oui j'ai fait ce que tu m'as dit et un message est apparu disant que la modification de la base de registre a été désactivée ensuite j 'ai utilisé le rsit et voici les deux rapports
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-01-20 11:20:16
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 13 GB (22%) free of 60 GB
Total RAM: 894 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:17, on 20/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\Administrateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L08FXLRD_1518984] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7505 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-10-28 153008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-12-18 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2009-01-12 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-12-18 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 233472]
"RemoteControl"=C:\WINDOWS\system32\rmctrl.exe [2005-11-22 110592]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 143360]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-12-11 413696]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-03-18 163269]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-01-05 2676144]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5743984]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-12 146680]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"L08FXLRD_1518984"=C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE [2007-06-12 428824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-19 1745408]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-12 47104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRun"=0
"NoFind"=0
"NoLogOff"=0
"NoSetFolders"=0
"DisallowRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\MsnMsgr.Exe:*:Enabled:ipsec"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\MS-DOS.com"="F:\MS-DOS.com:*:Enabled:ipsec"
"C:\WINDOWS\system32\Ati2evxx.exe"="C:\WINDOWS\system32\Ati2evxx.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\hiqc.exe"="C:\WINDOWS\TEMP\hiqc.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\winljxxcc.exe"="C:\WINDOWS\TEMP\winljxxcc.exe:*:Enabled:ipsec"
"C:\Program Files\SuperCopier2\SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\rmctrl.exe"="C:\WINDOWS\system32\rmctrl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qmlrw.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qmlrw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winofrk.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winofrk.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\NeroCheck.exe"="C:\WINDOWS\system32\NeroCheck.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winknywvg.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winknywvg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mjel.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mjel.exe:*:Enabled:ipsec"
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe:*:Enabled:ipsec"
"C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE:*:Enabled:ipsec"
"C:\WINDOWS\ALCMTR.EXE"="C:\WINDOWS\ALCMTR.EXE:*:Enabled:ipsec"
"C:\WINDOWS\AGRSMMSG.exe"="C:\WINDOWS\AGRSMMSG.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\Program Files\Internet Download Manager\IDMan.exe"="C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winresxo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winresxo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugcvpv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugcvpv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrkfauq.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrkfauq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windsebjb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windsebjb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingswj.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingswj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mfdoy.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mfdoy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\anslwp.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\anslwp.exe:*:Enabled:ipsec"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\WISPTIS.EXE"="C:\WINDOWS\system32\WISPTIS.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vnia.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vnia.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaowik.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaowik.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winffto.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winffto.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvqhajn.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvqhajn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gsngw.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gsngw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvf.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\khuh.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\khuh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsirf.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsirf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winllin.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winllin.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingdnhgk.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingdnhgk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fmqtkd.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fmqtkd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmxvhqs.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmxvhqs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dojiiq.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dojiiq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpccyij.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpccyij.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincuygi.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincuygi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpoepft.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpoepft.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tqbcig.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tqbcig.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\oysxg.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\oysxg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nastpk.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nastpk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bdwf.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bdwf.exe:*:Enabled:ipsec"
