Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Pb trojan-gen rootkit-gen

Dernière réponse le 18 oct 2008 à 11:30:07 guidu02, le 13 oct 2008 à 12:35:31

Signaler ce message aux modérateurs

Bonjour à tous jai un petit probléme de virus que avast ma trouver mais qu'il n'arrive pas a supprimé si quelqu'un pouver m'aider sa serai sympa SVP

Configuration: Windows XP
Internet Explorer 6.0

Meilleures réponses pour « pb trojan gen rootkit gen » dans :

Win32:Trojan-gen. {UPX!} récurrent (Résolu) Voir

Probleme avec win32: trojan-gen (Résolu) Voir

Supprimer trojan-gen ? (Résolu) Voir

Virus : win32:trojan-gen (Résolu) Voir

Win32:trojan-gen. {VB} /{other} (Résolu) Voir

Comment supprimer virus Win32:Trojan-gen ? Voir

Posez votre question Répondre

sKe69, le 13 oct 2008 à 12:36:50

Salut,

commences par ceci :

1- Télécharges et installes le logiciel HijackThis :

ici ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici http://www.clubic.com/lancer-le-telechargement-51452-0-hijackthis.html

-->Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne lance pas ce prg pour l'instant et fais la suite ... )

2- Télécharges Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et fermes toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* cliques ensuite sur " Continue " pour lancer l'analyse ...

-> laisses faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Postes le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit ) Rien ne sert de courir .... Non, ça sert à rien ... ---sKe---
"Baby, I'm going on an airplane, And I don't know if I'll be back again."
IMPORTANT : ne vous croyez pas tiré d'affaire
tant qu'on ne vous l'a pas dit !

Répondre à sKe69

guidu02, le 13 oct 2008 à 12:52:30

Ok je vais faire tous sa

Répondre à guidu02

guidu02, le 13 oct 2008 à 12:59:49

Log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Guillaume at 2008-10-13 12:54:06
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 64 GB (84%) free of 76 GB
Total RAM: 446 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:15, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lphcrbgj0eg21.exe
C:\Documents and Settings\Guillaume\Local Settings\Temp\.tt16.tmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Guillaume\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Guillaume.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ASocksrv] SocksA.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [inrhcvbgj0eg21] C:\Documents and Settings\Guillaume\Local Settings\Temp\.tt16.tmp.exe /CR=BF41E8B2D96ED8F141145E40F597DD53A6569C7CDB03D8876D4B17AA6F8A1505DD47D1F719A77367B60955F0B50CD0874AFA9C7D58545EF300D06A4C543D566C53B71CF393E0C6C9D118F11A8ABE5FFB82A861672081C3
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: fbhqrard - fbhqrard.dll (file missing)
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
End of file - 7518 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Rappel d'enregistrement 1.job
C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-10 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-10-07 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-10-07 2436160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-10 15473664]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-15 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-15 688218]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2005-05-19 188416]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2005-12-08 352256]
"Tvs"=C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-03 266240]
"NDSTray.exe"=NDSTray.exe []
"SmoothView"=C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2005-05-17 118784]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-08-30 1077328]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"ASocksrv"=SocksA.exe []
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-10 185872]
"rs32net"=C:\WINDOWS\System32\rs32net.exe [2008-10-11 23040]
"inrhcvbgj0eg21"=C:\Documents and Settings\Guillaume\Local Settings\Temp\.tt16.tmp [2008-10-11 1641505]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-11 65536]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-10-07 171448]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fbhqrard]
fbhqrard.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0bixx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0ovxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ucxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3nuxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4cjxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4ltxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5wfxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6krxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8jrxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0bixx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0ovxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati1ucxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3nuxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4cjxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4ltxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati5wfxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6krxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati8jrxx.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=1
"NoDispScrSavPage"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{370c2181-945e-11dd-b936-0016e30a6b69}]
shell\Auto\command - E:\tel.xls.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

======List of files/folders created in the last 2 months======

2008-10-13 12:54:06 ----D---- C:\rsit
2008-10-13 12:47:01 ----D---- C:\Program Files\Trend Micro
2008-10-13 11:57:24 ----N---- C:\WINDOWS\system32\trz39.tmp
2008-10-13 11:57:16 ----N---- C:\WINDOWS\system32\trz38.tmp
2008-10-12 14:10:39 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-12 03:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-12 03:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-12 03:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-12 03:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-12 03:17:11 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-10-12 03:17:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-10-12 03:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-12 03:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-12 03:16:23 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-12 03:09:30 ----SHD---- C:\Config.Msi
2008-10-12 03:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-12 03:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-12 03:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-12 03:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-10-12 03:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-12 03:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-12 03:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-12 03:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-12 03:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-12 03:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-12 03:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-12 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-10-12 01:53:37 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-12 00:00:32 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-12 00:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-11 23:02:47 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-11 23:02:47 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-11 23:02:46 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-11 05:18:01 ----A---- C:\WINDOWS\system32\rs32net.exe
2008-10-10 07:39:34 ----D---- C:\Program Files\Fichiers communs\xing shared
2008-10-10 07:39:23 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-10-10 07:39:13 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-10-10 07:39:13 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-10-10 07:39:11 ----D---- C:\Program Files\Real
2008-10-10 07:39:10 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-10-10 07:39:07 ----D---- C:\Program Files\Fichiers communs\Real
2008-10-10 07:39:06 ----D---- C:\Documents and Settings\Guillaume\Application Data\Real
2008-10-10 07:38:02 ----D---- C:\Documents and Settings\Guillaume\Application Data\Mozilla
2008-10-10 07:38:00 ----D---- C:\Program Files\Mozilla Firefox
2008-10-09 19:46:41 ----D---- C:\Documents and Settings\Guillaume\Application Data\Media Player Classic
2008-10-09 19:19:42 ----D---- C:\Documents and Settings\Guillaume\Application Data\InterVideo
2008-10-09 13:45:11 ----HD---- C:\WINDOWS\PIF
2008-10-07 15:09:05 ----D---- C:\Documents and Settings\Guillaume\Application Data\Google
2008-10-07 15:08:49 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-07 15:08:44 ----D---- C:\Program Files\Google
2008-10-07 13:40:03 ----ASH---- C:\Documents and Settings\Guillaume\Application Data\desktop.ini
2008-10-07 13:40:01 ----SD---- C:\Documents and Settings\Guillaume\Application Data\Microsoft
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Symantec
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Sonic
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Identities
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Adobe
2008-10-07 13:40:00 ----D---- C:\Documents and Settings\Guillaume\Application Data\toshiba
2008-10-07 13:39:01 ----A---- C:\WINDOWS\system32\DelRunOnceReg.exe
2008-10-07 13:39:01 ----A---- C:\WINDOWS\system32\ControlWZCS.exe
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\wgapiloc.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\wgapi.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\wcapi.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\results.txt
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\athcfg11ResLoc.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\athcfg11res.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\athcfg11.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\acs.exe
2008-10-07 13:38:53 ----A---- C:\WINDOWS\system32\AegisI5.exe
2008-10-07 13:38:53 ----A---- C:\WINDOWS\system32\AegisE5.dll
2008-10-07 13:33:32 ----D---- C:\Documents and Settings\Guillaume\Application Data\Macromedia
2008-10-07 13:20:12 ----D---- C:\Documents and Settings\Guillaume\Application Data\WinRAR
2008-10-07 13:17:20 ----D---- C:\Program Files\LucasArts
2008-10-07 13:16:54 ----SHD---- C:\RECYCLER
2008-10-07 13:04:13 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-07 13:04:10 ----D---- C:\Program Files\Alwil Software
2008-10-07 13:03:41 ----D---- C:\Program Files\WinRAR
2008-10-07 13:03:07 ----A---- C:\WINDOWS\system32\unrar.dll
2008-10-07 13:03:07 ----A---- C:\WINDOWS\avisplitter.ini
2008-10-07 13:03:05 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-10-07 13:03:05 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-10-07 13:03:05 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\divx.dll
2008-10-07 13:03:03 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-10-07 13:03:02 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-07 13:00:50 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-07 13:00:07 ----D---- C:\Program Files\Messenger Plus! Live
2008-10-07 12:59:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-07 12:56:46 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-10-07 12:56:15 ----D---- C:\Program Files\Windows Live
2008-10-07 12:56:05 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-07 12:55:29 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-07 12:55:29 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-07 12:55:28 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-07 12:55:28 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-07 12:55:28 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

