Re !

J'ai pas de fichier UsbFix.txt .Par contre j'ai un fichier zip avec UsbFix.txt dedans mais aussi herss, nds0q et autres. Je le dézippe ou je envoie le zip comme demandé dans Usbfix.exe ? Je te demande ça car ça craint pas de dézipper herss, nds0q et autres.

Merci de ton aide !

J'avais cherché dans C, pas dans D ! Je l'ai bien (de toute façon après avoir réfléchi un peu ... j'ai dézippé que le fichier voulu !).

Qu'est-ce que je fait du zip ? Usbfix.exe dit de l'envoyer, je le fais ?

Je viens de rééssayer d'afficher les fichiers cachés (un des pbs créés) : ça marche ! Tu crois que le pb est résolu ?

Je te poste le rapport :


############################## | UsbFix V6.043 |

User : olivier (Administrateurs) # SN115895780316
Update on 21/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 16:12:50 | 22/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1351 [VPS 091021-0] 4.8.1351 [ Enabled | Updated ]
FW : ZoneAlarm Firewall[ Enabled ]8.0.298.000

C:\ -> Disque fixe local # 29,99 Go (12,56 Go free) [HDD] # NTFS
D:\ -> Disque fixe local # 202,89 Go (60,22 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM # 681,91 Mo (0 Mo free) [CDA_Default-Expr] # CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM
L:\ -> Disque amovible # 243,24 Mo (169,25 Mo free) # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! D:\DOCUME~1\olivier\LOCALS~1\Temp\cvasds0.dll
Supprimé ! D:\DOCUME~1\olivier\LOCALS~1\Temp\herss.exe
C:\autorun.inf -> fichier appelé : "C:\nds0q.exe" ( Absent ! )
Supprimé ! C:\autorun.inf
D:\autorun.inf -> fichier appelé : "D:\nds0q.exe" ( Présent ! )
Supprimé ! D:\nds0q.exe
Supprimé ! D:\autorun.inf
Non supprimé ! E:\autorun.inf
L:\autorun.inf -> fichier appelé : "L:\nds0q.exe" ( Présent ! )
Supprimé ! L:\nds0q.exe
Supprimé ! L:\autorun.inf

