Antivirus XP, fond bleu, etc...

par **BlackY58** » **17 Aoû 2008 13:00**

Bonjour à tous! Voilà comme beaucoup de gens ici, j'ai attrapé antivirus XP en regardant des roms DS sur des sites... J'ai donc un fond d'écran bleu avec plein de conn****. J'ai déjà viré antivirus XP avec "l'astuce" du mode sans echec.

J'ai un peu fouillé sur le forum et j'ai remarqué que chaque cas est particulier.

J'ai installé hijackthis. Voilà ce que donne mon hijackthis.log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:29, on 17/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S101.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition D¨|couverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lphc7utj0e56v] C:\WINDOWS\system32\lphc7utj0e56v.exe
O4 - HKLM\..\Run: [SMrhc3utj0e56v] C:\Program Files\rhc3utj0e56v\rhc3utj0e56v.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RéSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra 'Tools' menuitem: &Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {3C38DEE8-BE1A-4DEC-B232-2C78706CC7EA} - http://ps.itv.mop.com/update/update/GUp ... signed.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {6BBB1C53-B652-43D9-A267-F6EAD21137CF} - http://www.cciptv.com/zaixianyanshi/con ... tvctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF5599D9-85BC-4EC2-996D-2C9C61D80022} - http://www.cciptv.com/zaixianyanshi/con ... tvctrl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BoBoTurbo - 广州易播信息科技有限公司 - C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9542 bytes

J'ai utilisé aussi dss voilà ce que donne les choses:

main.txt

Deckard's System Scanner v20071014.68
Run by TEA on 2008-08-17 12:38:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 3 Restore Point(s) --
3: 2008-08-17 10:39:06 UTC - RP807 - Deckard's System Scanner Restore Point
2: 2008-08-17 10:00:56 UTC - RP806 - Last good restore point
1: 2008-08-17 10:00:48 UTC - RP805 - Point de vérification système

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).

-- HijackThis (run as TEA.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:08, on 17/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\lphc7utj0e56v.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\TEA\Bureau\dss.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\TEA.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S101.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition D¨|couverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lphc7utj0e56v] C:\WINDOWS\system32\lphc7utj0e56v.exe
O4 - HKLM\..\Run: [SMrhc3utj0e56v] C:\Program Files\rhc3utj0e56v\rhc3utj0e56v.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RéSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra 'Tools' menuitem: &Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {3C38DEE8-BE1A-4DEC-B232-2C78706CC7EA} - http://ps.itv.mop.com/update/update/GUp ... signed.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {6BBB1C53-B652-43D9-A267-F6EAD21137CF} - http://www.cciptv.com/zaixianyanshi/con ... tvctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF5599D9-85BC-4EC2-996D-2C9C61D80022} - http://www.cciptv.com/zaixianyanshi/con ... tvctrl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BoBoTurbo - 广州易播信息科技有限公司 - C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9564 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 fbxusb (Carte réseau virtuelle FreeBox USB) - c:\windows\system32\drivers\fbxusb32.sys <Not Verified; FreeBox SA; Carte réseau virtuelle FreeBox USB pour Windows 2000/XP>

S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 SymEvent - c:\program files\symantec\symevent.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-08-17 12:00:25 408 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-08-13 19:14:15 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-07-17 and 2008-08-17 -----------------------------

2008-08-17 12:46:16 0 d-------- C:\Program Files\Trend Micro
2008-08-17 11:20:11 94208 --a------ C:\WINDOWS\system32\pphc7utj0e56v.exe
2008-08-17 11:20:11 0 d-------- C:\Documents and Settings\TEA\Application Data\rhc3utj0e56v
2008-08-17 11:17:22 126976 --a------ C:\WINDOWS\system32\lphc7utj0e56v.exe
2008-08-17 11:14:55 30208 --a------ C:\WINDOWS\system32\a.exe
2008-08-09 23:41:52 0 d-------- C:\Program Files\Microsoft Silverlight
2008-08-02 04:03:09 16 --a------ C:\WINDOWS\RSBDBACKUP.DLL
2008-07-27 22:55:35 0 dr--s---- C:\RavBin
2008-07-27 22:54:07 0 d-------- C:\Program Files\Rising
2008-07-27 20:06:53 110592 -rah----- C:\WINDOWS\system32\tsccvid.dll <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2008-07-25 00:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

-- Find3M Report ---------------------------------------------------------------

2008-08-15 03:13:35 0 d-------- C:\Program Files\Messenger
2008-08-13 11:06:21 3364 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-09 13:51:44 0 d-------- C:\Program Files\PPLive
2008-08-04 22:24:18 0 d-------- C:\Documents and Settings\TEA\Application Data\ppstream
2008-08-03 18:56:56 0 d-------- C:\Program Files\PPStream
2008-08-01 21:52:39 0 d-------- C:\Documents and Settings\TEA\Application Data\Macromedia
2008-07-28 03:23:45 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-07-28 03:21:29 0 d-------- C:\Program Files\Fichiers communs
2008-07-27 22:48:38 0 d-------- C:\Program Files\Symantec
2008-07-23 00:50:11 0 d-------- C:\Program Files\StormII
2008-07-23 00:34:51 2502 --a------ C:\WINDOWS\system32\cid_store.dat
2008-07-01 19:29:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-26 15:49:53 0 d-------- C:\Program Files\PENDULO Studios