======List of files/folders modified in the last 2 months======

2008-10-13 12:54:07 ----D---- C:\WINDOWS\Prefetch
2008-10-13 12:47:01 ----RD---- C:\Program Files
2008-10-13 11:57:24 ----D---- C:\WINDOWS\system32
2008-10-13 11:30:24 ----D---- C:\WINDOWS\system32\drivers
2008-10-13 11:29:54 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-13 11:29:53 ----D---- C:\WINDOWS\Temp
2008-10-13 11:29:22 ----D---- C:\WINDOWS\system32\Lang
2008-10-13 10:52:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-12 19:11:48 ----D---- C:\WINDOWS
2008-10-12 03:17:50 ----HD---- C:\WINDOWS\inf
2008-10-12 03:17:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-12 03:17:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-12 03:17:43 ----A---- C:\WINDOWS\imsins.BAK
2008-10-12 03:17:29 ----D---- C:\Program Files\Messenger
2008-10-12 03:16:26 ----SHD---- C:\WINDOWS\Installer
2008-10-12 03:15:05 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-10-12 03:06:17 ----D---- C:\Program Files\Internet Explorer
2008-10-12 03:05:23 ----D---- C:\WINDOWS\WinSxS
2008-10-12 02:12:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-12 01:53:37 ----D---- C:\WINDOWS\Debug
2008-10-11 18:28:40 ----D---- C:\WINDOWS\system32\Macromed
2008-10-10 11:48:23 ----D---- C:\WINDOWS\security
2008-10-10 09:53:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-10 07:39:34 ----D---- C:\Program Files\Fichiers communs
2008-10-07 21:29:12 ----D---- C:\WINDOWS\system32\RTCOM
2008-10-07 21:29:10 ----D---- C:\WINDOWS\system32\Restore
2008-10-07 21:29:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-07 21:29:08 ----D---- C:\WINDOWS\system32\ras
2008-10-07 21:28:37 ----D---- C:\WINDOWS\system32\npp
2008-10-07 21:28:34 ----D---- C:\WINDOWS\system32\mui
2008-10-07 21:28:17 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-07 21:27:59 ----D---- C:\WINDOWS\system32\IME
2008-10-07 21:27:57 ----D---- C:\WINDOWS\system32\icsxml
2008-10-07 21:27:57 ----D---- C:\WINDOWS\system32\ias
2008-10-07 21:27:30 ----D---- C:\WINDOWS\system32\DLA
2008-10-07 21:27:27 ----D---- C:\WINDOWS\system32\DirectX
2008-10-07 21:27:12 ----D---- C:\WINDOWS\system32\Com
2008-10-07 21:26:54 ----D---- C:\WINDOWS\system32\1036
2008-10-07 21:26:54 ----D---- C:\WINDOWS\system32\1033
2008-10-07 21:26:36 ----D---- C:\WINDOWS\Resources
2008-10-07 21:26:03 ----D---- C:\WINDOWS\PeerNet
2008-10-07 21:25:51 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-07 21:25:50 ----D---- C:\WINDOWS\msapps
2008-10-07 21:25:27 ----D---- C:\WINDOWS\java
2008-10-07 21:22:55 ----RSD---- C:\WINDOWS\Fonts
2008-10-07 21:21:23 ----D---- C:\WINDOWS\Driver Cache
2008-10-07 21:21:23 ----D---- C:\WINDOWS\Cursors
2008-10-07 21:21:05 ----RSD---- C:\WINDOWS\assembly
2008-10-07 21:20:52 ----D---- C:\WINDOWS\AppPatch
2008-10-07 21:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-10-07 21:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-10-07 21:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-10-07 21:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-10-07 21:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-10-07 21:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-10-07 21:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-10-07 21:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899589$
2008-10-07 21:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-10-07 21:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB898458$
2008-10-07 21:20:40 ----HDC---- C:\WINDOWS\$NtUninstallKB896688$
2008-10-07 21:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-10-07 21:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-10-07 21:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB896422$
2008-10-07 21:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-10-07 21:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB895200$
2008-10-07 21:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB894871$
2008-10-07 21:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB894391_0$
2008-10-07 21:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-10-07 21:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-10-07 21:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB893357$
2008-10-07 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB893066$
2008-10-07 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB893056$
2008-10-07 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-10-07 21:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-10-07 21:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB890175$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB889673$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-10-07 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB888113$
2008-10-07 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-10-07 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885855$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-10-07 21:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB885250$
2008-10-07 21:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-10-07 21:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB873333$
2008-10-07 21:20:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-07 21:19:30 ----D---- C:\VALUEADD
2008-10-07 21:19:24 ----D---- C:\TOOLSCD
2008-10-07 21:11:14 ----D---- C:\SUPPORT
2008-10-07 21:11:14 ----D---- C:\Program Files\xerox
2008-10-07 21:11:13 ----D---- C:\Program Files\Windows NT
2008-10-07 21:11:12 ----D---- C:\Program Files\Windows Media Player
2008-10-07 21:11:10 ----D---- C:\Program Files\TOSHIBA
2008-10-07 21:10:32 ----D---- C:\Program Files\Synaptics
2008-10-07 21:10:16 ----D---- C:\Program Files\Sonic
2008-10-07 21:10:15 ----D---- C:\Program Files\Services en ligne
2008-10-07 21:09:58 ----D---- C:\Program Files\Realtek
2008-10-07 21:09:58 ----D---- C:\Program Files\Outlook Express
2008-10-07 21:09:56 ----D---- C:\Program Files\Online Services
2008-10-07 21:09:55 ----AD---- C:\Program Files\Offre Wanadoo
2008-10-07 21:09:21 ----D---- C:\Program Files\NetMeeting
2008-10-07 21:09:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-07 21:09:00 ----D---- C:\Program Files\MSN
2008-10-07 21:09:00 ----D---- C:\Program Files\Movie Maker
2008-10-07 21:08:55 ----D---- C:\Program Files\Microsoft.NET
2008-10-07 21:08:51 ----D---- C:\Program Files\Microsoft Office
2008-10-07 21:08:39 ----D---- C:\Program Files\microsoft frontpage
2008-10-07 21:08:37 ----D---- C:\Program Files\ltmoh
2008-10-07 21:08:09 ----D---- C:\Program Files\Java
2008-10-07 21:08:01 ----D---- C:\Program Files\InterVideo
2008-10-07 21:06:36 ----D---- C:\Program Files\Fichiers communs\System
2008-10-07 21:05:46 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2008-10-07 21:05:46 ----D---- C:\Program Files\Fichiers communs\Services
2008-10-07 21:05:46 ----D---- C:\Program Files\Fichiers communs\ODBC
2008-10-07 21:05:45 ----D---- C:\Program Files\Fichiers communs\MSSoap
2008-10-07 21:05:03 ----D---- C:\Program Files\Fichiers communs\Java
2008-10-07 21:04:59 ----D---- C:\Program Files\Fichiers communs\InstallShield
2008-10-07 21:04:59 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-10-07 21:04:59 ----D---- C:\Program Files\ATI Technologies
2008-10-07 21:03:41 ----D---- C:\Program Files\Adobe
2008-10-07 21:01:56 ----RHD---- C:\MSOCache
2008-10-07 21:01:56 ----D---- C:\I386
2008-10-07 20:54:17 ----D---- C:\Documents and Settings\All Users\Application Data\SBSI
2008-10-07 20:54:17 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-07 15:08:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-07 13:48:51 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2008-10-07 13:48:50 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-07 13:48:49 ----D---- C:\Program Files\Symantec
2008-10-07 13:42:24 ----SD---- C:\WINDOWS\Tasks
2008-10-07 13:41:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-07 13:40:32 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-07 13:40:26 ----D---- C:\WINDOWS\oemdrv
2008-10-07 13:39:58 ----D---- C:\Documents and Settings
2008-10-07 13:39:12 ----A---- C:\WINDOWS\setuplog.txt
2008-10-07 13:39:07 ----SHD---- C:\System Volume Information
2008-10-07 13:38:52 ----D---- C:\Program Files\Atheros
2008-10-07 13:38:49 ----RASH---- C:\boot.ini
2008-10-07 13:38:21 ----D---- C:\WINDOWS\Registration
2008-10-07 13:33:25 ----A---- C:\WINDOWS\system.ini
2008-10-07 13:17:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-07 13:13:31 ----D---- C:\WINDOWS\system32\config
2008-10-07 12:55:34 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-07 12:55:31 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-07 17801]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-09-12 468736]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-11 4064256]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-15 185728]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2005-07-08 36864]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-08-10 35328]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 138168]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Répondre à guidu02

guidu02, le 13 oct 2008 à 13:05:28

Info.txt logfile of random's system information tool 1.04 2008-10-13 12:54:18

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70500000002}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assist TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x40c
Atheros Client Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x40c
Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\setup.exe" -l0x40c
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Commandes TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x40c UNINSTALL
Correctif pour Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB894871)-->"C:\WINDOWS\$NtUninstallKB894871$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif Windows XP - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB885855-->C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB889673-->C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
Correctif Windows XP - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Correctif Windows XP - KB893056-->C:\WINDOWS\$NtUninstallKB893056$\spuninst\spuninst.exe
Correctif Windows XP - KB895200-->"C:\WINDOWS\$NtUninstallKB895200$\spuninst\spuninst.exe"
Gestion d'énergie TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
K-Lite Codec Pack 4.1.4 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Manuels TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EB6332B-AF02-457C-A31C-835458C5B48B}\setup.exe" -l0x40c -removeonly
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A1040C-6000-11D3-8CFE-0150048383C9}
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mozilla Firefox (1.5)-->C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (fr)"
Outil de diagnostic PC TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x40c REMOVE
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x40c
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Son virtuel TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Star Wars Jedi Knight Jedi Academy-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x40c UNINSTALL
TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x40c
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x40c
TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x40c
Touch and Launch-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\setup.exe"
Utilitaire de zoom TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe" -l0x40c
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081012-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Répondre à guidu02

guidu02, le 13 oct 2008 à 13:08:23

Voila c'est fait merci de m'aider

Répondre à guidu02

sKe69, le 13 oct 2008 à 13:33:17

Bien ... on commence :

-Télécharges SDFix sur ton bureau :
ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou ici http://sdfix.net/SDFix.exe

--> Double-cliques sur SDFix.exe et choisis "Install" .