################## | Registre # Clés Run infectieuses |

Supprimé ! [HKLM\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoClose"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFileMenu"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{0ea28383-fffa-11db-94e1-00038a000015}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9aa1fb8a-fff6-11db-94e0-806d6172696f}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9aa1fb8b-fff6-11db-94e0-806d6172696f}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9aa1fb8c-fff6-11db-94e0-806d6172696f}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[22/10/2009 16:12|--a------|1788] C:\aaw7boot.log
[11/05/2007 21:19|-rahs----|215] C:\BOOT.BAK
[22/10/2009 15:22|-rahs----|296] C:\BOOT.INI
[05/08/2004 14:00|-rahs----|4952] C:\Bootfont.bin
[05/08/2004 14:00|-rahs----|263488] C:\cmldr
[19/12/2007 20:43|--a------|74] C:\CMLoader.log
[11/05/2007 21:03|--a------|6397] C:\DWNLOG.TXT
[11/05/2007 21:20|-rahs----|0] C:\IO.SYS
[11/05/2007 21:22|--ah-----|848] C:\IPH.PH
[11/05/2007 21:03|--a------|6397] C:\MCDLOG.TXT
[11/05/2007 21:20|-rahs----|0] C:\MSDOS.SYS
[05/08/2004 14:00|--a------|47564] C:\NTDETECT.COM
[06/09/2008 16:12|--a------|252240] C:\NTLDR
[?|?|?] C:\pagefile.sys
[04/04/2006 09:08|--a------|1196] C:\SAUDIT.TXT
[22/02/2009 13:21|--a------|40] C:\SYSTEM.VER
[11/05/2007 21:03|--a------|0] C:\UPDFLOP.TAG
[22/02/2009 13:21|--a------|11032] C:\YP-U3.LOG
[22/10/2009 16:15|--a------|4743] D:\UsbFix.txt
[04/01/2006 10:12|-r-------|77824] E:\HPZIDS01.dll
[04/02/2006 10:42|-r-------|233472] E:\HPZidi01.dll
[04/02/2006 10:43|-r-------|990] E:\HPZprl01.dat
[04/02/2006 10:43|-r-------|417792] E:\Setup.exe
[10/08/2006 17:40|-r-------|332343] E:\autorun.inf
[03/04/2006 12:32|-r-------|33670] E:\config.xml
[04/02/2006 10:43|-r-------|17248] E:\crcfiles.txt
[04/02/2006 10:44|-r-------|6360] E:\crcvalues.txt
[04/12/2003 00:53|-r-------|65] E:\dxprl.dat
[29/10/2005 10:04|-r-------|1645320] E:\gdiplus.dll
[02/05/2006 02:27|-r-------|9097687] E:\hpaioa.cab
[05/05/2006 05:03|-r-------|170679] E:\hpaioa.cat
[27/04/2006 05:57|-r-------|57596] E:\hpaioa.inf
[11/10/2005 10:22|-r-------|45413] E:\hpoapd01.dat
[13/04/2006 03:07|-r-------|3753] E:\hpoglu09.inf
[13/04/2006 03:07|-r-------|2566] E:\hpohub09.inf
[06/05/2006 02:21|-r-------|11634] E:\hpomdl11.dat
[13/04/2006 03:08|-r-------|1496] E:\hpoprl01.dat
[13/04/2006 03:08|-r-------|3834] E:\hpoprl02.dat
[13/04/2006 03:08|-r-------|1098] E:\hpoprl03.dat
[13/04/2006 03:08|-r-------|47340] E:\hpoprl04.dat
[13/04/2006 03:08|-r-------|855] E:\hpoprl05.dat
[13/04/2006 03:08|-r-------|366] E:\hpoprl06.dat
[06/05/2006 02:20|-r-------|853] E:\hpoprl07.dat
[06/05/2006 02:21|-r-------|1340] E:\hpoprl08.dat
[06/05/2006 02:21|-r-------|275] E:\hpoprl09.dat
[06/05/2006 02:21|-r-------|2614] E:\hpoprl10.dat
[05/05/2006 05:03|-r-------|91350] E:\hposcu09.cat
[13/04/2006 03:02|-r-------|90212] E:\hposcu09.inf
[16/03/2006 18:17|-r-------|8829] E:\hpose050.dat
[16/03/2006 18:17|-r-------|8864] E:\hpose060.dat
[03/04/2006 10:32|-r-------|9630] E:\hpose080.dat
[16/03/2006 18:17|-r-------|8829] E:\hposf050.dat
[16/03/2006 18:17|-r-------|9495] E:\hposf060.dat
[27/03/2006 13:32|-r-------|10012] E:\hposf070.dat
[13/04/2006 03:07|-r-------|4643] E:\hpound09.inf
[05/05/2006 05:03|-r-------|88704] E:\hpounp09.cat
[13/04/2006 03:07|-r-------|4334] E:\hpounp09.inf
[13/04/2006 03:07|-r-------|3176] E:\hpousb09.inf
[13/04/2006 03:02|-r-------|35495] E:\hpousc09.inf
[22/03/2006 04:29|-r-------|21235] E:\hpowrg01.ini
[19/02/2006 18:31|-r-------|288281] E:\hpqbid01.dat
[19/02/2006 18:31|-r-------|288405] E:\hpqbid04.dat
[19/02/2006 18:31|-r-------|288281] E:\hpqbid05.dat
[19/02/2006 18:31|-r-------|288335] E:\hpqbid06.dat
[19/02/2006 18:31|-r-------|288305] E:\hpqbid07.dat
[19/02/2006 18:31|-r-------|288290] E:\hpqbid08.dat
[19/02/2006 18:31|-r-------|288388] E:\hpqbid09.dat
[19/02/2006 18:31|-r-------|288310] E:\hpqbid10.dat
[19/02/2006 18:31|-r-------|288262] E:\hpqbid11.dat
[19/02/2006 18:31|-r-------|801] E:\hpqbpl01.dat
[19/02/2006 18:31|-r-------|771] E:\hpqbpl04.dat
[19/02/2006 18:31|-r-------|717] E:\hpqbpl05.dat
[19/02/2006 18:31|-r-------|788] E:\hpqbpl06.dat
