127
Source Name: MsiInstaller
Time Written: 20090320174856.000000+060
Event Type: Informations
User: CLAIRE\Marlène CHERPEAU

Computer Name: CLAIRE
Event Code: 11728
Message: Produit : Windows Live Messenger -- La configuration s'est terminée correctement.

Record Number: 9126
Source Name: MsiInstaller
Time Written: 20090320174450.000000+060
Event Type: Informations
User: CLAIRE\Marlène CHERPEAU

Computer Name: CLAIRE
Event Code: 10005
Message: Produit : Windows Live Mail -- Windows Installer a rencontré une erreur inattendue lors de l'installation de ce package. Il s'agit peut-être d'un problème lié au package. Le code d'erreur est 2762. Les arguments sont : , ,

Record Number: 9125
Source Name: MsiInstaller
Time Written: 20090320174447.000000+060
Event Type: erreur
User: CLAIRE\Marlène CHERPEAU

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared;C:\Program Files\Fichiers communs\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Répondre à clala

nathandre, le 11 oct 2009 à 16:50:24

O4 - HKCU\..\Run: [wesspell] C:\WINDOWS\system32\qazbrnn.exe
O4 - HKCU\..\Run: [zmmclr] C:\WINDOWS\system32\ncmdds.exe
O4 - HKCU\..\Run: [mqlwindl] C:\WINDOWS\system32\lsprcxs.exe
bizarres

Télécharge malwarebytes' anti-malware
http://www.commentcamarche.net/telecharger/telecharger-34055379-malwarebytes
Enregistre le sur le bureau
Double-clique sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation
Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
Il va se mettre à jour une fois faite
Va dans l'onglet recherche
Sélectionne exécuter un examen complet
Clique sur rechercher
Le scan démarre
A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
Clique sur afficher les résultats pour afficher les objets trouvés
Clique sur OK pour pousuivre
Si des malwares ont été détectés, cliquer sur afficher les résultats
Sélectionne tout (ou laisser coché)
Clique sur supprimer la sélection
Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
copie dans la quarantaine
Malewarebytes va ouvrir le bloc-note et y copier le rapport
Redémarre le PC
Une fois redémarré, double-clique sur Malewarebytes
Va dans l'onglet rapport/log
Clique dessus pour l'afficher une fois affiché, cliquer sur édition en haut du
bloc-note puis sur sélectionner tout
Revient sur édition, puis sur copier et revient sur le forum et dans ta réponse
Clic droit dans le cadre de la réponse et coller

Répondre à nathandre

Lyonnais92, le 11 oct 2009 à 18:56:06

Re,

O4 - HKCU\..\Run: [wesspell] C:\WINDOWS\system32\qazbrnn.exe
O4 - HKCU\..\Run: [zmmclr] C:\WINDOWS\system32\ncmdds.exe
O4 - HKCU\..\Run: [mqlwindl] C:\WINDOWS\system32\lsprcxs.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"wesspell"="c:\windows\system32\qazbrnn.exe" [2009-10-10 30720]
"zmmclr"="c:\windows\system32\ncmdds.exe" [2009-10-10 30720]
"mqlwindl"="c:\windows\system32\lsprcxs.exe" [2009-10-10 30720]

==

bizarres

http://www.google.fr/...

http://www.google.fr/...

http://www.google.fr/... @+
Avez vous une sauvegarde de vos données personnelles ?
Même si Windows ne démarre plus, nous savons encore les sauver. Ne formatez pas !

Répondre à Lyonnais92

clala, le 11 oct 2009 à 19:05:34

Voici le rapport, désolée d'avoir été aussi longue mais le rapport l'a été!

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2941
Windows 5.1.2600 Service Pack 3

11/10/2009 18:58:19
mbam-log-2009-10-11 (18-58-19).txt

Type de recherche: Examen complet (C:\|D:\|M:\|)
Eléments examinés: 278712
Temps écoulé: 1 hour(s), 53 minute(s), 57 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 90

Processus mémoire infecté(s):
C:\Acer\Empowering Technology\eRecovery\eragent.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{909e1560-d810-11d0-8b18-00aa00cf90f9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{41ca7d4d-ae77-4b13-9459-e9ab7efecaad} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{10954590-2b3a-41ec-97bb-c95a5e646da9} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\WinZixManager (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\WinZixManager (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-zix (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\winzix (Trojan.Swizzor) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\erecoveryservice (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wesspell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zmmclr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqlwindl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntimui.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntimui (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acer empowering technology monitor (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\edatasecurity loader (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcomsx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\logitechvideorepair (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\logitechvideotray (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\WinZix (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinZix (Trojan.Swizzor) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Acer\Empowering Technology\eRecovery\eragent.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qazbrnn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncmdds.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsprcxs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntimui.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysMonitor.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvcomsx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Logitech\Video\isstart.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Logitech\Video\logitray.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Acer\Empowering Technology\eDataSecurity\edsloader .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Acer\Empowering Technology\eRecovery\alcmtr .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Acer\Empowering Technology\eRecovery\alcmtr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Acer\Empowering Technology\eRecovery\rthdcpl .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Acer\Empowering Technology\eRecovery\rthdcpl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Acer\Empowering Technology\eRecovery\skytel .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Acer\Empowering Technology\eRecovery\skytel.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\alcmtr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\reader_s .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\rthdcpl .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\rthdcpl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\skytel .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\skytel.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\Menu Démarrer\Programmes\Démarrage\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Downloads\Slysoft CloneDVD2 2.9.1.2 + keygen\KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\acrotray .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\acrotray.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\ntuser.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-2478505781-7020578900-670750353-3689\wnzip32.exe.vir (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\hldrrr .exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP1\A0000030.exe (Worm.Pushbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP1\A0000031.exe (Worm.Pushbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP1\A0000033.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP1\A0000034.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP1\A0000039.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP1\A0000077.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP1\A0000079.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP1\A0000126.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP1\A0000516.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP1\A0000521.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP1\A0000524.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP1\A0000528.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001570.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001572.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001575.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001577.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001579.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001581.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001583.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001586.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001588.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001589.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001590.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001617.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP4\A0001618.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsprcxs .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsprcxs.exe68 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsprcxs.exe69 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsprcxs.exe71 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsprcxs.exe75 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvcomsx .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncmdds .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncmdds.exe65 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncmdds.exe67 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncmdds.exe69 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncmdds.exe74 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysmonitor .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfsp.cfo (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qazbrnn .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qazbrnn.exe64 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qazbrnn.exe68 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qazbrnn.exe72 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WinZix\Flexi.skf (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\WinZix\SkinCrafterDll.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\WinZix\unins000.dat (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\WinZix\unins000.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinZix\Uninstall WinZix.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\Local Settings\Temp\ctv1254.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\Local Settings\Temp\ctv1265.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\Local Settings\Temp\ctv2186.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\Local Settings\Temp\ctv3106.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\Local Settings\Temp\ctv4282.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\Local Settings\Temp\ctv5203.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\Local Settings\Temp\ctv6124.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\Local Settings\Temp\ctv7045.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\Local Settings\Temp\ctv7980.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marlène CHERPEAU\Local Settings\Temp\ctv8931.exe (Trojan.Dropper) -> Delete on reboot.

Et maintenant j'en conclu quoi ? Merci de m'aider autant!

Répondre à clala

nathandre, le 11 oct 2009 à 21:17:44

Va dans l'onglet quarantaine de Malwarebytes, et clique sur tout supprimer

Ensuite, tu me refait un RSIT

Répondre à nathandre

Posez votre question Répondre