( tuto ici : http://www.malekal.com/tutorial_SDFix.php )

Puis une fois l'installe faite ,

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarres ton ordi .
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valides en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...

Ouvres le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double cliques sur RunThis.bat pour lancer le script.
--->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport RSIT pour analyse ... Rien ne sert de courir .... Non, ça sert à rien ... ---sKe---
"Baby, I'm going on an airplane, And I don't know if I'll be back again."
IMPORTANT : ne vous croyez pas tiré d'affaire
tant qu'on ne vous l'a pas dit !

Répondre à sKe69

guidu02, le 13 oct 2008 à 14:09:30

J'arive pas à mettre le mode sans échec, j'ai appuyer sur F5 F8 j'ai regardé dans le menu quand t'allume le pc mais impossible de le mettre en mode sans échec et puis il ne fait pas de bip au début,j'ai un pc portable toshiba

Répondre à guidu02

sKe69, le 13 oct 2008 à 14:31:19

Re,

tappotes sur F8 dès l'allumage du PC jusqu' à l'apparition de l'écran avec les options de démarrage ....ré-essayes et dis moi ... Rien ne sert de courir .... Non, ça sert à rien ... ---sKe---
"Baby, I'm going on an airplane, And I don't know if I'll be back again."
IMPORTANT : ne vous croyez pas tiré d'affaire
tant qu'on ne vous l'a pas dit !

Répondre à sKe69

guidu02, le 13 oct 2008 à 15:03:45

C'est fait j'etais pas assez patient quand jappuyer sur F8 xD

[b]SDFix: Version 1.235 /b
Run by Guillaume on 13/10/2008 at 14:42

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:

Rootkit Found :
C:\WINDOWS\system32\drivers\ATI1FNXX.sys - Rootkit Pandex/Cutwail - Protect.sys
C:\WINDOWS\system32\drivers\ATI2LSXX.sys - Rootkit Pandex/Cutwail - Protect.sys
C:\WINDOWS\system32\drivers\ATI3CJXX.sys - Rootkit Pandex/Cutwail - Protect.sys
C:\WINDOWS\system32\drivers\ATI7HOXX.sys - Rootkit Pandex/Cutwail - Protect.sys

[b]Name /b:
tcpsr

[b]Path /b:
\??\C:\WINDOWS\System32\drivers\tcpsr.sys

tcpsr - Deleted

Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting

[b]Checking Files /b:

Trojan Files Found:

C:\WINDOWS\system32\FBHQRARD.dll - Deleted
C:\WINDOWS\system32\phcrbgj0eg21.bmp - Deleted
C:\autorun.inf - Deleted
C:\Documents and Settings\Guillaume\Local Settings\Temp\.tt16.tmp.exe - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt100.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt105.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt10B.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt112.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt11A.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt11F.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt124.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt12B.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt13.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt132.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt138.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt13E.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt14.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt143.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt147.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt14C.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt14F.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt15.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt16.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt17.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt18.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt19.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt1B.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt1FD.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt22.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt23A.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt241.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt246.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt256.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt26.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt28.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt2A.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt2D.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt34.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt39.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt3A.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt3C.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt3D.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt43.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt46.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt47.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt4A.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt4C.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt4F.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt52.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt53.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt56.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt58.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt5D.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt5E.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt60.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt65.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt66.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt67.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt69.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt6B.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt6D.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt72.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt73.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt77.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt7A.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt7D.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt83.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt89.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt8B.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt95.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt9F.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttA9.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttB.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttB2.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttB6.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttBA.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttBE.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttC2.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttC8.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttD3.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttDB.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttDF.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttE.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttEB.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttF.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttF4.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttF7.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.ttFB.tmp - Deleted
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\.tt16.tmp.exe - Deleted
C:\WINDOWS\system32\rs32net.exe - Deleted
C:\WINDOWS\system32\drivers\ATI1FNXX.sys - Deleted
C:\WINDOWS\system32\drivers\ATI2LSXX.sys - Deleted
C:\WINDOWS\system32\drivers\ATI3CJXX.sys - Deleted
C:\WINDOWS\system32\drivers\ATI7HOXX.sys - Deleted

Removing Temp Files

[b]ADS Check /b:

[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 14:57:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services /b:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files /b:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

[b]Finished!/b

Répondre à guidu02

guidu02, le 13 oct 2008 à 15:08:10

Logfile of random's system information tool 1.04 (written by random/random)
Run by Guillaume at 2008-10-13 15:06:47
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 64 GB (84%) free of 76 GB
Total RAM: 446 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:56, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Guillaume\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Guillaume.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ASocksrv] SocksA.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
End of file - 6531 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Rappel d'enregistrement 1.job
C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-10 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-10-07 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-10-07 2436160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-10 15473664]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-15 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-15 688218]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2005-05-19 188416]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2005-12-08 352256]
"Tvs"=C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-03 266240]
"NDSTray.exe"=NDSTray.exe []
"SmoothView"=C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2005-05-17 118784]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-08-30 1077328]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"ASocksrv"=SocksA.exe []
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-10 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-11 65536]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-10-07 171448]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0bixx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0ovxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ucxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3nuxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4cjxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4ltxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5wfxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6krxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6pxxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8jrxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0bixx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0ovxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati1ucxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3nuxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4cjxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4ltxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati5wfxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6krxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6pxxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati8jrxx.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\Auto\command - tel.xls.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{370c2181-945e-11dd-b936-0016e30a6b69}]
shell\Auto\command - E:\tel.xls.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

======List of files/folders created in the last 2 months======

2008-10-13 14:39:09 ----D---- C:\WINDOWS\ERUNT
2008-10-13 14:37:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-13 13:47:30 ----D---- C:\SDFix
2008-10-13 12:54:06 ----D---- C:\rsit
2008-10-13 12:47:01 ----D---- C:\Program Files\Trend Micro
2008-10-12 14:10:39 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-12 03:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-12 03:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-12 03:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-12 03:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-12 03:17:11 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-10-12 03:17:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-10-12 03:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-12 03:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-12 03:16:23 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-12 03:09:30 ----SHD---- C:\Config.Msi
2008-10-12 03:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-12 03:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-12 03:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-12 03:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-10-12 03:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-12 03:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-12 03:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-12 03:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-12 03:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-12 03:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-12 03:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-12 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-10-12 01:53:37 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-12 00:00:32 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-12 00:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-11 23:02:47 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-11 23:02:47 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-11 23:02:46 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-10 07:39:34 ----D---- C:\Program Files\Fichiers communs\xing shared
2008-10-10 07:39:23 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-10-10 07:39:13 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-10-10 07:39:13 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-10-10 07:39:11 ----D---- C:\Program Files\Real
2008-10-10 07:39:10 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-10-10 07:39:07 ----D---- C:\Program Files\Fichiers communs\Real
2008-10-10 07:39:06 ----D---- C:\Documents and Settings\Guillaume\Application Data\Real
2008-10-10 07:38:02 ----D---- C:\Documents and Settings\Guillaume\Application Data\Mozilla
2008-10-10 07:38:00 ----D---- C:\Program Files\Mozilla Firefox
2008-10-09 19:46:41 ----D---- C:\Documents and Settings\Guillaume\Application Data\Media Player Classic
2008-10-09 19:19:42 ----D---- C:\Documents and Settings\Guillaume\Application Data\InterVideo
2008-10-09 13:45:11 ----HD---- C:\WINDOWS\PIF
2008-10-07 15:09:05 ----D---- C:\Documents and Settings\Guillaume\Application Data\Google
2008-10-07 15:08:49 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-07 15:08:44 ----D---- C:\Program Files\Google
2008-10-07 13:40:03 ----ASH---- C:\Documents and Settings\Guillaume\Application Data\desktop.ini
2008-10-07 13:40:01 ----SD---- C:\Documents and Settings\Guillaume\Application Data\Microsoft
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Symantec
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Sonic
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Identities
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Adobe
2008-10-07 13:40:00 ----D---- C:\Documents and Settings\Guillaume\Application Data\toshiba
2008-10-07 13:39:01 ----A---- C:\WINDOWS\system32\DelRunOnceReg.exe
2008-10-07 13:39:01 ----A---- C:\WINDOWS\system32\ControlWZCS.exe
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\wgapiloc.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\wgapi.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\wcapi.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\results.txt
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\athcfg11ResLoc.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\athcfg11res.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\athcfg11.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\acs.exe
2008-10-07 13:38:53 ----A---- C:\WINDOWS\system32\AegisI5.exe
2008-10-07 13:38:53 ----A---- C:\WINDOWS\system32\AegisE5.dll
2008-10-07 13:33:32 ----D---- C:\Documents and Settings\Guillaume\Application Data\Macromedia
2008-10-07 13:20:12 ----D---- C:\Documents and Settings\Guillaume\Application Data\WinRAR
2008-10-07 13:17:20 ----D---- C:\Program Files\LucasArts
2008-10-07 13:16:54 ----SHD---- C:\RECYCLER
2008-10-07 13:04:13 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-07 13:04:10 ----D---- C:\Program Files\Alwil Software
2008-10-07 13:03:41 ----D---- C:\Program Files\WinRAR
2008-10-07 13:03:07 ----A---- C:\WINDOWS\system32\unrar.dll
2008-10-07 13:03:07 ----A---- C:\WINDOWS\avisplitter.ini
2008-10-07 13:03:05 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-10-07 13:03:05 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-10-07 13:03:05 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\divx.dll
2008-10-07 13:03:03 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-10-07 13:03:02 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-07 13:00:50 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-07 13:00:07 ----D---- C:\Program Files\Messenger Plus! Live
2008-10-07 12:59:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-07 12:56:46 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-10-07 12:56:15 ----D---- C:\Program Files\Windows Live
2008-10-07 12:56:05 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-07 12:55:29 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-07 12:55:29 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-07 12:55:28 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-07 12:55:28 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-07 12:55:28 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