"C:\Program Files\Windows Live Toolbar\msn_sl.exe"="C:\Program Files\Windows Live Toolbar\msn_sl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlrnt.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlrnt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fhfs.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fhfs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintkfwwr.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintkfwwr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbgufuy.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbgufuy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winymqek.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winymqek.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qoudj.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qoudj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winioop.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winioop.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\owtlmw.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\owtlmw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbwuui.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbwuui.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\epuae.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\epuae.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnrtp.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnrtp.exe:*:Enabled:ipsec"
"C:\Program Files\Internet Download Manager\IEMonitor.exe"="C:\Program Files\Internet Download Manager\IEMonitor.exe:*:Enabled:ipsec"
"C:\Program Files\MSN Messenger\usnsvc.exe"="C:\Program Files\MSN Messenger\usnsvc.exe:*:Enabled:ipsec"
"C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winornkfu.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winornkfu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxqvwhq.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxqvwhq.exe:*:Enabled:ipsec"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00d50ebf-e09a-11dd-bbb7-001636fdc1d8}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3767f17e-c53d-11dd-baf2-001636fdc1d8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Recycler\svchost.exe
shell\open\command - .\Recycler\svchost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{382ff054-c5c7-11dd-bafc-001636fdc1d8}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{382ff055-c5c7-11dd-bafc-001636fdc1d8}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b30f10e-cfa9-11dd-bb47-001636fdc1d8}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a53e19-e22d-11dd-bbbc-001636fdc1d8}]
shell\AutoRun\command - G:\Smith.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83a38c0c-dbc1-11dd-bb9f-001636fdc1d8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Recycler\svchost.exe
shell\open\command - F:\.\Recycler\svchost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af0bf2a2-d5be-11dd-bb79-001636fdc1d8}]
shell\autoplaY\command - F:\wyfu.exe
shell\AutoRun\command - F:\wyfu.exe
shell\expLore\command - F:\wyfu.exe
shell\opeN\command - F:\wyfu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b832f3c9-dd5a-11dd-bba8-001636fdc1d8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Recycler\svchost.exe
shell\open\command - F:\.\Recycler\svchost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3009de-c37e-11dd-baea-001636fdc1d8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Recycler\svchost.exe
shell\open\command - F:\.\Recycler\svchost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2658aff-e2f3-11dd-bbc2-001636fdc1d8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - F:\MS-DOS.com
shell\Open\command - F:\MS-DOS.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2658b00-e2f3-11dd-bbc2-001636fdc1d8}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efc6ac99-e25d-11dd-bbbf-001636fdc1d8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Recycler\svchost.exe
shell\open\command - .\Recycler\svchost.exe
======File associations======
.reg - open - regedit.exe %1
======List of files/folders created in the last 1 months======
2009-01-20 11:05:17 ----D---- C:\rsit
2009-01-20 10:53:45 ----A---- C:\cleannavi.txt
2009-01-19 20:32:48 ----D---- C:\WINDOWS\Temp
2009-01-19 08:08:13 ----A---- C:\fixnavi.txt
2009-01-19 08:07:12 ----D---- C:\Program Files\Navilog1
2009-01-17 15:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-17 15:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-17 15:25:19 ----D---- C:\Program Files\MSXML 6.0
2009-01-17 15:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-17 15:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-16 14:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-16 14:26:52 ----D---- C:\Program Files\FindyKill
2009-01-16 12:46:46 ----A---- C:\TCleaner.txt
2009-01-16 12:12:00 ----D---- C:\Program Files\AxBx
2009-01-15 21:18:43 ----D---- C:\Documents and Settings\All Users\Application Data\CrystalIdea Software
2009-01-15 20:45:19 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-01-15 20:28:44 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-15 20:16:34 ----D---- C:\Program Files\Windows Sidebar