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Program Files\RXToolBar\sfcont.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [05/03/2003 17:49 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [06/02/2003 21:26]
"SoundMan"="SOUNDMAN.EXE" [10/02/2003 16:59 C:\WINDOWS\SOUNDMAN.EXE]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [20/09/2002 15:16]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [11/09/2002 12:58]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [11/09/2002 12:57]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [09/07/2001 12:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe" [21/02/2006 06:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [23/06/2005 21:33]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 07:31]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [30/08/2002 14:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [30/08/2002 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [30/08/2002 14:00]
"NMGameX_AutoRun"="NMGameX.dll" [10/07/2006 11:20 C:\WINDOWS\system32\NMGameX.dll]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/07/2008 09:52]
"lphc7utj0e56v"="C:\WINDOWS\system32\lphc7utj0e56v.exe" [17/08/2008 11:17]
"SMrhc3utj0e56v"="C:\Program Files\rhc3utj0e56v\rhc3utj0e56v.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [20/08/2004 01:09]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [08/03/2007 08:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [26/12/2007 18:33]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 17:45]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [19/05/2008 15:20]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [28/07/2006 17:08:37]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [08/03/2007 08:34:21]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 09:01:04]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [21/06/2007 12:07:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5c08c24-5fb3-11dd-9244-0007cb0000ff}]
AutoRun\command- pagefile.pif
explore\Command- pagefile.pif
open\Command- pagefile.pif

-- End of Deckard's System Scanner: finished at 2008-08-17 12:48:24 ------------

par **BlackY58** » **17 Aoû 2008 13:01**

extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: Intel(R) Pentium(R) 4 CPU 2.53GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 255.48 MiB / 80.3 MiB
Pagefile Memory (total/avail): 618.33 MiB / 349.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.15 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 42.53 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 76.32 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

AV: Bitdefender Antivirus v8.0 (BitDefender) Disabled
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\blacky58\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\blacky58\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPS网络电视"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\blacky58\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\blacky58\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUSEE"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:UUSEE"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\UUSee\\UURecorder.exe"="C:\\Program Files\\uusee\\UURecorder.exe:*:Enabled:UURecorder"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\\Documents and Settings\\TEA\\Local Settings\\Temp\\Répertoire temporaire 1 pour coolchess.zip\\Cool Chess.exe"="C:\\Documents and Settings\\TEA\\Local Settings\\Temp\\Répertoire temporaire 1 pour coolchess.zip\\Cool Chess.exe:*:Enabled:Cool Chess"
""="\\"C:\\Program Files\\PPStream\\PPStream.exe\\" \\"C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream\\""
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Documents and Settings\\TEA\\Mes documents\\zhang\\viviplay.exe"="C:\\Documents and Settings\\TEA\\Mes documents\\zhang\\viviplay.exe:*:Disabled:ViViMediaPlay"
"C:\\Documents and Settings\\TEA\\Bureau\\viviplay.exe"="C:\\Documents and Settings\\TEA\\Bureau\\viviplay.exe:*:Enabled:ViViMediaPlay"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS 网络加速器"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Enabled:Wish Application"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exe:*:Disabled:a"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\TEA\Application Data
CLASSPATH=C:\Program Files\PhotoDeluxe HE 3.1\AdobeConnectables;
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=TEA-SXB4I6QKKUD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\TEA
LOGONSERVER=\\TEA-SXB4I6QKKUD
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\ATI-CPanel;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\StormII\Codec;C:\Program Files\StormII
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TEA\LOCALS~1\Temp
TMP=C:\DOCUME~1\TEA\LOCALS~1\Temp
USERDOMAIN=TEA-SXB4I6QKKUD
USERNAME=TEA
USERPROFILE=C:\Documents and Settings\TEA
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