======List of files/folders modified in the last 2 months======

2008-10-13 15:01:57 ----D---- C:\WINDOWS\Temp
2008-10-13 15:01:04 ----D---- C:\WINDOWS\Prefetch
2008-10-13 15:00:55 ----D---- C:\WINDOWS\system32\Lang
2008-10-13 14:57:39 ----D---- C:\WINDOWS\system32\drivers
2008-10-13 14:45:09 ----D---- C:\WINDOWS\system32
2008-10-13 14:41:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-13 14:39:09 ----D---- C:\WINDOWS
2008-10-13 14:33:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-13 14:33:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-13 12:47:01 ----RD---- C:\Program Files
2008-10-12 03:17:50 ----HD---- C:\WINDOWS\inf
2008-10-12 03:17:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-12 03:17:43 ----A---- C:\WINDOWS\imsins.BAK
2008-10-12 03:17:29 ----D---- C:\Program Files\Messenger
2008-10-12 03:16:26 ----SHD---- C:\WINDOWS\Installer
2008-10-12 03:15:05 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-10-12 03:06:17 ----D---- C:\Program Files\Internet Explorer
2008-10-12 03:05:23 ----D---- C:\WINDOWS\WinSxS
2008-10-12 02:12:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-12 01:53:37 ----D---- C:\WINDOWS\Debug
2008-10-11 18:28:40 ----D---- C:\WINDOWS\system32\Macromed
2008-10-10 11:48:23 ----D---- C:\WINDOWS\security
2008-10-10 09:53:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-10 07:39:34 ----D---- C:\Program Files\Fichiers communs
2008-10-07 21:29:12 ----D---- C:\WINDOWS\system32\RTCOM
2008-10-07 21:29:10 ----D---- C:\WINDOWS\system32\Restore
2008-10-07 21:29:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-07 21:29:08 ----D---- C:\WINDOWS\system32\ras
2008-10-07 21:28:37 ----D---- C:\WINDOWS\system32\npp
2008-10-07 21:28:34 ----D---- C:\WINDOWS\system32\mui
2008-10-07 21:28:17 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-07 21:27:59 ----D---- C:\WINDOWS\system32\IME
2008-10-07 21:27:57 ----D---- C:\WINDOWS\system32\icsxml
2008-10-07 21:27:57 ----D---- C:\WINDOWS\system32\ias
2008-10-07 21:27:30 ----D---- C:\WINDOWS\system32\DLA
2008-10-07 21:27:27 ----D---- C:\WINDOWS\system32\DirectX
2008-10-07 21:27:12 ----D---- C:\WINDOWS\system32\Com
2008-10-07 21:26:54 ----D---- C:\WINDOWS\system32\1036
2008-10-07 21:26:54 ----D---- C:\WINDOWS\system32\1033
2008-10-07 21:26:36 ----D---- C:\WINDOWS\Resources
2008-10-07 21:26:03 ----D---- C:\WINDOWS\PeerNet
2008-10-07 21:25:51 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-07 21:25:50 ----D---- C:\WINDOWS\msapps
2008-10-07 21:25:27 ----D---- C:\WINDOWS\java
2008-10-07 21:22:55 ----RSD---- C:\WINDOWS\Fonts
2008-10-07 21:21:23 ----D---- C:\WINDOWS\Driver Cache
2008-10-07 21:21:23 ----D---- C:\WINDOWS\Cursors
2008-10-07 21:21:05 ----RSD---- C:\WINDOWS\assembly
2008-10-07 21:20:52 ----D---- C:\WINDOWS\AppPatch
2008-10-07 21:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-10-07 21:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-10-07 21:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-10-07 21:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-10-07 21:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-10-07 21:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-10-07 21:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-10-07 21:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899589$
2008-10-07 21:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-10-07 21:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB898458$
2008-10-07 21:20:40 ----HDC---- C:\WINDOWS\$NtUninstallKB896688$
2008-10-07 21:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-10-07 21:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-10-07 21:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB896422$
2008-10-07 21:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-10-07 21:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB895200$
2008-10-07 21:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB894871$
2008-10-07 21:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB894391_0$
2008-10-07 21:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-10-07 21:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-10-07 21:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB893357$
2008-10-07 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB893066$
2008-10-07 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB893056$
2008-10-07 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-10-07 21:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-10-07 21:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB890175$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB889673$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-10-07 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB888113$
2008-10-07 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-10-07 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885855$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-10-07 21:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB885250$
2008-10-07 21:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-10-07 21:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB873333$
2008-10-07 21:20:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-07 21:19:30 ----D---- C:\VALUEADD
2008-10-07 21:19:24 ----D---- C:\TOOLSCD
2008-10-07 21:11:14 ----D---- C:\SUPPORT
2008-10-07 21:11:14 ----D---- C:\Program Files\xerox
2008-10-07 21:11:13 ----D---- C:\Program Files\Windows NT
2008-10-07 21:11:12 ----D---- C:\Program Files\Windows Media Player
2008-10-07 21:11:10 ----D---- C:\Program Files\TOSHIBA
2008-10-07 21:10:32 ----D---- C:\Program Files\Synaptics
2008-10-07 21:10:16 ----D---- C:\Program Files\Sonic
2008-10-07 21:10:15 ----D---- C:\Program Files\Services en ligne
2008-10-07 21:09:58 ----D---- C:\Program Files\Realtek
2008-10-07 21:09:58 ----D---- C:\Program Files\Outlook Express
2008-10-07 21:09:56 ----D---- C:\Program Files\Online Services
2008-10-07 21:09:55 ----AD---- C:\Program Files\Offre Wanadoo
2008-10-07 21:09:21 ----D---- C:\Program Files\NetMeeting
2008-10-07 21:09:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-07 21:09:00 ----D---- C:\Program Files\MSN
2008-10-07 21:09:00 ----D---- C:\Program Files\Movie Maker
2008-10-07 21:08:55 ----D---- C:\Program Files\Microsoft.NET
2008-10-07 21:08:51 ----D---- C:\Program Files\Microsoft Office
2008-10-07 21:08:39 ----D---- C:\Program Files\microsoft frontpage
2008-10-07 21:08:37 ----D---- C:\Program Files\ltmoh
2008-10-07 21:08:09 ----D---- C:\Program Files\Java
2008-10-07 21:08:01 ----D---- C:\Program Files\InterVideo
2008-10-07 21:06:36 ----D---- C:\Program Files\Fichiers communs\System
2008-10-07 21:05:46 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2008-10-07 21:05:46 ----D---- C:\Program Files\Fichiers communs\Services
2008-10-07 21:05:46 ----D---- C:\Program Files\Fichiers communs\ODBC
2008-10-07 21:05:45 ----D---- C:\Program Files\Fichiers communs\MSSoap
2008-10-07 21:05:03 ----D---- C:\Program Files\Fichiers communs\Java
2008-10-07 21:04:59 ----D---- C:\Program Files\Fichiers communs\InstallShield
2008-10-07 21:04:59 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-10-07 21:04:59 ----D---- C:\Program Files\ATI Technologies
2008-10-07 21:03:41 ----D---- C:\Program Files\Adobe
2008-10-07 21:01:56 ----RHD---- C:\MSOCache
2008-10-07 21:01:56 ----D---- C:\I386
2008-10-07 20:54:17 ----D---- C:\Documents and Settings\All Users\Application Data\SBSI
2008-10-07 20:54:17 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-07 15:08:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-07 13:48:51 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2008-10-07 13:48:50 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-07 13:48:49 ----D---- C:\Program Files\Symantec
2008-10-07 13:42:24 ----SD---- C:\WINDOWS\Tasks
2008-10-07 13:41:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-07 13:40:32 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-07 13:40:26 ----D---- C:\WINDOWS\oemdrv
2008-10-07 13:39:58 ----D---- C:\Documents and Settings
2008-10-07 13:39:12 ----A---- C:\WINDOWS\setuplog.txt
2008-10-07 13:39:07 ----SHD---- C:\System Volume Information
2008-10-07 13:38:52 ----D---- C:\Program Files\Atheros
2008-10-07 13:38:49 ----RASH---- C:\boot.ini
2008-10-07 13:38:21 ----D---- C:\WINDOWS\Registration
2008-10-07 13:33:25 ----A---- C:\WINDOWS\system.ini
2008-10-07 13:17:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-07 13:13:31 ----D---- C:\WINDOWS\system32\config
2008-10-07 12:55:34 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-07 12:55:31 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-07 17801]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-09-12 468736]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 catchme;catchme; \??\C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-11 4064256]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-15 185728]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2005-07-08 36864]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-08-10 35328]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 138168]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Répondre à guidu02