2009-01-15 20:16:34 ----D---- C:\Program Files\Norton AntiVirus
2009-01-15 20:13:07 ----A---- C:\WINDOWS\imsins.BAK
2009-01-15 20:12:44 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-01-15 16:45:36 ----D---- C:\Program Files\Falco Auto Image
2009-01-15 16:45:36 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2009-01-15 15:36:25 ----SHD---- C:\Config.Msi
2009-01-15 15:21:36 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-01-15 14:48:48 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-14 12:27:02 ----A---- C:\WINDOWS\Smith.INI
2009-01-13 10:26:06 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-13 10:26:03 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-01-06 12:06:09 ----D---- C:\Program Files\Microsoft Etudes
2009-01-06 12:04:48 ----D---- C:\Program Files\Learning Essentials
2009-01-06 12:04:24 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-01-06 12:04:11 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-01-06 12:04:10 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-01-06 12:04:09 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-01-06 12:04:07 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-01-06 12:04:06 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-01-06 12:04:05 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-01-06 12:04:05 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-01-06 12:04:04 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-01-05 23:31:04 ----A---- C:\WINDOWS\system32\oeminfo.ini
2009-01-05 16:53:02 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-01-05 16:53:01 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-01-05 16:52:59 ----D---- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2009-01-05 16:52:34 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-01-05 16:52:30 ----D---- C:\Program Files\TuneUp Utilities 2008
2009-01-05 16:51:40 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-01-05 13:55:32 ----D---- C:\Program Files\Uninstall Tool
2009-01-05 13:21:32 ----D---- C:\Program Files\RegCleaner
2009-01-02 21:33:42 ----RSD---- C:\WINDOWS\assembly
2009-01-02 21:32:49 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-30 08:26:52 ----D---- C:\Program Files\Kaspersky Lab
2008-12-27 19:02:34 ----A---- C:\anti -Raila Odinga.exe
2008-12-27 17:20:25 ----D---- C:\Downloads
2008-12-27 17:19:48 ----D---- C:\Program Files\BitComet
2008-12-27 14:48:06 ----D---- C:\Program Files\Fichiers communs\Softwin
2008-12-27 13:04:29 ----D---- C:\Program Files\Total Video Converter
2008-12-26 18:09:19 ----D---- C:\Program Files\LeechGet 2007
2008-12-24 11:33:44 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-24 10:29:20 ----D---- C:\Program Files\Creative
2008-12-24 10:29:20 ----A---- C:\WINDOWS\system32\eax.dll
2008-12-24 10:28:58 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-24 10:16:18 ----D---- C:\Program Files\Lara Croft Tomb Raider - The Angel Of Darkness
======List of files/folders modified in the last 1 months======
2009-01-20 11:20:07 ----D---- C:\WINDOWS\Prefetch
2009-01-20 11:17:07 ----D---- C:\WINDOWS\system32\drivers
2009-01-20 11:16:49 ----D---- C:\Documents and Settings\Administrateur\Application Data\DMCache
2009-01-20 11:15:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-20 11:15:04 ----D---- C:\WINDOWS\system32\config
2009-01-20 10:57:48 ----D---- C:\Program Files\Mozilla Firefox
2009-01-20 10:56:37 ----D---- C:\WINDOWS\system32
2009-01-19 20:32:48 ----D---- C:\WINDOWS
2009-01-19 19:43:54 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-19 12:03:36 ----HD---- C:\WINDOWS\inf
2009-01-19 09:47:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-19 08:07:12 ----RD---- C:\Program Files
2009-01-17 15:25:32 ----SHDC---- C:\WINDOWS\system32\dllcache
2009-01-17 15:25:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-17 15:25:23 ----SHD---- C:\WINDOWS\Installer
2009-01-15 21:04:05 ----D---- C:\WINDOWS\Help
2009-01-15 20:51:18 ----D---- C:\Program Files\Fichiers communs
2009-01-15 20:45:26 ----D---- C:\WINDOWS\security
2009-01-15 20:13:29 ----D---- C:\WINDOWS\WinSxS
2009-01-15 20:13:29 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-01-15 15:56:33 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-15 15:26:37 ----D---- C:\WINDOWS\Minidump
2009-01-15 14:53:34 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-15 14:30:49 ----A---- C:\WINDOWS\system.ini
2009-01-15 08:40:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-13 14:44:54 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-13 12:01:01 ----D---- C:\Documents and Settings\Administrateur\Application Data\IDM
2009-01-09 12:23:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-08 10:25:49 ----D---- C:\WINDOWS\system
2009-01-06 12:20:32 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-01-06 12:08:50 ----RSD---- C:\WINDOWS\Fonts
2009-01-06 12:04:25 ----D---- C:\WINDOWS\system32\DirectX
2009-01-06 12:03:11 ----D---- C:\WINDOWS\system32\mui
2009-01-06 08:14:03 ----RSHD---- C:\RECYCLER
2009-01-05 23:31:05 ----SHD---- C:\System Volume Information
2009-01-05 23:31:05 ----D---- C:\WINDOWS\system32\Restore
2009-01-05 23:19:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-05 21:40:57 ----D---- C:\Program Files\Free FLV Converter
2009-01-05 16:53:07 ----SD---- C:\WINDOWS\Tasks
2009-01-05 12:52:36 ----D---- C:\Program Files\Internet Download Manager
2009-01-02 21:32:53 ----D---- C:\Program Files\Internet Explorer
2008-12-24 10:16:18 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Pilote de
processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\migjdd.sys []