TEA (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNIN040C.EXE -f"C:\Program Files\PhotoDeluxe HE 3.1\DeIsL1.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
??í?í¨′?D?DD?é --> C:\WINDOWS\TdxUnInstall.exe c:\jcb_gx\
3ivx D4 4.0.4 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.0.4\uninstall.exe"
ABC Amber PowerPoint Converter --> C:\PROGRA~1\ABCAMB~1\UNWISE.EXE C:\PROGRA~1\ABCAMB~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 - Fran?ais --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
Adobe Reader Chinese Simplified Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2447-0000-705000000001}
Adobe Type Manager 4.0 --> C:\WINDOWS\unin040c.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu"
Adobe? Photoshop? Album Edition Découverte 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
aMSN 0.97 --> C:\Program Files\aMSN\uninstall.exe
AntivirXP08 --> "C:\Program Files\rhc3utj0e56v\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI Control Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Complément Microsoft Word pour Microsoft Works Suite --> MsiExec.exe /I{F6B1CD0F-DB2D-4666-A168-C46390AD8C4A}
Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287) --> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Counter-Strike(TM) --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Encyclopédie Microsoft Encarta 2003 --> MsiExec.exe /I{03460014-3975-4267-9F39-1DC4745090B7}
EPSON-Drucker-Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
ESDX4000_4050_CX3900 --> C:\Program Files\EPSON\TPMANUAL\ESDX4000_4050_CX3900\USE_G\DOCUNINS.EXE
Farces & Attrapes (suppression des blagues) --> "C:\Documents and Settings\TEA\Mes documents\Mes fichiers re?us\pour_fran?ois.exe" /uninstall
FM Scout --> C:\Documents and Settings\TEA\Mes documents\Fran?ois\jeu\FM\FMScout\Uninstall.exe
Football Manager 2005 Demo --> MsiExec.exe /I{C6EB9182-27BD-425B-927B-29DE2A8737B8}
Football Manager 2005 Update Build 1.0 --> "C:\Documents and Settings\TEA\Mes documents\Fran?ois\jeu\FM\Football Manager 2005\data\db\setup\uninst.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Iomega Product Registration --> MsiExec.exe /X{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech IM Video Companion --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{984F10FD-11FD-4BED-8163-92DB81E6A825}\Setup.exe" -l0x40c UNINSTALL
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
MC Editor --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D18BFE1E-D708-4029-8F62-69FAADA526C0}\setup.exe" -l0x9 -removeonly
MCFM 05 --> MsiExec.exe /I{81A1422D-BBC9-4B7A-B7D3-559242491B48}
MCFM 05 --> MsiExec.exe /I{925D9154-A649-4121-97BF-BC86A0D926C5}
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{9084040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (French) --> MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002 --> MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0 --> MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mise ?jour de s閏urit?pour Lecteur Windows Media 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB946648) --> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB950974) --> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB951066) --> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB952954) --> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise ?jour de s閏urit?pour Windows XP (KB953839) --> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise ?jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise ?jour pour Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Mise ?jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise ?jour pour Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise ?jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise ?jour pour Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Mise ?jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise ?jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise ?jour pour Windows XP (KB951072-v2) --> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913433) --> C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.inf
Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3播放器管理工具 4.04 --> MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MSN Webcam Recorder 11.1 --> MsiExec.exe /I{0991E101-B081-4F65-B30A-5BEDA8CF7CEE}
MSP3885-E 56K PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D88122D\HxfSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_8D88122D
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nintendo Wi-Fi USB Connector Registration Tool --> C:\Program Files\WiFiConnector\SoftAPUninst.exe
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
Pack Maillots 2005/2006 Ligue 1 Par BegoodManager --> C:\Documents and Settings\TEA\Mes documents\Fran?ois\jeu\FM\Football Manager 2005\data\graphics\pictures\clubs\fra\ligue 1\Uninstal.exe
Peer Points Manager --> "C:\Program Files\Altnet\Download Manager\AltnetUninstall.exe" -m
Playlist tool --> MsiExec.exe /I{2C4A5877-21D1-4A15-9D20-24BA54A24093}
PPLive 1.9 --> C:\Program Files\PPLive\uninst.exe
Quick Zip 3.06.1 --> "C:\Program Files\QuickZip\unins000.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RUNAWAY 2 - The dream of the turtle --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DE0CE4-F38A-4DA7-81DF-949E615EA0AB}\setup.exe"
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Sélecteur d'installation de Microsoft Works Suite 2003 --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TVAnts ActiveX Control 1.0 --> C:\PROGRA~1\TVAntsX\UNWISE.EXE C:\PROGRA~1\TVAntsX\INSTALL.LOG
Vista Dual Scan --> "C:\Program Files\AxBx\Vista Dual Scan\unins000.exe"
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Voice yepp --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9933419-4B3D-42DC-A09F-1DC26E51DDA1}\SETUP.EXE"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
鑫网通达信行情 --> C:\WINDOWS\TdxUnInstall.exe c:\jcb_gx\

-- Application Event Log -------------------------------------------------------

Event Record #/Type304 / Error
Event Submitted/Written: 08/17/2008 11:54:07 AM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante uninstall.exe, version 0.0.0.0, module défaillant uninstall.exe, version 0.0.0.0, adresse de défaillance 0x0003215e.
Traitement de l'événement propre au support pour [uninstall.exe!ws!]

Event Record #/Type303 / Error
Event Submitted/Written: 08/17/2008 11:35:17 AM
Event ID/Source: 1001 / Application Error
Event Description:
Détecteur d'erreurs 886405375.
L'échange de clé Wep n'a pas abouti à une installation de connexion sécurisée après l'authentification 802.1x. Le paramètre actuel a été marqué comme défectueux, et la connexion sans fil va être déconnectée.

Event Record #/Type302 / Error
Event Submitted/Written: 08/17/2008 11:35:10 AM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante uninstall.exe, version 0.0.0.0, module défaillant uninstall.exe, version 0.0.0.0, adresse de défaillance 0x0003215e.
Traitement de l'événement propre au support pour [uninstall.exe!ws!]

Event Record #/Type301 / Error
Event Submitted/Written: 08/17/2008 11:35:02 AM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante uninstall.exe, version 0.0.0.0, module défaillant uninstall.exe, version 0.0.0.0, adresse de défaillance 0x0003215e.
Traitement de l'événement propre au support pour [uninstall.exe!ws!]