guidu02, le 13 oct 2008 à 15:10:22

Répondre à guidu02

sKe69, le 13 oct 2008 à 15:17:39

Bien .... La suite :

1- Télécharges : - CCleaner
http://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ).

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnectes toi et fermes toutes applications en cours !
* vas dans "nettoyeur" : fait analyse puis nettoyage
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

2- Télécharges MalwareByte's :
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php

Installes le ( choisis bien "francais" ; ne modifies pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharges le ici : http://www.malekal.com/download/comctl32.ocx )

Potasses le tuto pour te familiariser avec le prg : http://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarres ton ordi .
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valides en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...

Lances Malwarebyte's .

Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! ) et supprimes tout ce qu'il peut trouver, c'est à dire :
-->Laisses le scan se terminer,puis à la fin tu cliques sur "résultat" .
-->Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .

Redémarres ton PC ( mode normal ).

Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date) accompagné d'un nouveau rapport RSIT / "log.txt" ( fait en mode normal ) ... Rien ne sert de courir .... Non, ça sert à rien ... ---sKe---
"Baby, I'm going on an airplane, And I don't know if I'll be back again."
IMPORTANT : ne vous croyez pas tiré d'affaire
tant qu'on ne vous l'a pas dit !

Répondre à sKe69

guidu02, le 13 oct 2008 à 17:03:38

Voila

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1263
Windows 5.1.2600 Service Pack 2

13/10/2008 16:58:53
mbam-log-2008-10-13 (16-58-53).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 70830
Temps écoulé: 1 hour(s), 14 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP10\A0005997.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP10\A0006997.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP10\A0007997.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP10\A0007998.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP10\A0008998.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP10\A0008999.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP10\A0009003.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP10\A0009016.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP9\A0004963.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP9\A0004964.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7C613A87-BF99-4606-961B-887F813D12F7}\RP9\A0004965.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Répondre à guidu02

guidu02, le 13 oct 2008 à 17:05:00

Logfile of random's system information tool 1.04 (written by random/random)
Run by Guillaume at 2008-10-13 17:04:08
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 65 GB (85%) free of 76 GB
Total RAM: 446 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:16, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Guillaume\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Guillaume.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ASocksrv] SocksA.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
End of file - 6670 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Rappel d'enregistrement 1.job
C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-10 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-10-07 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-10-07 2436160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-10 15473664]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-15 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-15 688218]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2005-05-19 188416]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2005-12-08 352256]
"Tvs"=C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-03 266240]
"NDSTray.exe"=NDSTray.exe []
"SmoothView"=C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2005-05-17 118784]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-08-30 1077328]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"ASocksrv"=SocksA.exe []
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-10 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-11 65536]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-10-07 171448]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0bixx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0ovxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ucxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3nuxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4cjxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4ltxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5wfxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6krxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6pxxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8jrxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0bixx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0ovxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati1ucxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3nuxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4cjxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4ltxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati5wfxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6krxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6pxxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati8jrxx.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{370c2181-945e-11dd-b936-0016e30a6b69}]
shell\Auto\command - E:\tel.xls.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

======List of files/folders created in the last 2 months======

2008-10-13 15:42:34 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-13 15:29:18 ----D---- C:\Documents and Settings\Guillaume\Application Data\Malwarebytes
2008-10-13 15:29:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 15:29:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 15:26:53 ----D---- C:\Program Files\CCleaner
2008-10-13 14:39:09 ----D---- C:\WINDOWS\ERUNT
2008-10-13 13:47:30 ----D---- C:\SDFix
2008-10-13 12:54:06 ----D---- C:\rsit
2008-10-13 12:47:01 ----D---- C:\Program Files\Trend Micro
2008-10-12 14:10:39 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-12 03:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-12 03:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-12 03:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-12 03:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-12 03:17:11 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-10-12 03:17:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-10-12 03:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-12 03:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-12 03:16:23 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-12 03:09:30 ----SHD---- C:\Config.Msi
2008-10-12 03:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-12 03:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-12 03:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-12 03:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-10-12 03:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-12 03:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-12 03:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-12 03:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-12 03:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-12 03:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-12 03:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-12 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-10-12 01:53:37 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-12 00:00:32 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-12 00:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-11 23:02:47 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-11 23:02:47 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-11 23:02:46 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-10 07:39:34 ----D---- C:\Program Files\Fichiers communs\xing shared
2008-10-10 07:39:23 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-10-10 07:39:13 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-10-10 07:39:13 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-10-10 07:39:11 ----D---- C:\Program Files\Real
2008-10-10 07:39:10 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-10-10 07:39:07 ----D---- C:\Program Files\Fichiers communs\Real
2008-10-10 07:39:06 ----D---- C:\Documents and Settings\Guillaume\Application Data\Real
2008-10-10 07:38:02 ----D---- C:\Documents and Settings\Guillaume\Application Data\Mozilla
2008-10-10 07:38:00 ----D---- C:\Program Files\Mozilla Firefox
2008-10-09 19:46:41 ----D---- C:\Documents and Settings\Guillaume\Application Data\Media Player Classic
2008-10-09 19:19:42 ----D---- C:\Documents and Settings\Guillaume\Application Data\InterVideo
2008-10-09 13:45:11 ----HD---- C:\WINDOWS\PIF
2008-10-07 15:09:05 ----D---- C:\Documents and Settings\Guillaume\Application Data\Google
2008-10-07 15:08:49 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-07 15:08:44 ----D---- C:\Program Files\Google
2008-10-07 13:40:03 ----ASH---- C:\Documents and Settings\Guillaume\Application Data\desktop.ini
2008-10-07 13:40:01 ----SD---- C:\Documents and Settings\Guillaume\Application Data\Microsoft
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Symantec
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Sonic
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Identities
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Adobe
2008-10-07 13:40:00 ----D---- C:\Documents and Settings\Guillaume\Application Data\toshiba
2008-10-07 13:39:01 ----A---- C:\WINDOWS\system32\DelRunOnceReg.exe
2008-10-07 13:39:01 ----A---- C:\WINDOWS\system32\ControlWZCS.exe
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\wgapiloc.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\wgapi.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\wcapi.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\results.txt
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\athcfg11ResLoc.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\athcfg11res.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\athcfg11.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\acs.exe
2008-10-07 13:38:53 ----A---- C:\WINDOWS\system32\AegisI5.exe
2008-10-07 13:38:53 ----A---- C:\WINDOWS\system32\AegisE5.dll
2008-10-07 13:33:32 ----D---- C:\Documents and Settings\Guillaume\Application Data\Macromedia
2008-10-07 13:20:12 ----D---- C:\Documents and Settings\Guillaume\Application Data\WinRAR
2008-10-07 13:17:20 ----D---- C:\Program Files\LucasArts
2008-10-07 13:16:54 ----SHD---- C:\RECYCLER
2008-10-07 13:04:13 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-07 13:04:10 ----D---- C:\Program Files\Alwil Software
2008-10-07 13:03:41 ----D---- C:\Program Files\WinRAR
2008-10-07 13:03:07 ----A---- C:\WINDOWS\system32\unrar.dll
2008-10-07 13:03:07 ----A---- C:\WINDOWS\avisplitter.ini
2008-10-07 13:03:05 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-10-07 13:03:05 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-10-07 13:03:05 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\divx.dll
2008-10-07 13:03:03 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-10-07 13:03:02 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-07 13:00:50 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-07 13:00:07 ----D---- C:\Program Files\Messenger Plus! Live
2008-10-07 12:59:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-07 12:56:46 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-10-07 12:56:15 ----D---- C:\Program Files\Windows Live
2008-10-07 12:56:05 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-07 12:55:29 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-07 12:55:29 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-07 12:55:28 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-07 12:55:28 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-07 12:55:28 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