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-18 1155584]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-24 1326528]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-12 1414656]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-12 393216]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 166768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-18 215992]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 162864]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-01-05 355584]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 991744]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
-----------------EOF-----------------
le deuxième rapport
info.txt logfile of random's system information tool 1.05 2009-01-20 11:05:22
======Uninstall list======
-->MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 6.0 Standard - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-BA7E-000000000001}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ALUpdate-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{4002F73D-EBB3-4EA1-A2FF-DBCB4529759E}
Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{51F366F4-C2E4-429A-866A-59C885ED42FD}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE}
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{D518AD32-C710-4616-BA0D-D4B1FA5F82E8}
Falco Auto Image 2.1-->"C:\Program Files\Falco Auto Image\unins000.exe"
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
Free FLV Converter V 5.9.1-->"C:\Program Files\Free FLV Converter\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Les Indispensables Éducation pour Microsoft Office-->MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta 2008 - Études-->MsiExec.exe /I{08181881-FCA5-44A7-B863-D66037A16AAF}
Microsoft Encarta Maths-->MsiExec.exe /I{07183840-959A-4B0D-8825-2C533F0DDB19}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multi Virus Cleaner 2008-->"C:\Program Files\AxBx\Multi Virus Cleaner 2008\unins000.exe"
Navilog1 3.7.1-->"C:\Program Files\Navilog1\unins000.exe"
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{F242B06B-517F-4D62-B654-16B11564A912}
Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Power MP3 WMA Converter 2008, (ver 4.20)-->"C:\Program Files\Power MP3 WMA Converter\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
TOSHIBA Software Modem-->Tosmreg -U
Total Video Converter 3.12 080330-->"C:\Program Files\Total Video Converter\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Uninstall Tool-->"C:\Program Files\Uninstall Tool\unins000.exe"
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WBEncarta-->RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\fr\FR\WBEncarta\Uninstall\Uninstall.inf,Uninstall,,,N
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {05AE605F-3146-46ED-BC52-0A14EBF57962}
Windows Live Toolbar-->MsiExec.exe /X{05AE605F-3146-46ED-BC52-0A14EBF57962}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Wireless LAN Adapter-->C:\Program Files\InstallShield Installation Information\{2CBBABB1-F879-419F-924B-5EAEC67F6AE8}\setup.exe -runfromtemp -l0x0009 -removeonly
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
======Security center information======
AV: Kaspersky Internet Security (disabled) (outdated)
FW: Kaspersky Internet Security (disabled)
System event log
Computer Name: RMC-PC
Event Code: 62486
Message: Invalid parameters
Record Number: 11701
Source Name: ati2mtag
Time Written: 20090113095122.000000+060
Event Type: Informations
User:
Computer Name: RMC-PC
Event Code: 62486
Message: Invalid parameters
Record Number: 11700
Source Name: ati2mtag
Time Written: 20090113095122.000000+060
Event Type: Informations
User:
Computer Name: RMC-PC
Event Code: 62486
Message: Invalid parameters
Record Number: 11699
Source Name: ati2mtag
Time Written: 20090113095122.000000+060
Event Type: Informations
User:
Computer Name: RMC-PC
Event Code: 62486
Message: Invalid parameters
Record Number: 11698
Source Name: ati2mtag
Time Written: 20090113095122.000000+060
Event Type: Informations
User:
Computer Name: RMC-PC
Event Code: 62486
Message: Invalid parameters
Record Number: 11697
Source Name: ati2mtag
Time Written: 20090113095122.000000+060
Event Type: Informations
User:
Application event log
Computer Name: CARMEN
Event Code: 1000
Message: Application défaillante svchost.exe, version 1.1.0.0, module défaillant svchost.exe, version 1.1.0.0, adresse de défaillance 0x000095fd.
Record Number: 83
Source Name: Application Error
Time Written: 20081208102433.000000+060
Event Type: erreur
User:
Computer Name: CARMEN
Event Code: 4097
Message: L'application, C:\Windows\svchost.exe, a généré une erreur d'application
L'erreur s'est produite le 12/08/2008 à 10:24:24.796
L'exception générée était c0000005 à l'adresse 004095FD (svchost)
Record Number: 82
Source Name: DrWatson
Time Written: 20081208102424.000000+060
Event Type: Informations
User:
Computer Name: CARMEN
Event Code: 1000
Message: Application défaillante svchost.exe, version 1.1.0.0, module défaillant svchost.exe, version 1.1.0.0, adresse de défaillance 0x000095fd.
Record Number: 81
Source Name: Application Error
Time Written: 20081208102423.000000+060
Event Type: erreur
User:
Computer Name: CARMEN
Event Code: 4097
Message: L'application, C:\Windows\svchost.exe, a généré une erreur d'application
L'erreur s'est produite le 12/08/2008 à 10:24:14.531
L'exception générée était c0000005 à l'adresse 004095FD (svchost)
Record Number: 80
Source Name: DrWatson
Time Written: 20081208102414.000000+060
Event Type: Informations
User:
Computer Name: CARMEN
Event Code: 1000
Message: Application défaillante svchost.exe, version 1.1.0.0, module défaillant svchost.exe, version 1.1.0.0, adresse de défaillance 0x000095fd.
Record Number: 79
Source Name: Application Error
Time Written: 20081208102411.000000+060
Event Type: erreur
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ESTsoft\ALZip;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_REVISION"=0e0c
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------