Event Record #/Type300 / Error
Event Submitted/Written: 08/17/2008 11:33:43 AM
Event ID/Source: 1001 / Application Error
Event Description:
Détecteur d'erreurs 886405375.
L'échange de clé Wep n'a pas abouti à une installation de connexion sécurisée après l'authentification 802.1x. Le paramètre actuel a été marqué comme défectueux, et la connexion sans fil va être déconnectée.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type33422 / Error
Event Submitted/Written: 08/17/2008 00:43:48 PM
Event ID/Source: 7 / Disk
Event Description:
Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Event Record #/Type33421 / Error
Event Submitted/Written: 08/17/2008 00:43:46 PM
Event ID/Source: 7 / Disk
Event Description:
Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Event Record #/Type33420 / Error
Event Submitted/Written: 08/17/2008 00:43:44 PM
Event ID/Source: 7 / Disk
Event Description:
Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Event Record #/Type33419 / Error
Event Submitted/Written: 08/17/2008 00:40:48 PM
Event ID/Source: 7 / Disk
Event Description:
Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Event Record #/Type33385 / Error
Event Submitted/Written: 08/17/2008 11:56:09 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a re?u l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""
pour démarrer le serveur?:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

-- End of Deckard's System Scanner: finished at 2008-08-17 12:48:24 ------------

Voilà, merci de prendre votre temps pour m'aider!

par **Dell** » **17 Aoû 2008 14:18**

Bonjour BlackY58

Bienvenu sur Libellules.

pour le log HijackThis v2.0.2 il te faudra attendre une réponse de Falkra ou d'Ogu...

il ne fallait surtout pas faire d'autres analyses sans que cela soit demandé :!:

chaque-procedure-est-pour-1-machine-n-essayez-pas-chez-vous-t29040.html#p182289

_DELL_

par **Loup Blanc** » **17 Aoû 2008 15:09**

Bonjour BlackY58, Dell

Il y a effectivement plusieurs signes infectieux dans ces rapports,

Pour commencer, fait ceci : (Imprime ou sauvegarde ces instructions pour pouvoir les avoir sous les yeux pendant la procédure, tu n'auras pas accès au Net pendant une partie de celle-ci)

Télécharge SDFix (de Andy Manchesta) sur ton bureau
Double clique sur SDFix.exe puis sur Install, clique ensuite sur Browse pour installer Sdfix sur ton bureau.
Redémarre ton PC en mode sans échecs (Touche F8 au démarrage du PC juste avant l'apparition du chenillard de Windows)
Ouvre le dossier SDFix qui se trouve maintenant sur ton bureau et lance le script en faisant un double clic sur le fichier RunThis.bat .
Accepte le lancement en appuyant sur Y.
Ton bureau va disparaître pendant le nettoyage,
A la fin du scan accepte le redémarrage de ton PC et laisse le nettoyage se poursuivre jusqu'à la fin.
Le rapport de nettoyage va s'ouvrir, copie/colle tout son contenu dans ton prochain message (tu pourras trouver ce rapport dans le répertoire de Sdfix : report.txt).

Ensuite, on continue :

Télécharge Malwarebyte Antimalwares, lance l'installation puis accepte la mise à jour,
Ferme le programme,
Redémarre ton PC en mode sans échec (touche F8 au démarrage du PC, avant l'apparition du chenillard de Windows))
Lance Malwarebyte
Dans l'onglet «Recherche», sélectionne «Exécuter un examen rapide»
Clique sur «Rechercher»
A la fin du scan, si des malwares ont été trouvés, clique sur «Afficher le résultat», puis clique sur «Supprimer la sélection» .
Profite du mode sans échecs pour lancer un scan complet de ton PC avec ton Antivirus (AVG8)
Redémarre ton PC en mode normal.
Poste le rapport de Malwarebyte que tu trouveras dans l'onglet Rapport/Logs avec la date du scan, ainsi que le rapport du scan de AVG8.

Poste enfin un nouveau rapport Hijackthis.

par **BlackY58** » **17 Aoû 2008 18:21**

Merci pour les réponses!

J'ai fait la 1ere étape avec SDFix et voilà ce que ça donne:

SDFix: Version 1.216
Run by TEA on 17/08/2008 at 17:33

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\TEA\Bureau\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\pphc7utj0e56v.exe - Deleted
C:\WINDOWS\SYSTEM32\PPHC7U~1.EXE - Deleted
C:\DOCUME~1\TEA\LOCALS~1\Temp\.tt20.tmp - Deleted
C:\DOCUME~1\TEA\LOCALS~1\Temp\.tt3D.tmp - Deleted
C:\DOCUME~1\TEA\LOCALS~1\Temp\.tt4.tmp - Deleted
C:\DOCUME~1\TEA\LOCALS~1\Temp\.ttC.tmp - Deleted
C:\DOCUME~1\TEA\LOCALS~1\Temp\.ttF.tmp - Deleted
C:\WINDOWS\system32\a.exe - Deleted
C:\WINDOWS\smdat32a.sys - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 18:03:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"Carte r焑au Fast Ethernet PCI Realtek RTL8139 Family?"=str(7):"1\0"
"Miniport r焑au 爀ndu (L2TP)??"=str(7):"1\0"
"Miniport r焑au 爀ndu (PPTP)??"=str(7):"1\0"
"Parall\e direct?"=str(7):"1\0"
"Miniport r焑au 爀ndu (IP)??"=str(7):"1\0"
"Connexion TV/vid?Microsoft?"=str(7):"1\0"
"Carte r焑au virtuelle FreeBox USB?"=str(7):"1\0002\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Gestionnaire de session d'aide sur le Bureau ?distance]
"EventMessageFile"="C:\WINDOWS\system32\sessmgr.exe"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\TEA\Local Settings\Temp\R渆rtoire temporaire 1 pour coolchess.zip\Cool Chess.exe?"="C:\Documents and Settings\TEA\Local Settings\Temp\R閜ertoire temporaire 1 pour coolchess.zip\Cool Chess.exe:*:Enabled:Cool Chess"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"Carte r焑au Fast Ethernet PCI Realtek RTL8139 Family?"=str(7):"1\0"
"Miniport r焑au 爀ndu (L2TP)??"=str(7):"1\0"
"Miniport r焑au 爀ndu (PPTP)??"=str(7):"1\0"
"Parall\e direct?"=str(7):"1\0"
"Miniport r焑au 爀ndu (IP)??"=str(7):"1\0"
"Connexion TV/vid?Microsoft?"=str(7):"1\0"
"Carte r焑au virtuelle FreeBox USB?"=str(7):"1\0002\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\Gestionnaire de session d'aide sur le Bureau ?distance]
"EventMessageFile"="C:\WINDOWS\system32\sessmgr.exe"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\TEA\Local Settings\Temp\R渆rtoire temporaire 1 pour coolchess.zip\Cool Chess.exe?"="C:\Documents and Settings\TEA\Local Settings\Temp\R閜ertoire temporaire 1 pour coolchess.zip\Cool Chess.exe:*:Enabled:Cool Chess"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"Windows par d抋ut?"="",,,,,,,,,,,,,""
"Windows anim?"=""C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,""
"Windows Noir (trc grande police)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
"Windows Invers?"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur"
"Windows Invers?(grande police)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur"
"Windows Invers?(trc grande police)??"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur"
"Windows Standard (trc grande police)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\All Users\Menu D檃rrer\Programmes\Microsoft Works\?"=""
"C:\Documents and Settings\All Users\Menu D檃rrer\Programmes\Outils Microsoft Office\?"=""
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\?"=""
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\1033\?"=""
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\1036\?"=""
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\Pushpins\?"=""
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\Tasks\?"=""
"C:\Documents and Settings\All Users\Menu D檃rrer\Programmes\Microsoft Encarta\?"=""
"C:\Documents and Settings\All Users\Menu D檃rrer\Programmes\Norton AntiVirus\?"=""
"C:\Documents and Settings\TEA\Menu D檃rrer\Programmes\Valve\Steam\?"=""
"C:\Documents and Settings\TEA\Menu D檃rrer\Programmes\Valve\?"=""
"C:\Documents and Settings\TEA\Menu D檃rrer\Programmes\Valve\Counter-Strike\?"=""
"C:\Documents and Settings\TEA\Menu D檃rrer\Programmes\Sports Interactive\Football Manager 2005 Demo\Websites\?"=""
"C:\Documents and Settings\TEA\Menu D檃rrer\Programmes\Sports Interactive\Football Manager 2005 Demo\?"=""
"C:\Documents and Settings\TEA\Menu D檃rrer\Programmes\Sports Interactive\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Apps\?"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\?"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\?"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\locales\?"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\?"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\locales\fr_fr\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Apps\Legal\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\caticons\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\locales\fr_fr\bitmaps\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\layouts\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\locales\fr_fr\upsell\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\locales\fr_fr\upsell\images\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Apps\tools\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\database\odbc\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\database\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\combined_bitmaps\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\combined_bitmaps\authoring_wiz\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\combined_bitmaps\custom_window\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\combined_bitmaps\main_window\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\combined_bitmaps\tag_palette\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\combined_bitmaps\widgets\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Shared_Assets\combined_bitmaps\workflow_icons\?"=""
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Apps\moxplugins\?"=""
"C:\Documents and Settings\All Users\Menu D檃rrer\Programmes\QuickTime\?"=""
"C:\Documents and Settings\All Users\Menu D檃rrer\Programmes\iTunes\?"=""
"C:\Documents and Settings\All Users\Menu D檃rrer\Programmes\Windows Live\?"=""
"C:\Documents and Settings\TEA\Menu D檃rrer\Programmes\IOMEGA ScreenPlay\?"=""