======List of files/folders modified in the last 2 months======

2008-10-13 17:02:03 ----D---- C:\WINDOWS\Temp
2008-10-13 17:00:53 ----D---- C:\WINDOWS
2008-10-13 17:00:43 ----D---- C:\WINDOWS\system32\Lang
2008-10-13 16:59:52 ----D---- C:\WINDOWS\system32\drivers
2008-10-13 15:40:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-13 15:37:42 ----D---- C:\WINDOWS\Debug
2008-10-13 15:31:45 ----D---- C:\WINDOWS\Prefetch
2008-10-13 15:29:15 ----RD---- C:\Program Files
2008-10-13 14:45:09 ----D---- C:\WINDOWS\system32
2008-10-13 14:41:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-13 14:33:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-12 03:17:50 ----HD---- C:\WINDOWS\inf
2008-10-12 03:17:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-12 03:17:29 ----D---- C:\Program Files\Messenger
2008-10-12 03:16:26 ----SHD---- C:\WINDOWS\Installer
2008-10-12 03:15:05 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-10-12 03:06:17 ----D---- C:\Program Files\Internet Explorer
2008-10-12 03:05:23 ----D---- C:\WINDOWS\WinSxS
2008-10-12 02:12:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-11 18:28:40 ----D---- C:\WINDOWS\system32\Macromed
2008-10-10 11:48:23 ----D---- C:\WINDOWS\security
2008-10-10 09:53:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-10 07:39:34 ----D---- C:\Program Files\Fichiers communs
2008-10-07 21:29:12 ----D---- C:\WINDOWS\system32\RTCOM
2008-10-07 21:29:10 ----D---- C:\WINDOWS\system32\Restore
2008-10-07 21:29:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-07 21:29:08 ----D---- C:\WINDOWS\system32\ras
2008-10-07 21:28:37 ----D---- C:\WINDOWS\system32\npp
2008-10-07 21:28:34 ----D---- C:\WINDOWS\system32\mui
2008-10-07 21:28:17 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-07 21:27:59 ----D---- C:\WINDOWS\system32\IME
2008-10-07 21:27:57 ----D---- C:\WINDOWS\system32\icsxml
2008-10-07 21:27:57 ----D---- C:\WINDOWS\system32\ias
2008-10-07 21:27:30 ----D---- C:\WINDOWS\system32\DLA
2008-10-07 21:27:27 ----D---- C:\WINDOWS\system32\DirectX
2008-10-07 21:27:12 ----D---- C:\WINDOWS\system32\Com
2008-10-07 21:26:54 ----D---- C:\WINDOWS\system32\1036
2008-10-07 21:26:54 ----D---- C:\WINDOWS\system32\1033
2008-10-07 21:26:36 ----D---- C:\WINDOWS\Resources
2008-10-07 21:26:03 ----D---- C:\WINDOWS\PeerNet
2008-10-07 21:25:51 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-07 21:25:50 ----D---- C:\WINDOWS\msapps
2008-10-07 21:25:27 ----D---- C:\WINDOWS\java
2008-10-07 21:22:55 ----RSD---- C:\WINDOWS\Fonts
2008-10-07 21:21:23 ----D---- C:\WINDOWS\Driver Cache
2008-10-07 21:21:23 ----D---- C:\WINDOWS\Cursors
2008-10-07 21:21:05 ----RSD---- C:\WINDOWS\assembly
2008-10-07 21:20:52 ----D---- C:\WINDOWS\AppPatch
2008-10-07 21:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-10-07 21:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-10-07 21:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-10-07 21:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-10-07 21:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-10-07 21:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-10-07 21:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-10-07 21:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899589$
2008-10-07 21:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-10-07 21:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB898458$
2008-10-07 21:20:40 ----HDC---- C:\WINDOWS\$NtUninstallKB896688$
2008-10-07 21:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-10-07 21:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-10-07 21:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB896422$
2008-10-07 21:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-10-07 21:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB895200$
2008-10-07 21:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB894871$
2008-10-07 21:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB894391_0$
2008-10-07 21:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-10-07 21:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-10-07 21:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB893357$
2008-10-07 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB893066$
2008-10-07 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB893056$
2008-10-07 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-10-07 21:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-10-07 21:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB890175$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB889673$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-10-07 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB888113$
2008-10-07 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-10-07 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885855$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-10-07 21:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB885250$
2008-10-07 21:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-10-07 21:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB873333$
2008-10-07 21:20:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-07 21:19:30 ----D---- C:\VALUEADD
2008-10-07 21:19:24 ----D---- C:\TOOLSCD
2008-10-07 21:11:14 ----D---- C:\SUPPORT
2008-10-07 21:11:14 ----D---- C:\Program Files\xerox
2008-10-07 21:11:13 ----D---- C:\Program Files\Windows NT
2008-10-07 21:11:12 ----D---- C:\Program Files\Windows Media Player
2008-10-07 21:11:10 ----D---- C:\Program Files\TOSHIBA
2008-10-07 21:10:32 ----D---- C:\Program Files\Synaptics
2008-10-07 21:10:16 ----D---- C:\Program Files\Sonic
2008-10-07 21:10:15 ----D---- C:\Program Files\Services en ligne
2008-10-07 21:09:58 ----D---- C:\Program Files\Realtek
2008-10-07 21:09:58 ----D---- C:\Program Files\Outlook Express
2008-10-07 21:09:56 ----D---- C:\Program Files\Online Services
2008-10-07 21:09:55 ----AD---- C:\Program Files\Offre Wanadoo
2008-10-07 21:09:21 ----D---- C:\Program Files\NetMeeting
2008-10-07 21:09:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-07 21:09:00 ----D---- C:\Program Files\MSN
2008-10-07 21:09:00 ----D---- C:\Program Files\Movie Maker
2008-10-07 21:08:55 ----D---- C:\Program Files\Microsoft.NET
2008-10-07 21:08:51 ----D---- C:\Program Files\Microsoft Office
2008-10-07 21:08:39 ----D---- C:\Program Files\microsoft frontpage
2008-10-07 21:08:37 ----D---- C:\Program Files\ltmoh
2008-10-07 21:08:09 ----D---- C:\Program Files\Java
2008-10-07 21:08:01 ----D---- C:\Program Files\InterVideo
2008-10-07 21:06:36 ----D---- C:\Program Files\Fichiers communs\System
2008-10-07 21:05:46 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2008-10-07 21:05:46 ----D---- C:\Program Files\Fichiers communs\Services
2008-10-07 21:05:46 ----D---- C:\Program Files\Fichiers communs\ODBC
2008-10-07 21:05:45 ----D---- C:\Program Files\Fichiers communs\MSSoap
2008-10-07 21:05:03 ----D---- C:\Program Files\Fichiers communs\Java
2008-10-07 21:04:59 ----D---- C:\Program Files\Fichiers communs\InstallShield
2008-10-07 21:04:59 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-10-07 21:04:59 ----D---- C:\Program Files\ATI Technologies
2008-10-07 21:03:41 ----D---- C:\Program Files\Adobe
2008-10-07 21:01:56 ----RHD---- C:\MSOCache
2008-10-07 21:01:56 ----D---- C:\I386
2008-10-07 20:54:17 ----D---- C:\Documents and Settings\All Users\Application Data\SBSI
2008-10-07 20:54:17 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-07 15:08:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-07 13:48:51 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2008-10-07 13:48:50 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-07 13:48:49 ----D---- C:\Program Files\Symantec
2008-10-07 13:42:24 ----SD---- C:\WINDOWS\Tasks
2008-10-07 13:41:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-07 13:40:26 ----D---- C:\WINDOWS\oemdrv
2008-10-07 13:39:58 ----D---- C:\Documents and Settings
2008-10-07 13:39:07 ----SHD---- C:\System Volume Information
2008-10-07 13:38:52 ----D---- C:\Program Files\Atheros
2008-10-07 13:38:49 ----RASH---- C:\boot.ini
2008-10-07 13:38:21 ----D---- C:\WINDOWS\Registration
2008-10-07 13:33:25 ----A---- C:\WINDOWS\system.ini
2008-10-07 13:17:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-07 13:13:31 ----D---- C:\WINDOWS\system32\config
2008-10-07 12:55:34 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-07 12:55:31 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-07 17801]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-09-12 468736]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-11 4064256]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-15 185728]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
S3 catchme;catchme; \??\C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\catchme.sys []
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2005-07-08 36864]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-08-10 35328]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 138168]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Répondre à guidu02

sKe69, le 13 oct 2008 à 17:35:11

Bien ... la suite dans l'ordre :

1- Important :
Branches toutes tes unités externes au PC ( DD externes , clé USB , lecteur mp3,flash disk ect...) suscesptilble d'avoir été infectés , mais sans les ouvrir !
Tu les retireras après la manipe ...

2- Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

http://oldtimer.geekstogo.com/OTMoveIt3.exe

! Déconnectes toi et fermes toute tes applications en cours !

Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,

:Processes
explorer.exe

:Services

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{370c2181-945e-11dd-b936-0016e30a6b69}] 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
"ASocksrv"=-

:Files
E:\tel.xls.exe 
C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe 

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

et colles le dans le cadre de gauche de OTMoveIt2 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

Ton PC va redémarrer de lui même ...

-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " )

3- refais un scan RSIT et postes le nouveau rapport obtenu .... "Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne vous l'a pas dit !

Répondre à sKe69

guidu02, le 13 oct 2008 à 18:15:02

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{370c2181-945e-11dd-b936-0016e30a6b69}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ASocksrv deleted successfully.
========== FILES ==========
File/Folder E:\tel.xls.exe not found.
File/Folder C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_590.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10132008_181055

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_590.dat scheduled to be moved on reboot.

Répondre à guidu02

guidu02, le 13 oct 2008 à 18:16:52

Logfile of random's system information tool 1.04 (written by random/random)
Run by Guillaume at 2008-10-13 18:15:29
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 65 GB (85%) free of 76 GB
Total RAM: 446 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:36, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Guillaume\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Guillaume.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
End of file - 6580 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Rappel d'enregistrement 1.job
C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-10 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-10-07 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-10-07 2436160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-10 15473664]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-15 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-15 688218]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2005-05-19 188416]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2005-12-08 352256]
"Tvs"=C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-03 266240]
"NDSTray.exe"=NDSTray.exe []
"SmoothView"=C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2005-05-17 118784]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-08-30 1077328]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-10 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-11 65536]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-10-07 171448]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0bixx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0ovxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ucxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3nuxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4cjxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4ltxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5wfxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6krxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6pxxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8jrxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0bixx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0ovxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati1ucxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3nuxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4cjxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4ltxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati5wfxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6krxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6pxxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati8jrxx.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2008-10-13 18:10:55 ----D---- C:\_OTMoveIt
2008-10-13 15:42:34 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-13 15:29:18 ----D---- C:\Documents and Settings\Guillaume\Application Data\Malwarebytes
2008-10-13 15:29:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 15:29:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 15:26:53 ----D---- C:\Program Files\CCleaner
2008-10-13 14:39:09 ----D---- C:\WINDOWS\ERUNT
2008-10-13 13:47:30 ----D---- C:\SDFix
2008-10-13 12:54:06 ----D---- C:\rsit
2008-10-13 12:47:01 ----D---- C:\Program Files\Trend Micro
2008-10-12 14:10:39 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-12 03:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-12 03:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-12 03:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-12 03:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-12 03:17:11 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-10-12 03:17:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-10-12 03:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-12 03:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-12 03:16:23 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-12 03:09:30 ----SHD---- C:\Config.Msi
2008-10-12 03:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-12 03:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-12 03:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-12 03:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-10-12 03:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-12 03:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-12 03:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-12 03:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-12 03:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-12 03:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-12 03:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-12 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-10-12 01:53:37 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-12 00:00:32 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-12 00:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-11 23:02:47 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-11 23:02:47 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-11 23:02:46 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-10 07:39:34 ----D---- C:\Program Files\Fichiers communs\xing shared
2008-10-10 07:39:23 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-10-10 07:39:13 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-10-10 07:39:13 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-10-10 07:39:11 ----D---- C:\Program Files\Real
2008-10-10 07:39:10 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-10-10 07:39:07 ----D---- C:\Program Files\Fichiers communs\Real
2008-10-10 07:39:06 ----D---- C:\Documents and Settings\Guillaume\Application Data\Real
2008-10-10 07:38:02 ----D---- C:\Documents and Settings\Guillaume\Application Data\Mozilla
2008-10-10 07:38:00 ----D---- C:\Program Files\Mozilla Firefox
2008-10-09 19:46:41 ----D---- C:\Documents and Settings\Guillaume\Application Data\Media Player Classic
2008-10-09 19:19:42 ----D---- C:\Documents and Settings\Guillaume\Application Data\InterVideo
2008-10-09 13:45:11 ----HD---- C:\WINDOWS\PIF
2008-10-07 15:09:05 ----D---- C:\Documents and Settings\Guillaume\Application Data\Google
2008-10-07 15:08:49 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-07 15:08:44 ----D---- C:\Program Files\Google
2008-10-07 13:40:03 ----ASH---- C:\Documents and Settings\Guillaume\Application Data\desktop.ini
2008-10-07 13:40:01 ----SD---- C:\Documents and Settings\Guillaume\Application Data\Microsoft
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Symantec
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Sonic
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Identities
2008-10-07 13:40:01 ----D---- C:\Documents and Settings\Guillaume\Application Data\Adobe
2008-10-07 13:40:00 ----D---- C:\Documents and Settings\Guillaume\Application Data\toshiba
2008-10-07 13:39:01 ----A---- C:\WINDOWS\system32\DelRunOnceReg.exe
2008-10-07 13:39:01 ----A---- C:\WINDOWS\system32\ControlWZCS.exe
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\wgapiloc.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\wgapi.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\wcapi.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\results.txt
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\athcfg11ResLoc.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\athcfg11res.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\athcfg11.dll
2008-10-07 13:38:58 ----A---- C:\WINDOWS\system32\acs.exe
2008-10-07 13:38:53 ----A---- C:\WINDOWS\system32\AegisI5.exe
2008-10-07 13:38:53 ----A---- C:\WINDOWS\system32\AegisE5.dll
2008-10-07 13:33:32 ----D---- C:\Documents and Settings\Guillaume\Application Data\Macromedia
2008-10-07 13:20:12 ----D---- C:\Documents and Settings\Guillaume\Application Data\WinRAR
2008-10-07 13:17:20 ----D---- C:\Program Files\LucasArts
2008-10-07 13:16:54 ----SHD---- C:\RECYCLER
2008-10-07 13:04:13 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-07 13:04:10 ----D---- C:\Program Files\Alwil Software
2008-10-07 13:03:41 ----D---- C:\Program Files\WinRAR
2008-10-07 13:03:07 ----A---- C:\WINDOWS\system32\unrar.dll
2008-10-07 13:03:07 ----A---- C:\WINDOWS\avisplitter.ini
2008-10-07 13:03:05 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-10-07 13:03:05 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-10-07 13:03:05 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-10-07 13:03:04 ----A---- C:\WINDOWS\system32\divx.dll
2008-10-07 13:03:03 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-10-07 13:03:02 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-07 13:00:50 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-07 13:00:07 ----D---- C:\Program Files\Messenger Plus! Live
2008-10-07 12:59:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-07 12:56:46 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-10-07 12:56:15 ----D---- C:\Program Files\Windows Live
2008-10-07 12:56:05 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-07 12:55:29 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-07 12:55:29 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-07 12:55:28 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-07 12:55:28 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-07 12:55:28 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