[19/02/2006 18:31|-r-------|744] E:\hpqbpl08.dat
[19/02/2006 18:31|-r-------|731] E:\hpqbpl09.dat
[19/02/2006 18:31|-r-------|670] E:\hpqbpl11.dat
[13/04/2006 03:08|-r-------|7107] E:\hpqish09.inf
[06/10/2005 23:26|-r-------|969] E:\hpqphbck.dat
[13/04/2006 03:04|-r-------|282624] E:\hpzc3212.dll
[15/02/2006 18:01|-r-------|278528] E:\hpzglu14.exe
[05/05/2006 05:03|-r-------|89145] E:\hpzid412.cat
[13/04/2006 03:04|-r-------|54641] E:\hpzid412.inf
[05/05/2006 05:03|-r-------|89145] E:\hpzid413.cat
[13/04/2006 03:04|-r-------|64564] E:\hpzid413.inf
[05/05/2006 05:03|-r-------|89145] E:\hpzid414.cat
[13/04/2006 03:04|-r-------|31872] E:\hpzid414.inf
[13/04/2006 03:04|-r-------|96478] E:\hpzipa12.cat
[13/04/2006 03:04|-r-------|28346] E:\hpzipa12.inf
[13/04/2006 03:04|-r-------|96478] E:\hpzipa13.cat
[13/04/2006 03:04|-r-------|112796] E:\hpzipa13.inf
[05/05/2006 05:03|-r-------|89145] E:\hpzipr12.cat
[13/04/2006 03:04|-r-------|12850] E:\hpzipr12.inf
[05/05/2006 05:03|-r-------|89145] E:\hpzipr13.cat
[13/04/2006 03:04|-r-------|21164] E:\hpzipr13.inf
[05/05/2006 05:03|-r-------|89145] E:\hpzist12.cat
[13/04/2006 03:04|-r-------|5583] E:\hpzist12.inf
[05/05/2006 05:03|-r-------|89145] E:\hpzist13.cat
[13/04/2006 03:04|-r-------|8038] E:\hpzist13.inf
[13/04/2006 03:04|-r-------|79734] E:\hpzius12.cat
[13/04/2006 03:04|-r-------|18468] E:\hpzius12.inf
[05/05/2006 05:03|-r-------|90027] E:\hpzius13.cat
[13/04/2006 03:04|-r-------|136650] E:\hpzius13.inf
[15/02/2006 18:01|-r-------|28722] E:\hpzjlog.dll
[15/02/2006 18:01|-r-------|442425] E:\hpzjpp01.dll
[15/02/2006 18:01|-r-------|290873] E:\hpzjut01.dll
[15/02/2006 18:01|-r-------|49212] E:\hpzjvp01.dll
[13/04/2006 03:04|-r-------|96037] E:\hpzpd412.cat
[13/04/2006 03:04|-r-------|4768] E:\hpzpd412.inf
[15/02/2006 18:01|-r-------|208896] E:\hpzpnp14.dll
[23/08/2005 03:56|-r-------|1102] E:\hpzprl02.dat
[24/11/2005 09:58|-r-------|2127] E:\hpzprl03.dat
[15/02/2006 18:01|-r-------|204800] E:\hpzscr14.dll
[04/02/2006 10:44|-r-------|749568] E:\hpzsetup.exe
[13/04/2006 03:04|-r-------|18560] E:\hpzuci12.dll
[12/03/2004 20:50|-r-------|1479] E:\license.txt
[15/02/2006 18:01|-r-------|70656] E:\msvcirt.dll
[15/02/2006 18:01|-r-------|254005] E:\msvcrt.dll
[13/04/2006 03:08|-r-------|302967] E:\p3i2arww.cab
[13/04/2006 03:08|-r-------|302845] E:\p3i2caww.cab
[13/04/2006 03:08|-r-------|303849] E:\p3i2csww.cab
[13/04/2006 03:08|-r-------|302695] E:\p3i2daww.cab
[13/04/2006 03:08|-r-------|303569] E:\p3i2deww.cab
[13/04/2006 03:08|-r-------|303541] E:\p3i2elww.cab
[13/04/2006 03:08|-r-------|303435] E:\p3i2enww.cab
[13/04/2006 03:08|-r-------|302845] E:\p3i2esww.cab
[13/04/2006 03:08|-r-------|302867] E:\p3i2fiww.cab
[13/04/2006 03:08|-r-------|304585] E:\p3i2frww.cab
[13/04/2006 03:08|-r-------|302621] E:\p3i2heww.cab
[13/04/2006 03:08|-r-------|303953] E:\p3i2huww.cab
[13/04/2006 03:08|-r-------|304303] E:\p3i2itww.cab
[13/04/2006 03:08|-r-------|302781] E:\p3i2jaww.cab
[13/04/2006 03:08|-r-------|301793] E:\p3i2koww.cab
[13/04/2006 03:08|-r-------|303635] E:\p3i2nlww.cab
[13/04/2006 03:08|-r-------|302909] E:\p3i2noww.cab
[13/04/2006 03:08|-r-------|304057] E:\p3i2plww.cab
[13/04/2006 03:08|-r-------|304097] E:\p3i2ptww.cab
[13/04/2006 03:08|-r-------|303187] E:\p3i2ruww.cab
[13/04/2006 03:08|-r-------|303435] E:\p3i2skww.cab
[13/04/2006 03:08|-r-------|302733] E:\p3i2svww.cab
[13/04/2006 03:08|-r-------|303435] E:\p3i2thww.cab
[13/04/2006 03:08|-r-------|303549] E:\p3i2trww.cab
[13/04/2006 03:08|-r-------|302159] E:\p3i2zhcn.cab
[13/04/2006 03:08|-r-------|300553] E:\p3i2zhtw.cab
[15/02/2006 18:01|-r-------|458752] E:\tls704d.dll
[23/08/2005 03:58|-r-------|245408] E:\unicows.dll
[21/06/2003 01:23|-r-------|26768] E:\usbhub.sys
[15/02/2006 18:01|-r-------|12288] E:\usbmon.dll
[15/02/2006 18:01|-r-------|22608] E:\usbprint.sys
[23/08/2005 03:58|-r-------|65536] E:\xmlparse.dll
[23/08/2005 03:58|-r-------|66048] E:\xmltok.dll
[11/07/2008 18:11|--a------|2919360] L:\ccsetup209.exe
[18/06/2009 15:21|--a------|2088] L:\droite d'Euler.ggb
[18/06/2009 15:34|--a------|65475] L:\lievre et tortue.xlsx
[29/06/2009 13:23|--a------|15640338] L:\GeoGebra_3_2_0_0.exe