"C:\Documents and Settings\TEA\Menu D檃rrer\Programmes\MSN Webcam Recorder\?"=""
"C:\Documents and Settings\All Users\Menu D檃rrer\Programmes\Windows Media\?"=""
"C:\Documents and Settings\All Users\Menu D檃rrer\Programmes\Windows Media\Utilities\?"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\MAPOBJ90.DLL?"=dword:00000001
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\encarta.exe?"=dword:00000001
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\encartau.dll?"=dword:00000001
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\encartar.dll?"=dword:00000001
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\ENCSPLSH.DLL?"=dword:00000001
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\DW.EXE?"=dword:00000001
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\1033\DWINTL.DLL?"=dword:00000001
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\1036\DWINTL.DLL?"=dword:00000001
"C:\Program Files\Microsoft Encarta\Encyclop恑e 2003\MSSP232.DLL?"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\StillImage\Registered Applications]
"Photoshop Album Edition D弌uverte 3.0?"="C:\Program Files\Adobe\Photoshop Album Edition D閏ouverte\3.0\Apps\psaproxy.exe /StiDevice:%1 /StiEvent:%2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER ]
"DisplayName"="SUPER ?Version 2008.bld.30 (Mar 22, 2008)"
"UninstallString"="C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0"
"InstallDate"="2008-05-15 08:24:26"
"InstallLocation"="C:\Program Files\eRightSoft\SUPER"
"InstallSource"="C:\Documents and Settings\TEA\Bureau"
"DisplayIcon"="C:\Program Files\eRightSoft\SUPER\SUPER.exe"
"DisplayVersion"="Version 2008.bld.30 (Mar 22, 2008)"
"VersionMajor"=dword:00000000
"VersionMinor"=dword:00000000
"Publisher"="eRightSoft"
"HelpLink"="http://www.eRightSoft.com"
"URLInfoAbout"="http://www.eRightSoft.com"
"URLUpdateInfo"="http://www.eRightSoft.com"
"Contact"="support@eRightSoft.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"WST_Czec (toutes r無lutions)?"="wst_czec.FON"
"WST_Engl (toutes r無lutions)?"="wst_engl.FON"
"WST_Fren (toutes r無lutions)?"="wst_fren.FON"
"WST_Germ (toutes r無lutions)?"="wst_germ.FON"
"WST_Ital (toutes r無lutions)?"="wst_ital.FON"
"WST_Span (toutes r無lutions)?"="wst_span.FON"
"WST_Swed (toutes r無lutions)?"="wst_swed.FON"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion]
"IQ\ah朑??"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Volume Control\Realtek AC97 Audio\Contr:e du vol]
"LineStates"=hex:00,00,00,00,43,00,6f,00,6e,00,74,00,72,00,f4,00,6c,00,65,00,20,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessoires\Accessibilit]
"Order"=hex:08,00,00,00,02,00,00,00,74,02,00,00,01,00,00,00,04,00,00,00,98,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessoires\Outils syst]e]
"Order"=hex:08,00,00,00,02,00,00,00,ae,05,00,00,01,00,00,00,09,00,00,00,ca,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\h黓
"禊T\x20ac???"=dword:00000001
"禊9eQ???"=dword:00000001
"\20?nO:y??"=dword:00000001
"\26Y\1xO:y?"=dword:00000001
"]zz<h?"=dword:00000000
"IQ\ah朑??"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\厅]
"禊T\x20ac???"=dword:00000001
"禊9eQ???"=dword:00000001
"\20?nO:y??"=dword:00000001
"\26Y\1xO:y?"=dword:00000001
"]zz<h?"=dword:00000000
"IQ\ah朑??"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\?]
"禊T\x20ac???"=dword:00000001
"禊9eQ???"=dword:00000001
"\20?nO:y??"=dword:00000001
"\26Y\1xO:y?"=dword:00000001
"]zz<h?"=dword:00000000
"IQ\ah朑??"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\TEA\Mes documents\Frans\jeu\FM\Football Manager 2005\fm2005.exe?"="Football Manager 2005"
"C:\Documents and Settings\TEA\Mes documents\Frans\jeu\FM\FMScout\FMScout.exe?"="FMScout"
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Apps\ComponentLauncher.exe?"="Adobe Photoshop Album Starter Edition 3.0 (Viewer)"
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Apps\apdproxy.exe?"="Adobe Photoshop Album Starter Edition 3.0 component"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Manga\Namadashi\Nama_chap4.exe?"="Nama_chap4"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 19 - Ne dites pas quon ne vous avait pas prevenus !.exe?"="Tome 19 - Ne dites pas quon ne vous avait pas prevenus !"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 07 - Soson Goku grandi dun seul coup.exe?"="Tome 07 - Soson Goku grandi dun seul coup"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 08 - Soson Goku grandi dun seul coup (la cest sur).exe?"="Tome 08 - Soson Goku grandi dun seul coup (la cest sur)"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 09 - Larrivee de Vegeta (et tout et tout).exe?"="Tome 09 - Larrivee de Vegeta (et tout et tout)"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 10 - Qui seme.exe?"="Tome 10 - Qui seme"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 11 - Va de Hostais.exe?"="Tome 11 - Va de Hostais"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 12 - Pluis de marrons.exe?"="Tome 12 - Pluis de marrons"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 13 - Allez-vous en, Monsieur Vegetal !.exe?"="Tome 13 - Allez-vous en, Monsieur Vegetal !"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 02 - Le Maitre Tordu Genial.exe?"="Tome 02 - Le Maitre Tordu Genial"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 03 - Abracadabra.exe?"="Tome 03 - Abracadabra"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 01 - Au Commencement.exe?"="Tome 01 - Au Commencement"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 05 - Changeons tout avec le baton magique.exe?"="Tome 05 - Changeons tout avec le baton magique"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 06 - Une nouvelle edition du Grand Tournoi.exe?"="Tome 06 - Une nouvelle edition du Grand Tournoi"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 15 - Invasion !!!.exe?"="Tome 15 - Invasion !!!"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 16 - Wilma, ratage a domicile !.exe?"="Tome 16 - Wilma, ratage a domicile !"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 17 - Go ! Go ! Power !.exe?"="Tome 17 - Go ! Go ! Power !"