======List of files/folders modified in the last 2 months======

2008-10-13 18:14:07 ----D---- C:\WINDOWS\Temp
2008-10-13 18:13:19 ----D---- C:\WINDOWS\system32\Lang
2008-10-13 18:11:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-13 18:11:09 ----D---- C:\WINDOWS\Prefetch
2008-10-13 17:00:53 ----D---- C:\WINDOWS
2008-10-13 16:59:52 ----D---- C:\WINDOWS\system32\drivers
2008-10-13 15:37:42 ----D---- C:\WINDOWS\Debug
2008-10-13 15:29:15 ----RD---- C:\Program Files
2008-10-13 14:45:09 ----D---- C:\WINDOWS\system32
2008-10-13 14:41:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-13 14:33:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-12 03:17:50 ----HD---- C:\WINDOWS\inf
2008-10-12 03:17:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-12 03:17:29 ----D---- C:\Program Files\Messenger
2008-10-12 03:16:26 ----SHD---- C:\WINDOWS\Installer
2008-10-12 03:15:05 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-10-12 03:06:17 ----D---- C:\Program Files\Internet Explorer
2008-10-12 03:05:23 ----D---- C:\WINDOWS\WinSxS
2008-10-12 02:12:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-11 18:28:40 ----D---- C:\WINDOWS\system32\Macromed
2008-10-10 11:48:23 ----D---- C:\WINDOWS\security
2008-10-10 09:53:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-10 07:39:34 ----D---- C:\Program Files\Fichiers communs
2008-10-07 21:29:12 ----D---- C:\WINDOWS\system32\RTCOM
2008-10-07 21:29:10 ----D---- C:\WINDOWS\system32\Restore
2008-10-07 21:29:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-07 21:29:08 ----D---- C:\WINDOWS\system32\ras
2008-10-07 21:28:37 ----D---- C:\WINDOWS\system32\npp
2008-10-07 21:28:34 ----D---- C:\WINDOWS\system32\mui
2008-10-07 21:28:17 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-07 21:27:59 ----D---- C:\WINDOWS\system32\IME
2008-10-07 21:27:57 ----D---- C:\WINDOWS\system32\icsxml
2008-10-07 21:27:57 ----D---- C:\WINDOWS\system32\ias
2008-10-07 21:27:30 ----D---- C:\WINDOWS\system32\DLA
2008-10-07 21:27:27 ----D---- C:\WINDOWS\system32\DirectX
2008-10-07 21:27:12 ----D---- C:\WINDOWS\system32\Com
2008-10-07 21:26:54 ----D---- C:\WINDOWS\system32\1036
2008-10-07 21:26:54 ----D---- C:\WINDOWS\system32\1033
2008-10-07 21:26:36 ----D---- C:\WINDOWS\Resources
2008-10-07 21:26:03 ----D---- C:\WINDOWS\PeerNet
2008-10-07 21:25:51 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-07 21:25:50 ----D---- C:\WINDOWS\msapps
2008-10-07 21:25:27 ----D---- C:\WINDOWS\java
2008-10-07 21:22:55 ----RSD---- C:\WINDOWS\Fonts
2008-10-07 21:21:23 ----D---- C:\WINDOWS\Driver Cache
2008-10-07 21:21:23 ----D---- C:\WINDOWS\Cursors
2008-10-07 21:21:05 ----RSD---- C:\WINDOWS\assembly
2008-10-07 21:20:52 ----D---- C:\WINDOWS\AppPatch
2008-10-07 21:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-10-07 21:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-10-07 21:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-10-07 21:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-10-07 21:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-10-07 21:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-10-07 21:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-10-07 21:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899589$
2008-10-07 21:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-10-07 21:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB898458$
2008-10-07 21:20:40 ----HDC---- C:\WINDOWS\$NtUninstallKB896688$
2008-10-07 21:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-10-07 21:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-10-07 21:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB896422$
2008-10-07 21:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-10-07 21:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB895200$
2008-10-07 21:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB894871$
2008-10-07 21:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB894391_0$
2008-10-07 21:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-10-07 21:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-10-07 21:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB893357$
2008-10-07 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB893066$
2008-10-07 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB893056$
2008-10-07 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-10-07 21:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-10-07 21:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB890175$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB889673$
2008-10-07 21:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-10-07 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB888113$
2008-10-07 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-10-07 21:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885855$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-10-07 21:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-10-07 21:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB885250$
2008-10-07 21:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-10-07 21:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB873333$
2008-10-07 21:20:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-07 21:19:30 ----D---- C:\VALUEADD
2008-10-07 21:19:24 ----D---- C:\TOOLSCD
2008-10-07 21:11:14 ----D---- C:\SUPPORT
2008-10-07 21:11:14 ----D---- C:\Program Files\xerox
2008-10-07 21:11:13 ----D---- C:\Program Files\Windows NT
2008-10-07 21:11:12 ----D---- C:\Program Files\Windows Media Player
2008-10-07 21:11:10 ----D---- C:\Program Files\TOSHIBA
2008-10-07 21:10:32 ----D---- C:\Program Files\Synaptics
2008-10-07 21:10:16 ----D---- C:\Program Files\Sonic
2008-10-07 21:10:15 ----D---- C:\Program Files\Services en ligne
2008-10-07 21:09:58 ----D---- C:\Program Files\Realtek
2008-10-07 21:09:58 ----D---- C:\Program Files\Outlook Express
2008-10-07 21:09:56 ----D---- C:\Program Files\Online Services
2008-10-07 21:09:55 ----AD---- C:\Program Files\Offre Wanadoo
2008-10-07 21:09:21 ----D---- C:\Program Files\NetMeeting
2008-10-07 21:09:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-07 21:09:00 ----D---- C:\Program Files\MSN
2008-10-07 21:09:00 ----D---- C:\Program Files\Movie Maker
2008-10-07 21:08:55 ----D---- C:\Program Files\Microsoft.NET
2008-10-07 21:08:51 ----D---- C:\Program Files\Microsoft Office
2008-10-07 21:08:39 ----D---- C:\Program Files\microsoft frontpage
2008-10-07 21:08:37 ----D---- C:\Program Files\ltmoh
2008-10-07 21:08:09 ----D---- C:\Program Files\Java
2008-10-07 21:08:01 ----D---- C:\Program Files\InterVideo
2008-10-07 21:06:36 ----D---- C:\Program Files\Fichiers communs\System
2008-10-07 21:05:46 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2008-10-07 21:05:46 ----D---- C:\Program Files\Fichiers communs\Services
2008-10-07 21:05:46 ----D---- C:\Program Files\Fichiers communs\ODBC
2008-10-07 21:05:45 ----D---- C:\Program Files\Fichiers communs\MSSoap
2008-10-07 21:05:03 ----D---- C:\Program Files\Fichiers communs\Java
2008-10-07 21:04:59 ----D---- C:\Program Files\Fichiers communs\InstallShield
2008-10-07 21:04:59 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-10-07 21:04:59 ----D---- C:\Program Files\ATI Technologies
2008-10-07 21:03:41 ----D---- C:\Program Files\Adobe
2008-10-07 21:01:56 ----RHD---- C:\MSOCache
2008-10-07 21:01:56 ----D---- C:\I386
2008-10-07 20:54:17 ----D---- C:\Documents and Settings\All Users\Application Data\SBSI
2008-10-07 20:54:17 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-07 15:08:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-07 13:48:51 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2008-10-07 13:48:50 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-07 13:48:49 ----D---- C:\Program Files\Symantec
2008-10-07 13:42:24 ----SD---- C:\WINDOWS\Tasks
2008-10-07 13:41:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-07 13:40:26 ----D---- C:\WINDOWS\oemdrv
2008-10-07 13:39:58 ----D---- C:\Documents and Settings
2008-10-07 13:39:07 ----SHD---- C:\System Volume Information
2008-10-07 13:38:52 ----D---- C:\Program Files\Atheros
2008-10-07 13:38:49 ----RASH---- C:\boot.ini
2008-10-07 13:38:21 ----D---- C:\WINDOWS\Registration
2008-10-07 13:33:25 ----A---- C:\WINDOWS\system.ini
2008-10-07 13:17:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-07 13:13:31 ----D---- C:\WINDOWS\system32\config
2008-10-07 12:55:34 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-07 12:55:31 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-07 17801]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-09-12 468736]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-11 4064256]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-15 185728]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
S3 catchme;catchme; \??\C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\catchme.sys []
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2005-07-08 36864]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-08-10 35328]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 138168]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Répondre à guidu02

sKe69, le 13 oct 2008 à 18:26:39

Tres bien ....

Supprimes "RSIT.exe" et "OTMoveIt3.exe" qui sont sur ton bureau ainsi que ces 2 dossiers :
C:\rsit et C:\_OTMoveIt

ensuite fais ceci dans l'ordre :

1-Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/TC/ToolsCleaner2.exe

Déconnectes toi et fermes bien toutes tes applications en cours .

Lances le .
*Cliques sur Recherche et laisses le scan se terminer (cela peut être long).
*Cliques sur Suppression pour finaliser.
*Tu peux, si tu le souhaites, te servir des Options facultatives
*Cliques sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Postes ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolscleaner2 n'a pas supprimé .

( gardes CCleaner et Malwarebytes : très utiles ! )

2- Refais un coup de CCleaner ( registre compris ) .

3- Retélécharges et réinstalles hijackthis ( car supprimé par Toolscleaner2 ) ,

Télécharges et installes le logiciel HijackThis :

ici ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici http://www.clubic.com/lancer-le-telechargement-51452-0-hijackthis.html

-> Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne fais pas de scan pour le momment )

4- Purge de la restauration système
*Désactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC
*Réactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC
( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).

5- Fais ce scan en ligne pour vérifier :

Fais un scan en ligne avec Kaspersky : http://webscanner.kaspersky.fr/
- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >.
Le scan ne marche que sous Internet Explorer(et pas sous firefox ou autre...).
- On va te demander de télécharger un contôle active x, accepte .
- Dans le menu Choisissez la cible de l'analyse, sélectionne Poste de travail. Le scan va commencer.
- Sauvegardes le rapport qui sera généré, puis copies/colles le dans ta prochaine réponse pour analyse et attends la suite ...

--> tuto :
http://www.malekal.com/scan_Av_en_ligne.html#mozTocId291566

Note :
*Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

*S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : http://www.inoculer.com/activex.php3
Rappel : le scan est à faire sous Internet Explorer ! "Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne
vous l'a pas dit !

Répondre à sKe69

guidu02, le 13 oct 2008 à 18:37:25

[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\SDFIX: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Guillaume\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\Guillaume\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Guillaume\Bureau\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Guillaume\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\Guillaume\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Guillaume\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Répondre à guidu02

31 réponses 12 Suivant

Posez votre question Répondre