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# L:\autorun.inf -> Folder created by UsbFix.

################## | Suspect | http://www.virustotal.com |


################## | Cracks / Keygens / Serials |

"D:\Documents and Settings\olivier\Mes documents\fichiers extraits\Grand_Theft_Auto_IV_Crack_Only-Razor1911\rzr-gta4-crack\GTAIV.exe"
07/12/2008 17:41 |Size 13411688 |Crc32 be148d03 |Md5 9fa1c2a3f2932d46538bc14e715cfccc

"D:\Documents and Settings\olivier\Mes documents\fichiers extraits\Grand_Theft_Auto_IV_Crack_Only-Razor1911\rzr-gta4-crack\LaunchGTAIV.exe"
07/12/2008 17:41 |Size 73728 |Crc32 83eb9232 |Md5 25ea124fc3e2b578c48900633d00a0bd

"D:\Programmes\KSPS\CRACK\KellySlatersProSurferv1.0NoCDFixedexeEng\ksps.exe"
11/11/2003 22:03 |Size 2805760 |Crc32 a3085f12 |Md5 c3134678ce32687d8844fbef0b5d73e6

"D:\Programmes\KSPS\CRACK\v 1.0 no cd patch\CrackNocdStart.exe"
09/11/2003 07:42 |Size 749 |Crc32 b0700a7f |Md5 7289d3d4b0addc46ed4d73e7c409bb06