"C:\Documents and Settings\TEA\Mes documents\Frans\Manga\Dragon Ball\Tome 18 - Avec plus de mille elephants !.exe?"="Tome 18 - Avec plus de mille elephants !"
"C:\Documents and Settings\TEA\Mes documents\Frans\jeu\FM\Football Manager 2005\fm data editor.exe?"="FM 2005 Data Editor"
"C:\DOCUME~1\TEA\LOCALS~1\Temp\R渆rtoire temporaire 1 pour PPLiveSetup_1.7.23_PConline.zip\PPLiveSetup(1.7.23).exe?"="PPLiveSetup(1.7.23)"
"C:\DOCUME~1\TEA\LOCALS~1\Temp\R渆rtoire temporaire 1 pour manager2007_JeuxVideo.com_12965.zip\Setup FM2007 PC.exe?"="Setup FM2007 PC"
"C:\DOCUME~1\TEA\LOCALS~1\Temp\R渆rtoire temporaire 2 pour manager2007_JeuxVideo.com_12965.zip\Setup FM2007 PC.exe?"="Setup FM2007 PC"
"C:\Documents and Settings\TEA\Mes documents\Francois\jeu\Biko 3.part1\Biko 3\[PC.3D-Hentai-Game.-.ENG].Biko.3.-.CD1.(By \xe72bphiroth1983)\biko3.EXE?"="biko3"
"C:\DOCUME~1\TEA\LOCALS~1\Temp\R渆rtoire temporaire 1 pour English EXE - nocd version.zip\biko3.exe?"="biko3"
"C:\DOCUME~1\TEA\LOCALS~1\Temp\R渆rtoire temporaire 1 pour coolchess.zip\Cool Chess.exe?"="Cool Chess"
"C:\Documents and Settings\TEA\Local Settings\Temp\R渆rtoire temporaire 1 pour coolchess.zip\Cool Chess.exe?"="Cool Chess"
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Apps\Photoshop Album Starter Edition.exe?"="Adobe Photoshop Album Starter Edition 3.0"
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\Apps\PsaProxy.exe?"="Adobe Photoshop Album Starter Edition 3.0"
"C:\Program Files\Adobe\Photoshop Album Edition D弌uverte\3.0\shared_assets\locales\fr_fr\ADB2.EXE?"="Product Registration"
"C:\DOCUME~1\TEA\LOCALS~1\Temp\R渆rtoire temporaire 1 pour vistadualscan.zip\setup.exe?"="Vista Dual Scan "
"C:\Documents and Settings\TEA\Mes documents\Mes fichiers res\pour_frans.exe??"="pour_fran鏾is"
"C:\DOCUME~1\TEA\LOCALS~1\Temp\R渆rtoire temporaire 1 pour DeSmuME.0.4.0.zip\NDeSmuME.exe?"="NDS(tm) emulator"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Observateur d'ements]
"SaveSettings"="1"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\blacky58\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\blacky58\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPS网络电视"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\blacky58\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\blacky58\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUSEE"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:UUSEE"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\UUSee\\UURecorder.exe"="C:\\Program Files\\uusee\\UURecorder.exe:*:Enabled:UURecorder"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\\Documents and Settings\\TEA\\Local Settings\\Temp\\Répertoire temporaire 1 pour coolchess.zip\\Cool Chess.exe"="C:\\Documents and Settings\\TEA\\Local Settings\\Temp\\Répertoire temporaire 1 pour coolchess.zip\\Cool Chess.exe:*:Enabled:Cool Chess"
@="\"C:\\Program Files\\PPStream\\PPStream.exe\" \"C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream\""
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Documents and Settings\\TEA\\Mes documents\\zhang\\viviplay.exe"="C:\\Documents and Settings\\TEA\\Mes documents\\zhang\\viviplay.exe:*:Disabled:ViViMediaPlay"
"C:\\Documents and Settings\\TEA\\Bureau\\viviplay.exe"="C:\\Documents and Settings\\TEA\\Bureau\\viviplay.exe:*:Enabled:ViViMediaPlay"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS 网络加速器"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Enabled:Wish Application"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exe:*:Disabled:a"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\TEA\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 20 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Thu 10 Jan 2002 110,592 A..HR --- "C:\WINDOWS\system32\tsccvid.dll"
Sun 30 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Fri 14 Mar 2008 13,824 A.SHR --- "C:\Program Files\eRightSoft\SUPER\DXdump.exe"
Thu 15 May 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 19 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT3.tmp"
Wed 16 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\BIT3.tmp"
Mon 3 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8ec741c57b58a534cd55e8f0ca69e79\BIT2.tmp"
Thu 6 Sep 2007 215,040 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~10C.tmp"
Thu 3 Apr 2008 211,968 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~157.tmp"
Mon 14 Aug 2006 90,112 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~162.tmp"
Fri 4 Aug 2006 90,112 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~18.tmp"
Sun 15 Jul 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~1E8.tmp"
Mon 28 Aug 2006 90,112 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~277.tmp"
Sat 21 Oct 2006 90,112 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~2A.tmp"
Fri 13 Oct 2006 90,112 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~2D.tmp"
Thu 14 Jun 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~3A.tmp"
Mon 4 Jun 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~4.tmp"
Sat 2 Jun 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~45.tmp"
Tue 5 Aug 2008 243,712 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~4DF.tmp"
Mon 4 Jun 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~5.tmp"
Thu 14 Jun 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~59.tmp"
Sat 16 Jun 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~6.tmp"
Thu 17 Aug 2006 90,112 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~61.tmp"
Sat 12 Aug 2006 90,112 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~A3.tmp"
Wed 13 Jun 2007 126,976 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\TEA\LOCALS~1\Temp\~B9.tmp"

Finished!

Je ferai la 2eme partie + tard car ça prend pas mal de temps

Merci encore.

par **Loup Blanc** » **17 Aoû 2008 19:09**

Ok, j'attend la suite.

Pour ce qui est des causes de tes infections, c'est très probablement le P2P et/ou les failles de sécurités dans ton système, par exemple Java (il n'est pas à jour et les anciennes versions n'ont pas été désinstallées) etc.

Ton disque (partition ?) D comporte aussi un ou plusieurs secteurs défectueux, il faudra réparer cela en fin de désinfection.

par **BlackY58** » **17 Aoû 2008 20:14**

J'ai quelques problème avec Malwarebytes' Anti-Malware. Il fait son analyse et un moment, il s'arrête alors qu'il a pas finit. Il dit que je peux cliquer sur AFFICHER LE RESULTAT mais je vois pas où je peux cliquer sur la chose... Donc je sais pas comment faire.

Sinon pour AVG:

AVG 8.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2008 AVG Technologies
Program version 8.0.134, engine 8.0.0
Virus Database: Version 270.6.4/1617 2008-08-17

HKLM\SOFTWARE\Altnet Found Adware.Altnet
HKLM\SOFTWARE\Classes\ADM.ADM Found Adware.Altnet
HKLM\SOFTWARE\Classes\ADM25.ADM25 Found Adware.Altnet
HKLM\SOFTWARE\Classes\ADM4.ADM4 Found Adware.Altnet
HKLM\SOFTWARE\Classes\AppID\adm.EXE Found Adware.Altnet
HKLM\SOFTWARE\Classes\SigningModule.SigningModule Found Adware.Altnet
HKLM\SOFTWARE\Classes\TopSearch.TSLink Found Adware.Altnet
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM Found Adware.Altnet
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\TEA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\TEA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\TEA\Local Settings\Temporary Internet Files\Content.IE5\HWPKRL8S\._file[1].exe Trojan horse SHeur.CCYX Object was moved to Virus Vault.
C:\Documents and Settings\TEA\Mes documents\zhang\powerplayersetup-ifeng.exe Trojan horse Agent.ZMC Object was moved to Virus Vault.
C:\Documents and Settings\TEA\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\TEA\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\Program Files\Altnet\Download Manager\adm25.dll Adware Generic.NM Object was moved to Virus Vault.
C:\Program Files\Altnet\Download Manager\adm4.dll Adware Generic.AYN Object was moved to Virus Vault.
C:\Program Files\Altnet\Download Manager\admdata.dll Adware Generic.AYG Object was moved to Virus Vault.
C:\Program Files\Altnet\Download Manager\admdloader.dll Adware Generic.AYK Object was moved to Virus Vault.
C:\Program Files\Altnet\Download Manager\admfdi.dll Adware Generic.BP Object was moved to Virus Vault.
C:\Program Files\Altnet\Download Manager\admprog.dll Adware Generic.AYP Object was moved to Virus Vault.
C:\Program Files\Altnet\Download Manager\altnetuninstall.exe Adware Generic.BK Object was moved to Virus Vault.
C:\Program Files\Altnet\Download Manager\asm.exe Adware Generic.QAJ Object was moved to Virus Vault.
C:\Program Files\Altnet\Download Manager\asmend.exe Adware Generic2.KCH Object was moved to Virus Vault.
C:\Program Files\Altnet\Download Manager\asmps.dll Adware Generic.AYI Object was moved to Virus Vault.
C:\Program Files\INSTAFINK\instafink.dll Adware Generic.FPX Object was moved to Virus Vault.

------------------------------------------------------------
Objects scanned : 555711
Found infections : 2
Found PUPs : 11
Healed infections : 2
Healed PUPs : 11
Warnings : 8
------------------------------------------------------------

par **Loup Blanc** » **17 Aoû 2008 21:27**

Bizarre ça, normalement le bouton "AFFICHER LE RESULTAT" se trouve en bas à droite de la fenêtre de Mbam.
Regarde si tu as au moins un rapport de scan dans l'onglet Rapport/Logs, si oui, poste son contenu.

Antivirus XP, fond bleu, etc...

Antivirus XP, fond bleu, etc...

Re: Antivirus XP, fond bleu, etc...

Re: Antivirus XP, fond bleu, etc...

Re: Antivirus XP, fond bleu, etc...

Re: Antivirus XP, fond bleu, etc...

Re: Antivirus XP, fond bleu, etc...

Re: Antivirus XP, fond bleu, etc...

Re: Antivirus XP, fond bleu, etc...

Qui est en ligne