"D:\Programmes\KSPS\CRACK\v 1.0 no cd patch\Game\CrackNocdKSps.exe"
09/11/2003 07:42 |Size 768 |Crc32 639caad7 |Md5 8656d130c01f86f6b7ece9992423b0b9


################## | Upload |

Veuillez envoyer le fichier : D:\DOCUME~1\olivier\Bureau\UsbFix_Upload_Me_SN115895780316.zip : http://forum-aide-contre-virus.be/usbfix/choix_fichier.php
Merci pour votre contribution .


Et encore merci pour ton aide si efficace.

Tu penses que j'ai attrapé ce truc par ma clé ? je te demande car la dernière fois que je l'ai utilisée avant de la brancher sur mon ordi (et que les pbs commencent ...), c'est au boulot : tu crois qu'il faut nettoyer l'ordi du bureau pour pas que ça contamine à nouveau ma clé ou celles d'autres personnes ?



Voici le log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by olivier at 2009-10-22 16:34:34
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 13 GB (42%) free of 31 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:44, on 22/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\olivier\Bureau\RSIT.exe
C:\HijackThis\olivier.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.aix-mrs.iufm.fr
O16 - DPF: {275D2217-FFE8-46B5-8FD2-B18CA0B7EE36} (Seagate SeaTools Online French) - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 7338 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{1C69707B-AB9A-4C69-9AD2-66C3622EAC78}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-29 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-29 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 172544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
c:\apps\ABoard\ABoard.exe [2003-05-02 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2009-01-14 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CatalystRegistration]
C:\Program Files\ATI\CatalystRegistration\dolce.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailChecker]
C:\APPS\EmailChecker\ech.exe [2003-07-02 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe [2007-01-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpAgent]
OpAgent.exe /agent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c:\apps\Powercinema\PCMService.exe [2005-11-16 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
C:\APPS\SMP\SmpSys.exe [2005-11-17 975360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-02-23 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-10-24 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-29 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2007-05-11 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe [2004-10-04 310272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windl]
C:\WINDOWS\Windl\mirc.exe [2006-11-23 2076672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -systray -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"EditLevel"=0
"NoCommonGroups"=0
"NoDriveAutoRun"=128
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AOL 9.0\aol.exe"="C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\APPS\Inventime\my.exe"="C:\APPS\Inventime\my.exe:*:Disabled:INVENTIME"
"C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:PANDORA"
"C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Disabled:SPLINTER CELL PANDORA"
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"="C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\Programmes\GTA4\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Programmes\GTA4\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9aa1fb8c-fff6-11db-94e0-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2009-10-22 16:34:34 ----D---- C:\rsit
2009-10-22 16:15:32 ----RASHD---- C:\autorun.inf
2009-10-22 15:56:41 ----D---- C:\UsbFix
2009-10-22 13:48:42 ----D---- D:\Documents and Settings\olivier\Application Data\Malwarebytes
2009-10-22 13:48:33 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-22 13:48:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-22 13:21:18 ----D---- C:\Program Files\Sophos
2009-10-22 12:32:33 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-21 21:55:11 ----D---- D:\Documents and Settings\olivier\Application Data\Windows Search
2009-10-21 21:54:29 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-10-14 11:27:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 11:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 11:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 11:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 11:25:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 11:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 11:23:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 11:23:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 11:22:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-12 21:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

======List of files/folders modified in the last 1 months======

2009-10-22 16:34:44 ----D---- C:\WINDOWS\Prefetch
2009-10-22 16:34:36 ----D---- C:\HijackThis
2009-10-22 16:15:51 ----D---- C:\WINDOWS\Temp
2009-10-22 16:15:25 ----SHD---- C:\RECYCLER
2009-10-22 16:15:21 ----D---- C:\WINDOWS
2009-10-22 16:14:01 ----D---- C:\WINDOWS\Internet Logs
2009-10-22 16:11:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-22 16:11:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-22 15:22:05 ----RASH---- C:\BOOT.INI
2009-10-22 15:22:05 ----A---- C:\WINDOWS\win.ini
2009-10-22 15:22:05 ----A---- C:\WINDOWS\system.ini
2009-10-22 13:53:54 ----AD---- C:\WINDOWS\system32
2009-10-22 13:48:34 ----D---- C:\WINDOWS\system32\drivers
2009-10-22 13:48:32 ----RD---- C:\Program Files
2009-10-22 13:14:29 ----D---- C:\WINDOWS\Minidump
2009-10-22 07:19:52 ----D---- C:\WINDOWS\BDOSCAN8
2009-10-21 22:07:24 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-21 22:07:20 ----D---- C:\WINDOWS\Debug
2009-10-21 21:21:19 ----D---- C:\WINDOWS\Windl
2009-10-18 19:21:19 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-18 12:59:41 ----D---- D:\Documents and Settings\olivier\Application Data\OpenOffice.org2
2009-10-17 10:30:35 ----D---- C:\WINDOWS\network diagnostic
2009-10-17 10:29:49 ----A---- C:\WINDOWS\PR1V2.INI
2009-10-14 15:16:25 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 15:16:20 ----RSD---- C:\WINDOWS\assembly
2009-10-14 15:07:50 ----HD---- C:\Config.Msi
2009-10-14 15:07:50 ----D---- C:\Program Files\Internet Explorer
2009-10-14 11:29:56 ----SHD---- C:\WINDOWS\Installer
2009-10-14 11:29:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-14 11:29:24 ----D---- C:\WINDOWS\WinSxS
2009-10-14 11:27:35 ----HD---- C:\WINDOWS\inf
2009-10-14 11:27:33 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-10-14 11:27:20 ----D---- C:\WINDOWS\ie8updates
2009-10-14 11:27:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-14 11:25:12 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-12 21:09:53 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-03 11:31:46 ----D---- C:\WINDOWS\Help
2009-10-02 20:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-27 16:25:44 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-17 5632]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-12-02 70912]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 799744]
S3 aaxqsoot;aaxqsoot; C:\WINDOWS\system32\drivers\aaxqsoot.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\2.tmp []
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-14 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe [2005-11-16 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); c:\apps\Powercinema\Kernel\TV\CLSched.exe [2005-11-16 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe [2005-11-16 61440]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-29 152984]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-27 1028432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Merci !

Ok c'est fait !

Pour l'ordi du bureau, étant en réseau, tu crois qu'il faut le faire sur chacun des ordi ?

Encore un grand merci pour ton aide. Je vois que ce forum est toujours aussi efficace ! j'étais venu il y a qqs années et regis59 m'avait bien aidé, maintenant c'est toi ! merci !



Voici le rapport :

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

D:\UsbFix.txt: trouvé !
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
D:\Documents and Settings\olivier\Bureau\UsbFix.exe: trouvé !
D:\Documents and Settings\olivier\Bureau\Rsit.exe: trouvé !
D:\Documents and Settings\olivier\Recent\HijackThis.lnk: trouvé !
D:\Documents and Settings\olivier\Recent\UsbFix.lnk: trouvé !

---------------------------------
--> Suppression:

D:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
D:\Documents and Settings\olivier\Recent\HijackThis.lnk: supprimé !
D:\UsbFix.txt: supprimé !
D:\Documents and Settings\olivier\Bureau\UsbFix.exe: supprimé !
D:\Documents and Settings\olivier\Bureau\Rsit.exe: supprimé !
D:\Documents and Settings\olivier\Recent\UsbFix.lnk: supprimé !
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !

Bonjour,
Je rencontre le même problème que cms : avast a détecté un virus "nds0q.exe" et en suivant les conseils que vous avez donné à cms, j'ai réussi à assainir plusieurs répertoires infectés. Cependant le virus revient dès que j'ouvre mes fichiers cryptés par "TrueCrypt" : la méthode semble ne pas nettoyer les fichiers cryptés. Peut-on empécher le logiciel "UsbFix" de redémarrer l'ordi afin que les volumes cryptés puissent être nettoyés ?
Merci de bien vouloir m'aider.